add CVE-2013-0340 to ignore list (#13942)

2024-11-06 17:05:18 +00:00 · 2023-09-15 16:38:33 -06:00 · 2023-09-15 16:38:33 -06:00 · 0bde133831
commit 0bde133831
parent d38159efd6
3 changed files with 14 additions and 0 deletions
--- a/changes/11926-python-vuln-false-positive
+++ b/changes/11926-python-vuln-false-positive
@ -0,0 +1 @@
+- CVE-2013-0340 no longer reports as a valid vulnerability due to NVD recommendations
--- a/server/vulnerabilities/nvd/cpe_matching_rule_test.go
+++ b/server/vulnerabilities/nvd/cpe_matching_rule_test.go
@ -255,4 +255,10 @@ func TestGetKnownNVDBugRules(t *testing.T) {
 	require.True(t, ok)
 	ok = rule.CPEMatches(cpeMeta)
 	require.False(t, ok)
+
+	// Test that CVE-2013-0340 never matches (i.e. is ignored).
+	rule, ok = cpeMatchingRules.FindMatch("CVE-2013-0340")
+	require.True(t, ok)
+	ok = rule.CPEMatches(cpeMeta)
+	require.False(t, ok)
 }
--- a/server/vulnerabilities/nvd/cpe_matching_rules.go
+++ b/server/vulnerabilities/nvd/cpe_matching_rules.go
@ -140,6 +140,13 @@ func GetKnownNVDBugRules() (CPEMatchingRules, error) {
 				"CVE-2020-10146": {},
 			},
 		},
+		// #9835 Python expat 2.1.0 CVE recommends rejecting the report, no CVSS score, broad CPE criteria
+		CPEMatchingRule{
+			IgnoreAll: true,
+			CVEs: map[string]struct{}{
+				"CVE-2013-0340": {},
+			},
+		},
 	}

 	for i, rule := range rules {
				`@ -0,0 +1 @@`
				`- CVE-2013-0340 no longer reports as a valid vulnerability due to NVD recommendations`