fix: improved CPE-generation for several more APK packages (anchore#1631

) * fix: correct vendor for musl Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix: correct vendor for firefox and thunderbird Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix: correct vendor/product for chromium Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix: correct product for apache http server Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix: correct product for tiff Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix: correct vendor for ghostscript Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix: correct vendor for openjpeg Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix: correct vendor/product for xorg-server Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix: correct vendor for podofo Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix: correct vendor for wpa_supplicant Signed-off-by: Weston Steimel <weston.steimel@anchore.com> --------- Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
GijsCalis · Mar 1, 2023 · 2566a7c · 2566a7c
1 parent 8b82f7a
commit 2566a7c
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 0 deletions.
diff --git a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
@@ -273,6 +273,66 @@ var defaultCandidateAdditions = buildCandidateLookup(
 			candidateKey{PkgName: "libxpm"},
 			candidateAddition{AdditionalVendors: []string{"libxpm_project"}},
 		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "musl"},
+			candidateAddition{AdditionalVendors: []string{"musl-libc"}},
+		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "firefox"},
+			candidateAddition{AdditionalVendors: []string{"mozilla"}},
+		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "firefox-esr"},
+			candidateAddition{AdditionalVendors: []string{"mozilla"}},
+		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "thunderbird"},
+			candidateAddition{AdditionalVendors: []string{"mozilla"}},
+		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "chromium"},
+			candidateAddition{AdditionalVendors: []string{"google"}, AdditionalProducts: []string{"chrome"}},
+		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "apache"},
+			candidateAddition{AdditionalProducts: []string{"http_server"}},
+		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "tiff"},
+			candidateAddition{AdditionalProducts: []string{"libtiff"}},
+		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "ghostscript"},
+			candidateAddition{AdditionalVendors: []string{"artifex"}},
+		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "openjpeg"},
+			candidateAddition{AdditionalVendors: []string{"uclouvain"}},
+		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "xorg-server"},
+			candidateAddition{AdditionalVendors: []string{"x.org"}, AdditionalProducts: []string{"x_server"}},
+		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "podofo"},
+			candidateAddition{AdditionalVendors: []string{"podofo_project"}},
+		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "wpa_supplicant"},
+			candidateAddition{AdditionalVendors: []string{"w1.fi"}},
+		},
 		//
 		// Binary packages
 		{

diff --git a/syft/pkg/cataloger/common/cpe/vendors_from_url.go b/syft/pkg/cataloger/common/cpe/vendors_from_url.go
@@ -14,6 +14,10 @@ var (
 		"https://www.ruby-lang.org/":   {"ruby-lang"},
 		"https://llvm.org/":            {"llvm"},
 		"https://www.isc.org/":         {"isc"},
+		"https://musl.libc.org/":       {"musl-libc"},
+		"https://www.mozilla.org/":     {"mozilla"},
+		"https://www.x.org/":           {"x.org"},
+		"https://w1.fi/":               {"w1.fi"},
 	}
 
 	vendorExtractionPatterns = []*regexp.Regexp{