[BUG] inconsistent CVE matching depending on regexes count #1583
Assignees
Labels
Comments
|
The following diff seems to fix the matching in the first scenario: --- a/require/cve/Cve.php
+++ b/require/cve/Cve.php
@@ -268,8 +268,13 @@ private function match($values) {
if(!empty($regs)) {
foreach($regs as $key => $reg) {
- if(count($regs) == 1) {
- $reg_publish = true;
- $reg_name = true;
- } else {
- $reg_publish = $this->stringMatchWithWildcard(trim($values['VENDOR']), $reg['NAME_REG']);
- $reg_name = $this->stringMatchWithWildcard(trim($values['NAME']), $reg['NAME_REG']);
- }
+ $reg_publish = $this->stringMatchWithWildcard(trim($values['VENDOR']), $reg['NAME_REG']);
+ $reg_name = $this->stringMatchWithWildcard(trim($values['NAME']), $reg['NAME_REG']);
if($reg_name || $reg_publish) {
if($reg['NAME_RESULT'] != "") {But it may not be the correct approach. PS : pas de problème pour échanger en français si vous le souhaitez :) |
c0bw3b
changed the title
|
Bonjour @c0bw3b , Merci pour votre retour. Je vous tiendrai au courant de lorsque ça sera disponible :) Cordialement, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
OCS Inventory version
Version : server OCS Reports 2.12.0
Describe the bug
Matching CVEs with software inventory behaves differently according to the number of regexes defined.
To Reproduce
Defining the following single regex...:
... will match
apr(as in Apache APR) software name and associate HAProxy CVEs to machines whose software inventory contains Apache APR.Now if we define these two regexes:
Then HAProxy CVEs won't be associated to Apache APR anymore.
It seems this problem comes from this test in
cve.php.I dont understand the logic or necessity of this test coming from #1137 by @charleneauger
In the first scenario wildcards will be ignored because
stringMatchWithWildcardisn't called.Expected behavior
Correct CPEs <> CVEs matching regardless of the number of regexes defined.
The text was updated successfully, but these errors were encountered: