From 52410a33281818097528c64ab3c5d0b0ff3e3429 Mon Sep 17 00:00:00 2001 From: Ian Littman Date: Fri, 17 Oct 2025 16:09:14 -0500 Subject: [PATCH] Add CPE translations to map various software where name/bundle ID based matching doesn't work (#34233) Fixes #34282. Must be QA'd on-branch so split from the software name cleanup PR for #34159. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [x] Added/updated automated tests --------- Co-authored-by: Scott Gress --- server/vulnerabilities/nvd/cpe_test.go | 49 +++++++++++++++++++ .../vulnerabilities/nvd/cpe_translations.json | 30 ++++++++++++ 2 files changed, 79 insertions(+) diff --git a/server/vulnerabilities/nvd/cpe_test.go b/server/vulnerabilities/nvd/cpe_test.go index 09d5849eea..12c3b7ae81 100644 --- a/server/vulnerabilities/nvd/cpe_test.go +++ b/server/vulnerabilities/nvd/cpe_test.go @@ -494,6 +494,55 @@ func TestCPEFromSoftwareIntegration(t *testing.T) { software fleet.Software cpe string }{ + // This should work but there are no CPE entries in the database despite CVE-2024-25659 existing, using + // the following cpe_translations changes: + /* + { + "software": { + "bundle_identifier": ["/^TNMS_/"], + "source": ["apps"] + }, + "filter": { + "product": ["nokia"], + "vendor": ["transcend_network_management_system"] + } + }, + */ + /*{ + software: fleet.Software{ + Name: "TNMS", + BundleIdentifier: "TNMS_19.10.3", + Source: "apps", + Version: "19.10.3", + }, + cpe: "cpe:2.3:a:nokia:transcend_network_management_system:19.10.3:*:*:*:*:macos:*:*", + },*/ + { + software: fleet.Software{ + Name: "Oracle SQLDeveloper", + BundleIdentifier: "com.oracle.SQLDeveloper", + Source: "apps", + Version: "24.3.1", + }, + cpe: "cpe:2.3:a:oracle:sql_developer:24.3.1:*:*:*:*:macos:*:*", + }, + { + software: fleet.Software{ + Name: "Poly Lens Desktop", + BundleIdentifier: "com.poly.lens.legacyhost.app", + Source: "apps", + }, + cpe: "cpe:2.3:a:poly:lens:*:*:*:*:*:macos:*:*", + }, + { + software: fleet.Software{ + Name: "BlueStacksMIM", + BundleIdentifier: "com.now.gg.BlueStacksMIM", + Source: "apps", + Version: "4.100.1", + }, + cpe: "cpe:2.3:a:bluestacks:bluestacks:4.100.1:*:*:*:*:macos:*:*", + }, { software: fleet.Software{ Name: "Adobe Acrobat Reader DC.app", diff --git a/server/vulnerabilities/nvd/cpe_translations.json b/server/vulnerabilities/nvd/cpe_translations.json index 31d8e4c528..2b55b4df79 100644 --- a/server/vulnerabilities/nvd/cpe_translations.json +++ b/server/vulnerabilities/nvd/cpe_translations.json @@ -519,6 +519,16 @@ "vendor": ["snyk"] } }, + { + "software": { + "bundle_identifier": ["com.now.gg.BlueStacksMIM"], + "source": ["apps"] + }, + "filter": { + "product": ["bluestacks"], + "vendor": ["bluestacks"] + } + }, { "software": { "name": ["sourcegraph.cody-ai"], @@ -539,6 +549,26 @@ "vendor": ["github"] } }, + { + "software": { + "bundle_identifier": ["com.oracle.SQLDeveloper"], + "source": ["apps"] + }, + "filter": { + "product": ["sql_developer"], + "vendor": ["oracle"] + } + }, + { + "software": { + "bundle_identifier": ["com.poly.lens.legacyhost.app"], + "source": ["apps"] + }, + "filter": { + "product": ["lens"], + "vendor": ["poly"] + } + }, { "software": { "name": ["Microsoft Edge"],