From 56ed2727b5a67992b79614a1500f80e8c3b1844a Mon Sep 17 00:00:00 2001
From: Juan Fernandez <juan-fdz-hawa@users.noreply.github.com>
Date: Thu, 9 Mar 2023 17:46:57 -0400
Subject: [PATCH] Updated translation rules so that Docker Desktop can be
 mapped to the proper CPE (#10326)

Updated translation rules so that Docker Desktop can be mapped to the proper CPE.
---
 .../8186-fix-bug-with-docker-false-positive   |  1 +
 server/vulnerabilities/nvd/cpe_test.go        | 32 +++++++++++++++++++
 .../vulnerabilities/nvd/cpe_translations.json | 21 ++++++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 changes/8186-fix-bug-with-docker-false-positive

diff --git a/changes/8186-fix-bug-with-docker-false-positive b/changes/8186-fix-bug-with-docker-false-positive
new file mode 100644
index 0000000000..4dce607e8a
--- /dev/null
+++ b/changes/8186-fix-bug-with-docker-false-positive
@@ -0,0 +1 @@
+Updated translation rules so that Docker Desktop can be mapped to the correct CPE.
\ No newline at end of file
diff --git a/server/vulnerabilities/nvd/cpe_test.go b/server/vulnerabilities/nvd/cpe_test.go
index b03d06bf89..4f7dc1ef1d 100644
--- a/server/vulnerabilities/nvd/cpe_test.go
+++ b/server/vulnerabilities/nvd/cpe_test.go
@@ -1141,6 +1141,38 @@ func TestCPEFromSoftwareIntegration(t *testing.T) {
 				BundleIdentifier: "com.microsoft.Excel",
 			}, cpe: "",
 		},
+		{
+			software: fleet.Software{
+				Name:             "Docker.app",
+				Source:           "apps",
+				Version:          "4.7.1",
+				BundleIdentifier: "com.docker.docker",
+			}, cpe: "cpe:2.3:a:docker:docker_desktop:4.7.1:*:*:*:*:macos:*:*",
+		},
+		{
+			software: fleet.Software{
+				Name:             "Docker Desktop.app",
+				Source:           "apps",
+				Version:          "4.16.2",
+				BundleIdentifier: "com.electron.dockerdesktop",
+			}, cpe: "cpe:2.3:a:docker:docker_desktop:4.16.2:*:*:*:*:macos:*:*",
+		},
+		{
+			software: fleet.Software{
+				Name:             "Docker Desktop.app",
+				Source:           "apps",
+				Version:          "3.5.0",
+				BundleIdentifier: "com.electron.docker-frontend",
+			}, cpe: "cpe:2.3:a:docker:docker_desktop:3.5.0:*:*:*:*:macos:*:*",
+		},
+		// 2023-03-06: there are no entries for the docker python package at the NVD dataset.
+		{
+			software: fleet.Software{
+				Name:    "docker",
+				Source:  "python_packages",
+				Version: "6.0.1",
+			}, cpe: "",
+		},
 	}
 
 	tempDir := t.TempDir()
diff --git a/server/vulnerabilities/nvd/cpe_translations.json b/server/vulnerabilities/nvd/cpe_translations.json
index a0923f3601..59f75faded 100644
--- a/server/vulnerabilities/nvd/cpe_translations.json
+++ b/server/vulnerabilities/nvd/cpe_translations.json
@@ -79,5 +79,26 @@
     "filter": {
       "skip": true
     }
+  },
+  {
+    "software": {
+      "bundle_identifier": [
+        "/(?i)(com\\.docker\\.docker|com\\.electron\\.dockerdesktop|com\\.electron\\.docker-frontend)/"
+      ],
+      "source": ["apps"]
+    },
+    "filter": {
+      "product": ["docker_desktop"],
+      "vendor": ["docker"]
+    }
+  },
+  {
+    "software": {
+      "name": ["docker"],
+      "source": ["python_packages"]
+    },
+    "filter": {
+      "skip": true
+    }
   }
 ]