feat: index known CPEs for wordpress plugins and themes

Signed-off-by: Weston Steimel <commits@weston.slmail.me>

syft/pkg/cataloger/internal/cpegenerate/dictionary/index-generator/generate.go

@@ -102,20 +102,29 @@ func normalizeCPE(cpe *wfn.Attributes) *wfn.Attributes {
 }
 
 const (
-	prefixForNPMPackages          = "https://www.npmjs.com/package/"
+	prefixForNPMPackages                   = "https://www.npmjs.com/package/"
-	prefixForRubyGems             = "https://rubygems.org/gems/"
+	prefixForRubyGems                      = "https://rubygems.org/gems/"
-	prefixForRubyGemsHTTP         = "http://rubygems.org/gems/"
+	prefixForRubyGemsHTTP                  = "http://rubygems.org/gems/"
-	prefixForNativeRubyGems       = "https://github.com/ruby/"
+	prefixForNativeRubyGems                = "https://github.com/ruby/"
-	prefixForPyPIPackages         = "https://pypi.org/project/"
+	prefixForPyPIPackages                  = "https://pypi.org/project/"
-	prefixForJenkinsPlugins       = "https://plugins.jenkins.io/"
+	prefixForJenkinsPlugins                = "https://plugins.jenkins.io/"
-	prefixForJenkinsPluginsGitHub = "https://github.com/jenkinsci/"
+	prefixForJenkinsPluginsGitHub          = "https://github.com/jenkinsci/"
-	prefixForRustCrates           = "https://crates.io/crates/"
+	prefixForRustCrates                    = "https://crates.io/crates/"
-	prefixForPHPPear              = "https://pear.php.net/"
+	prefixForPHPPear                       = "https://pear.php.net/"
-	prefixForPHPPearHTTP          = "http://pear.php.net/"
+	prefixForPHPPearHTTP                   = "http://pear.php.net/"
-	prefixForPHPPecl              = "https://pecl.php.net/"
+	prefixForPHPPecl                       = "https://pecl.php.net/"
-	prefixForPHPPeclHTTP          = "http://pecl.php.net/"
+	prefixForPHPPeclHTTP                   = "http://pecl.php.net/"
-	prefixForPHPComposer          = "https://packagist.org/packages/"
+	prefixForPHPComposer                   = "https://packagist.org/packages/"
-	prefixForGoModules            = "https://pkg.go.dev/"
+	prefixForGoModules                     = "https://pkg.go.dev/"
+	prefixForWordpressPlugins              = "https://wordpress.org/plugins/"
+	prefixForWordpressPluginsTracBrowser   = "https://plugins.trac.wordpress.org/browser/"
+	prefixForWordpressPluginsTracLog       = "https://plugins.trac.wordpress.org/log/"
+	prefixForWordpressPluginsGitHubArchive = "https://github.com/wp-plugins/"
+	prefixForWordpressPluginsWordfence     = "https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/"
+	prefixForWordpressThemes               = "https://wordpress.org/themes/"
+	prefixForWordpressThemesTracBrowser    = "https://themes.trac.wordpress.org/browser/"
+	prefixForWordpressThemesTracLog        = "https://themes.trac.wordpress.org/log/"
+	prefixForWordpressThemesWordfence      = "https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/"
 )
 
 // indexCPEList creates an index of CPEs by ecosystem.
@@ -164,6 +173,13 @@ func indexCPEList(list CpeList) *dictionary.Indexed {
 
 			case strings.HasPrefix(ref, prefixForGoModules):
 				addEntryForGoModulePackage(indexed, ref, cpeItemName)
+
+			case strings.HasPrefix(ref, prefixForWordpressPlugins), strings.HasPrefix(ref, prefixForWordpressPluginsTracBrowser), strings.HasPrefix(ref, prefixForWordpressPluginsTracLog), strings.HasPrefix(ref, prefixForWordpressPluginsGitHubArchive), strings.HasPrefix(ref, prefixForWordpressPluginsWordfence):
+				addEntryForWordpressPlugin(indexed, ref, cpeItemName)
+
+			case strings.HasPrefix(ref, prefixForWordpressThemes), strings.HasPrefix(ref, prefixForWordpressThemesTracBrowser), strings.HasPrefix(ref, prefixForWordpressThemesTracLog), strings.HasPrefix(ref, prefixForWordpressThemesWordfence):
+				addEntryForWordpressTheme(indexed, ref, cpeItemName)
+
 			}
 		}
 	}
@@ -183,6 +199,37 @@ func updateIndex(indexed *dictionary.Indexed, ecosystem string, pkgName string,
 	indexed.EcosystemPackages[ecosystem][pkgName].Add(cpe)
 }
 
+func addEntryForWordpressPlugin(indexed *dictionary.Indexed, ref string, cpeItemName string) {
+	// Prune off the non-package-name parts of the URL
+	ref = strings.TrimPrefix(ref, prefixForWordpressPlugins)
+	ref = strings.TrimPrefix(ref, prefixForWordpressPluginsTracBrowser)
+	ref = strings.TrimPrefix(ref, prefixForWordpressPluginsTracLog)
+	ref = strings.TrimPrefix(ref, prefixForWordpressPluginsGitHubArchive)
+	ref = strings.TrimPrefix(ref, prefixForWordpressPluginsWordfence)
+	ref = strings.Split(ref, "?")[0]
+	ref = strings.Split(ref, "/")[0]
+	if ref == "" {
+		return
+	}
+
+	updateIndex(indexed, dictionary.EcosystemWordpressPlugins, ref, cpeItemName)
+}
+
+func addEntryForWordpressTheme(indexed *dictionary.Indexed, ref string, cpeItemName string) {
+	// Prune off the non-package-name parts of the URL
+	ref = strings.TrimPrefix(ref, prefixForWordpressThemes)
+	ref = strings.TrimPrefix(ref, prefixForWordpressThemesTracBrowser)
+	ref = strings.TrimPrefix(ref, prefixForWordpressThemesTracLog)
+	ref = strings.TrimPrefix(ref, prefixForWordpressThemesWordfence)
+	ref = strings.Split(ref, "?")[0]
+	ref = strings.Split(ref, "/")[0]
+	if ref == "" {
+		return
+	}
+
+	updateIndex(indexed, dictionary.EcosystemWordpressThemes, ref, cpeItemName)
+}
+
 func addEntryForRustCrate(indexed *dictionary.Indexed, ref string, cpeItemName string) {
 	// Prune off the non-package-name parts of the URL
 	ref = strings.TrimPrefix(ref, prefixForRustCrates)

syft/pkg/cataloger/internal/cpegenerate/dictionary/types.go

@@ -8,15 +8,17 @@ import (
 )
 
 const (
-	EcosystemNPM            = "npm"
+	EcosystemNPM              = "npm"
-	EcosystemRubyGems       = "rubygems"
+	EcosystemRubyGems         = "rubygems"
-	EcosystemPyPI           = "pypi"
+	EcosystemPyPI             = "pypi"
-	EcosystemPHPPear        = "php_pear"
+	EcosystemPHPPear          = "php_pear"
-	EcosystemPHPPecl        = "php_pecl"
+	EcosystemPHPPecl          = "php_pecl"
-	EcosystemPHPComposer    = "php_composer"
+	EcosystemPHPComposer      = "php_composer"
-	EcosystemJenkinsPlugins = "jenkins_plugins"
+	EcosystemJenkinsPlugins   = "jenkins_plugins"
-	EcosystemRustCrates     = "rust_crates"
+	EcosystemRustCrates       = "rust_crates"
-	EcosystemGoModules      = "go_modules"
+	EcosystemGoModules        = "go_modules"
+	EcosystemWordpressPlugins = "wordpress_plugins"
+	EcosystemWordpressThemes  = "wordpress_themes"
 )
 
 type Indexed struct {