Support denylisting by Vendor, and denylist netapp after three differ…

…ent product strikes (#1706) Support denylisting by vendor, regardless of product, and denylist netapp, a third product has caused misattribution. Denylist `netapp:cloud_backup`, causes misattribution to OpenSSH
google · Oct 9, 2023 · 67c86ea · 67c86ea
1 parent bc6fe55
commit 67c86ea
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/vulnfeeds/cpp/main.go b/vulnfeeds/cpp/main.go
@@ -84,9 +84,13 @@ var RefTagDenyList = []string{
 // cross-contamination of repo derivation between CVEs.
 var VendorProductDenyList = []VendorProduct{
 	// Causes a chain reaction of incorrect associations from CVE-2022-2068
-	{"netapp", "ontap_select_deploy_administration_utility"},
+	// {"netapp", "ontap_select_deploy_administration_utility"},
 	// Causes misattribution for Python, e.g. CVE-2022-26488
-	{"netapp", "active_iq_unified_manager"},
+	// {"netapp", "active_iq_unified_manager"},
+	// Causes misattribution for OpenSSH, e.g. CVE-2021-28375
+	// {"netapp", "cloud_backup"},
+	// Three strikes and the entire netapp vendor is out...
+	{"netapp", ""},
 }
 
 // Looks at what the repo to determine if it contains code using an in-scope language
@@ -532,6 +536,9 @@ func main() {
 				if CPE.Part != "a" {
 					continue
 				}
+				if slices.Contains(VendorProductDenyList, VendorProduct{CPE.Vendor, ""}) {
+					continue
+				}
 				if slices.Contains(VendorProductDenyList, VendorProduct{CPE.Vendor, CPE.Product}) {
 					continue
 				}