Add CPE translations to map various software where name/bundle ID based matching doesn't work (#34233)

Fixes #34282. Must be QA'd on-branch so split from the software name cleanup PR for #34159. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [x] Added/updated automated tests --------- Co-authored-by: Scott Gress <scott@fleetdm.com>
2026-05-24 01:18:42 +00:00 · 2025-10-17 16:09:14 -05:00 · 2025-10-17 16:09:14 -05:00 · 52410a3328
commit 52410a3328
parent d9cedcba8d
2 changed files with 79 additions and 0 deletions
--- a/server/vulnerabilities/nvd/cpe_test.go
+++ b/server/vulnerabilities/nvd/cpe_test.go
@ -494,6 +494,55 @@ func TestCPEFromSoftwareIntegration(t *testing.T) {
 		software fleet.Software
 		cpe      string
 	}{
+		// This should work but there are no CPE entries in the database despite CVE-2024-25659 existing, using
+		// the following cpe_translations changes:
+		/*
+		  {
+		    "software": {
+		      "bundle_identifier": ["/^TNMS_/"],
+		      "source": ["apps"]
+		    },
+		    "filter": {
+		      "product": ["nokia"],
+		      "vendor": ["transcend_network_management_system"]
+		    }
+		  },
+		*/
+		/*{
+			software: fleet.Software{
+				Name:             "TNMS",
+				BundleIdentifier: "TNMS_19.10.3",
+				Source:           "apps",
+				Version:          "19.10.3",
+			},
+			cpe: "cpe:2.3:a:nokia:transcend_network_management_system:19.10.3:*:*:*:*:macos:*:*",
+		},*/
+		{
+			software: fleet.Software{
+				Name:             "Oracle SQLDeveloper",
+				BundleIdentifier: "com.oracle.SQLDeveloper",
+				Source:           "apps",
+				Version:          "24.3.1",
+			},
+			cpe: "cpe:2.3:a:oracle:sql_developer:24.3.1:*:*:*:*:macos:*:*",
+		},
+		{
+			software: fleet.Software{
+				Name:             "Poly Lens Desktop",
+				BundleIdentifier: "com.poly.lens.legacyhost.app",
+				Source:           "apps",
+			},
+			cpe: "cpe:2.3:a:poly:lens:*:*:*:*:*:macos:*:*",
+		},
+		{
+			software: fleet.Software{
+				Name:             "BlueStacksMIM",
+				BundleIdentifier: "com.now.gg.BlueStacksMIM",
+				Source:           "apps",
+				Version:          "4.100.1",
+			},
+			cpe: "cpe:2.3:a:bluestacks:bluestacks:4.100.1:*:*:*:*:macos:*:*",
+		},
 		{
 			software: fleet.Software{
 				Name:             "Adobe Acrobat Reader DC.app",
--- a/server/vulnerabilities/nvd/cpe_translations.json
+++ b/server/vulnerabilities/nvd/cpe_translations.json
@ -519,6 +519,16 @@
      "vendor": ["snyk"]
    }
  },
+  {
+    "software": {
+      "bundle_identifier": ["com.now.gg.BlueStacksMIM"],
+      "source": ["apps"]
+    },
+    "filter": {
+      "product": ["bluestacks"],
+      "vendor": ["bluestacks"]
+    }
+  },
  {
    "software": {
      "name": ["sourcegraph.cody-ai"],
@ -539,6 +549,26 @@
      "vendor": ["github"]
    }
  },
+  {
+    "software": {
+      "bundle_identifier": ["com.oracle.SQLDeveloper"],
+      "source": ["apps"]
+    },
+    "filter": {
+      "product": ["sql_developer"],
+      "vendor": ["oracle"]
+    }
+  },
+  {
+    "software": {
+      "bundle_identifier": ["com.poly.lens.legacyhost.app"],
+      "source": ["apps"]
+    },
+    "filter": {
+      "product": ["lens"],
+      "vendor": ["poly"]
+    }
+  },
  {
    "software": {
      "name": ["Microsoft Edge"],