CPE fuzzy matching fails when strings contain valid escaped colons #4158
Assignees
Labels
defect
Something isn't working
good first issue
Good for newcomers
hacktoberfest
Issues eligible for Hacktoberfest contributions
p2
Non-critical bugs, and features that help organizations to identify and reduce risk
size/S
Small effort
Comments
nscuro
added
defect
|
Hi @andrewjmaguire . I would love to contribute to this. Can you please assign it to me? |
|
@dipeshsingh253, the issue is now assigned to you. Happy Hacktoberfest! |
|
Hi @andrewjmaguire , how can I reproduce this error locally? |
|
Create an SBOM, with the following cpe value: "cpe" : "cpe:2.3:a:sys\:\:hostname_product:sys\:\:hostname:1.23:::::::*", |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current Behavior
I am using the docker-compose script to run a local latest Dependency
Track.
I am using CPAN Perl modules where their CPE string requires escaped
colons in some of the fields, e.g.
cpe:2.3:a:xml::libxml_project:xml::libxml:2.0134:::::perl::
But in Dependency track with all fuzzy CPE matching enabled, the
following error appears in the logs:
track-apiserver_1 |
org.apache.lucene.queryparser.classic.ParseException: Cannot parse
'product:xml::libxml~0.88 AND
cpe23:/cpe:2.3:a:.:.:.:.:.:.:.:.
:.:./': Encountered " ":" ": "" at line 1, column 11.
Proposed Behavior
Handle CPE strings that contain escaped characters especially escaped colons :
Perhaps a regexp is not the best thing to use for fuzzy matching
the parts of a CPE string?
Checklist
The text was updated successfully, but these errors were encountered: