Issue 3901 match target sw (#3982)

* Allow to search with target_sw with a period

* Remove tests for a different thign

* Add a test for programs as a source as well

* Use MATCH again and add proper tests

changes/issue-3901-match-target-sw

@@ -0,0 +1 @@
+* Properly match target_sw when looking for vulnerabilities within npm packages

server/vulnerabilities/cpe.go

@@ -159,10 +159,10 @@ func CPEFromSoftware(db *sqlx.DB, software *fleet.Software) (string, error) {
 	case "portage_packages":
 	case "rpm_packages":
 	case "npm_packages":
-		targetSW = "node.js"
+		targetSW = `"node.js"`
 	case "atom_packages":
 	case "programs":
-		targetSW = "windows*"
+		targetSW = `"windows*"`
 	case "ie_extensions":
 	case "chocolatey_packages":
 	}

server/vulnerabilities/cpe_test.go

@@ -87,6 +87,14 @@ func TestSyncCPEDatabase(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, "cpe:2.3:a:1password:1password:7.2.3:beta0:*:*:*:macos:*:*", cpe)
 
+	npmCPE, err := CPEFromSoftware(db, &fleet.Software{Name: "Adaltas Mixme 0.4.0 for Node.js", Version: "0.4.0", Source: "npm_packages"})
+	require.NoError(t, err)
+	assert.Equal(t, "cpe:2.3:a:adaltas:mixme:0.4.0:*:*:*:*:node.js:*:*", npmCPE)
+
+	windowsCPE, err := CPEFromSoftware(db, &fleet.Software{Name: "HP Storage Data Protector 8.0 for Windows 8", Version: "8.0", Source: "programs"})
+	require.NoError(t, err)
+	assert.Equal(t, "cpe:2.3:a:hp:storage_data_protector:8.0:-:*:*:*:windows_7:*:*", windowsCPE)
+
 	// but now we truncate to make sure searching for cpe fails
 	err = os.Truncate(dbPath, 0)
 	require.NoError(t, err)