From 5cc5e527e513f9506c403d05b847c453ff4bb199 Mon Sep 17 00:00:00 2001
From: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Date: Mon, 15 Jul 2024 12:47:10 -0500
Subject: [PATCH] Fixing Homebrew intellij/pycharm CE false negative. (#20461)

#19853
Fixing Homebrew intellij/pycharm CE false negative.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---
 changes/19853-homebrew-intellij               |  1 +
 server/vulnerabilities/nvd/cpe_test.go        | 10 ++++++++++
 .../vulnerabilities/nvd/cpe_translations.json | 20 +++++++++++++++++++
 3 files changed, 31 insertions(+)
 create mode 100644 changes/19853-homebrew-intellij

diff --git a/changes/19853-homebrew-intellij b/changes/19853-homebrew-intellij
new file mode 100644
index 0000000000..713d4ae142
--- /dev/null
+++ b/changes/19853-homebrew-intellij
@@ -0,0 +1 @@
+Fixed false negative vulnerabilities with IntelliJ IDEA CE and PyCharm CE installed via Homebrew.
diff --git a/server/vulnerabilities/nvd/cpe_test.go b/server/vulnerabilities/nvd/cpe_test.go
index 22778b4a71..dc2f598fa8 100644
--- a/server/vulnerabilities/nvd/cpe_test.go
+++ b/server/vulnerabilities/nvd/cpe_test.go
@@ -1334,6 +1334,16 @@ func TestCPEFromSoftwareIntegration(t *testing.T) {
 			},
 			cpe: "cpe:2.3:a:jetbrains:intellij_idea:2022.3.3:*:*:*:*:macos:*:*",
 		},
+		{
+			software: fleet.Software{
+				Name:             "intellij-idea-ce",
+				Source:           "homebrew_packages",
+				Version:          "2023.3.2,233.13135.103",
+				Vendor:           "",
+				BundleIdentifier: "",
+			},
+			cpe: "cpe:2.3:a:jetbrains:intellij_idea:2023.3.2.233.13135.103:*:*:*:*:*:*:*",
+		},
 		{
 			software: fleet.Software{
 				Name:             "User PyCharm Custom Name.app", // 2023/10/31: The actual product name must be part of the app name per our code in CPEFromSoftware
diff --git a/server/vulnerabilities/nvd/cpe_translations.json b/server/vulnerabilities/nvd/cpe_translations.json
index a1f48dd63c..73d64cd787 100644
--- a/server/vulnerabilities/nvd/cpe_translations.json
+++ b/server/vulnerabilities/nvd/cpe_translations.json
@@ -130,6 +130,16 @@
       "vendor": ["jetbrains"]
     }
   },
+  {
+    "software": {
+      "name": ["/^intellij-idea(-ce)?$/"],
+      "source": ["homebrew_packages"]
+    },
+    "filter": {
+      "product": ["intellij_idea"],
+      "vendor": ["jetbrains"]
+    }
+  },
   {
     "software": {
       "bundle_identifier": ["/^com\\.jetbrains\\.pycharm/"],
@@ -140,6 +150,16 @@
       "vendor": ["jetbrains"]
     }
   },
+  {
+    "software": {
+      "name": ["/^pycharm(-ce)?$/"],
+      "source": ["homebrew_packages"]
+    },
+    "filter": {
+      "product": ["pycharm"],
+      "vendor": ["jetbrains"]
+    }
+  },
   {
     "software": {
       "name": ["ms-python.python"],