Fix CPE matching for python3-prefixed packages on Ubuntu/Debian#48599
Fix CPE matching for python3-prefixed packages on Ubuntu/Debian#48599sharon-fdm wants to merge 1 commit into
Conversation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CI Feedback 🧐A test triggered by this PR failed. Here is an AI-generated analysis of the failure:
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #48599 +/- ##
==========================================
+ Coverage 67.99% 68.01% +0.01%
==========================================
Files 3678 3678
Lines 233668 233760 +92
Branches 12453 12453
==========================================
+ Hits 158894 158984 +90
- Misses 60469 60474 +5
+ Partials 14305 14302 -3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Closes #43328
Summary
pythonPackageFilterin osquery.go prependspython3-to Python package names (e.g.,geopandasbecomespython3-geopandas) to match OVAL definitionsgeopandas, notpython3-geopandas), so CPE matching fails and no vulnerabilities are reportedpython3-prefix insanitizeSoftwareName()forpython_packagessource before CPE lookupHow I reproduced
Used the
nvdvulntool to simulate CPE matching:Before fix (on main branch):
After fix:
Also verified with
python3-django(version 3.2.12) - correctly finds CVE-2024-24680 and 13 other CVEs.How I tested
sanitizeSoftwareNameandproductVariationscovering:python3-geopandas(source:python_packages) -> strips togeopandaspython3-django(source:python_packages) -> strips todjangorequests(source:python_packages, no prefix) -> unchangedpython3-geopandas(source:deb_packages) -> NOT stripped (only affectspython_packagessource)nvdvulntool for both packages from the issue, confirmed CPE match and CVE detection🤖 Generated with Claude Code