fix(cpescan): CpeVendorProductMatch not set when Redis Backend (#1273)

* fix(cpescan): CpeVendorProductMatch not set when Redis Backend * fix(integration): deprecated CPE URI * fix(integration-test): add a test case for CpeVendorProductMatch * fix review * update deps go-cve-dict v0.6.2
2021-07-19 08:43:58 +09:00
parent f0b3a8b1db
commit 543dc99ecd
7 changed files with 27 additions and 149 deletions
--- a/detector/detector.go
+++ b/detector/detector.go
@@ -419,10 +419,11 @@ func DetectCpeURIsCves(r *models.ScanResult, cpeURIs []string, cnf config.GoCveD
 		if err != nil {
 			return err
 		}
-		for _, detail := range details {

+		for _, detail := range details {
 			confidence := models.CpeVersionMatch
-			if detail.IsJvn() {
+			if detail.HasJvn() && !detail.HasNvd() {
+				// In the case of CpeVendorProduct-match, only the JVN is set(Nvd is not set).
 				confidence = models.CpeVendorProductMatch
 			}