Lucas Manuel Rodriguez ae6c387059 Fix false positive vulnerabilities on Chrome and Firefox extensions (#14791) ... - Fix many vulnerability false positives on Chrome and Firefox extensions. This is related to #11924 and also related to the following 5 false positives found in dogfood around Chrome extensions. - Reduced `TestTranslateCPEToCVE` run time considerably: ``` --- PASS: TestTranslateCPEToCVE (8.59s) --- PASS: TestTranslateCPEToCVE/find_vulns_on_cpes (38.45s) --- PASS: TestTranslateCPEToCVE/recent_vulns (62.03s) vs. === RUN TestTranslateCPEToCVE/recent_vulns === NAME TestTranslateCPEToCVE nettest.go:36: network test done: TestTranslateCPEToCVE --- PASS: TestTranslateCPEToCVE (269.86s) --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️1password:1password:3.9.9:*:*:*:*:macos:*:* (31.31s) --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️1password:1password:3.9.9:*:*:*:*:*:*:* (29.00s) --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️pypa:pip:9.0.3:*:*:*:*:python:*:* (52.59s) --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️mozilla:firefox:93.0:*:*:*:*:windows:*:* (34.29s) --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️mozilla:firefox:93.0.100:*:*:*:*:windows:*:* (28.17s) --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️apple:icloud:1.0:*:*:*:*:macos:*:* (28.44s) --- PASS: TestTranslateCPEToCVE/recent_vulns (56.95s) ```     <img width="868" alt="Screenshot 2023-10-30 at 10 21 42" src="https://github.com/fleetdm/fleet/assets/2073526/284a2373-09bc-44f7-952b-1e53650232ff"> - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes (docs/Using Fleet/manage-access.md)~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~		2023-11-01 09:26:26 -03:00
..
api	DevX: Seed Observer+ role (#12895)	2023-08-02 11:06:56 -04:00
app	Fix SSO paths to always use /v1/ instead of /latest/ (#5246)	2022-04-20 12:46:45 -04:00
backup_db	Fix ingestion of MDM server for macOS and Windows hosts (#9133)	2023-01-04 10:29:48 -03:00
blackhat-mdm	Update README for Black Hat talk (#13258)	2023-08-09 13:23:27 -07:00
bomutils-docker	Pin image SHA in Dockerfiles (#10205)	2023-03-01 11:37:00 -08:00
ci	Add a static check for misuse of ds.writer/ds.reader when inside a transaction (#8621)	2022-11-15 08:29:54 -05:00
dbutils	chore: remove refs to deprecated io/ioutil (#14485)	2023-10-27 15:28:54 -03:00
desktop	chore: remove refs to deprecated io/ioutil (#14485)	2023-10-27 15:28:54 -03:00
file-server	Fix deprecated virtual runner and golangci-lint deprecated checkers (#7716)	2022-09-13 10:48:21 -03:00
fleet-docker	Drew bakerfdm remove email mentions (#8641)	2022-11-10 11:59:08 -05:00
fleetctl-docker	Testing a fix for fleet ci packaging (#12610)	2023-07-27 16:00:51 -07:00
fleetctl-npm	Prepare v4.39.0 (#14647)	2023-10-26 15:07:58 -05:00
inspect-cert	chore: remove refs to deprecated io/ioutil (#14485)	2023-10-27 15:28:54 -03:00
installerstore	Enable errcheck linter for golangci-lint (#8899)	2022-12-05 16:50:49 -06:00
jira-integration	Feature 10196: Add filepath to end-points and third party integrations (#11285)	2023-05-17 16:53:15 -04:00
kubequery	Update README.md (#12665)	2023-07-08 04:27:46 -05:00
loadtest	Added Linux instructions for running fleetd extension. (#14770)	2023-10-27 12:00:26 -05:00
mailpit	Fix SMTP e-mail send when SMTP server has credentials (#10758)	2023-03-28 15:23:15 -03:00
mdm	chore: remove refs to deprecated io/ioutil (#14485)	2023-10-27 15:28:54 -03:00
mysql-replica-testing	Turn mysql event scheduler off (#6640)	2022-07-13 13:50:58 -03:00
nvdvuln	Fix false positive vulnerabilities on Chrome and Firefox extensions (#14791)	2023-11-01 09:26:26 -03:00
osquery	update file carver block size and various MySQL references (#9625)	2023-02-02 01:01:34 -05:00
osquery-agent-options	Add support for missing OS-specific osquery flags in agent options (#8743)	2022-11-21 10:32:17 -05:00
osquery-testing	updated osquery testing files (#8940)	2022-12-08 13:28:36 -08:00
redis-stress	Add redis stress (#3363)	2022-01-20 16:18:17 -03:00
redis-tests	Bump go to 1.19.1 (#7690)	2022-09-12 20:32:43 -03:00
run-scripts	Implement script execution on the fleetd agent (disabled by default) (#13569)	2023-08-30 14:02:44 -04:00
saml	Accept and ignore SSO role attributes with null value (#11959)	2023-05-30 16:57:03 -03:00
team-builder	Add team builder script (#10086)	2023-05-03 09:55:14 -07:00
telemetry	add services to inspect traces and monitor a local server (#8597)	2022-11-21 10:50:10 -03:00
test_extensions/hello_world	Fix extension delivery bug fix Windows extension paths to .ext.ext (#13986)	2023-09-22 05:17:27 -03:00
test-orbit-mtls	Add mTLS support to fleetd (#11319)	2023-04-27 08:44:39 -03:00
testdata	Add fixtures for software and vulnerabilities end-to-end tests (#6337)	2022-06-23 10:01:37 -05:00
tuf	Fix extension delivery bug fix Windows extension paths to .ext.ext (#13986)	2023-09-22 05:17:27 -03:00
windows-mdm-enroll	Implement Windows MDM programmatic unenrollment (notification + orbit trigger) (#12505)	2023-06-28 09:13:37 -04:00
wix-docker	Pin image SHA in Dockerfiles (#10205)	2023-03-01 11:37:00 -08:00
zendesk-integration	Feature 10196: Add filepath to end-points and third party integrations (#11285)	2023-05-17 16:53:15 -04:00