From 81d8019207ccc7dc44462b7c95bb973dbd82e07c Mon Sep 17 00:00:00 2001 From: Dan Luhring Date: Thu, 6 Jul 2023 16:12:55 -0400 Subject: [PATCH] Remove erroneous Java CPEs from generation (#1918) Signed-off-by: Dan Luhring --- .../common/cpe/candidate_by_package_type.go | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go index 5481108f8..875b6dad0 100644 --- a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go +++ b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go @@ -377,6 +377,90 @@ var defaultCandidateRemovals = buildCandidateRemovalLookup( candidateKey{PkgName: "docker"}, candidateRemovals{VendorsToRemove: []string{"docker"}}, }, + // Java packages + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-builder-support"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-model"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-repository-metadata"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-settings"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-settings-builder"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-resolver-api"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-resolver-connector-basic"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-resolver-impl"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-resolver-named-locks"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-resolver-spi"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-resolver-transport-file"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-resolver-transport-http"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-resolver-transport-wagon"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-resolver-util"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "maven-shared-utils"}, + candidateRemovals{ProductsToRemove: []string{"maven"}}, + }, + { + pkg.JavaPkg, + candidateKey{PkgName: "gradle-enterprise"}, + candidateRemovals{ + ProductsToRemove: []string{"gradle-enterprise"}, + VendorsToRemove: []string{"gradle"}, + }, + }, }) // buildCandidateLookup is a convenience function for creating the defaultCandidateAdditions set