Fixing false negative vulnerabilities on macOS Homebrew python packages. (#17709)

#17061 TODO: Need to also merge this fix into patch branch. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-06 00:45:19 +00:00 · 2024-03-19 14:12:07 -05:00 · 2024-03-19 14:12:07 -05:00 · 759003e37d
commit 759003e37d
parent 61544f4bea
3 changed files with 17 additions and 0 deletions
--- a/changes/17061-homebrew-python
+++ b/changes/17061-homebrew-python
@ -0,0 +1 @@
+Fixing false negative vulnerabilities on macOS Homebrew python packages.
--- a/server/vulnerabilities/nvd/cpe_test.go
+++ b/server/vulnerabilities/nvd/cpe_test.go
@ -1604,6 +1604,15 @@ func TestCPEFromSoftwareIntegration(t *testing.T) {
 			// DO NOT MATCH with Cisco Umbrella
 			cpe: "",
 		},
+		{
+			software: fleet.Software{
+				Name:    "python@3.9",
+				Source:  "homebrew_packages",
+				Version: "3.9.18_2",
+				Vendor:  "",
+			},
+			cpe: `cpe:2.3:a:python:python:3.9.18_2:*:*:*:*:*:*:*`,
+		},
 	}

 	// NVD_TEST_CPEDB_PATH can be used to speed up development (sync cpe.sqlite only once).
--- a/server/vulnerabilities/nvd/sanitize.go
+++ b/server/vulnerabilities/nvd/sanitize.go
@ -81,11 +81,13 @@ var langCodes = map[string]bool{
 // - Removing any extra spaces
 // - Lowercasing the name
 // - Removing parts from the bundle identifier
+// - Removing version contained in homebrew_packages name
 func sanitizeSoftwareName(s *fleet.Software) string {
 	archs := regexp.MustCompile(` \(?x64\)?|\(?64-bit\)?|\(?64bit\)?|\(?amd64\)? `)
 	ver := regexp.MustCompile(` \.?\(?(\d+\.)?(\d+\.)?(\*|\d+)\)?\s?`)
 	gen := regexp.MustCompile(` \(\w+\)\s?`)
 	comments := regexp.MustCompile(` (-|:)\s?.+`)
+	versions := regexp.MustCompile(`@\d+($|(\.\d+($|\..+)))`) // @3 or @3.9 or @3.9.18 or @3.9.18_2

 	r := strings.ToLower(s.Name)
 	r = strings.TrimSuffix(r, ".app")
@ -119,6 +121,11 @@ func sanitizeSoftwareName(s *fleet.Software) string {
 	r = strings.Replace(r, ")", " ", -1)
 	r = strings.Join(strings.Fields(r), " ")

+	// Remove @<version> from homebrew names
+	if s.Source == "homebrew_packages" {
+		r = versions.ReplaceAllString(r, "")
+	}
+
 	return r
 }
				`@ -0,0 +1 @@`
				`Fixing false negative vulnerabilities on macOS Homebrew python packages.`