feat: index known CPEs for wordpress plugins and themes

Signed-off-by: Weston Steimel <commits@weston.slmail.me>

syft/pkg/cataloger/internal/cpegenerate/dictionary/index-generator/generate.go

@@ -116,6 +116,15 @@ const (
 	prefixForPHPPeclHTTP                   = "http://pecl.php.net/"
 	prefixForPHPComposer                   = "https://packagist.org/packages/"
 	prefixForGoModules                     = "https://pkg.go.dev/"
+	prefixForWordpressPlugins              = "https://wordpress.org/plugins/"
+	prefixForWordpressPluginsTracBrowser   = "https://plugins.trac.wordpress.org/browser/"
+	prefixForWordpressPluginsTracLog       = "https://plugins.trac.wordpress.org/log/"
+	prefixForWordpressPluginsGitHubArchive = "https://github.com/wp-plugins/"
+	prefixForWordpressPluginsWordfence     = "https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/"
+	prefixForWordpressThemes               = "https://wordpress.org/themes/"
+	prefixForWordpressThemesTracBrowser    = "https://themes.trac.wordpress.org/browser/"
+	prefixForWordpressThemesTracLog        = "https://themes.trac.wordpress.org/log/"
+	prefixForWordpressThemesWordfence      = "https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/"
 )
 
 // indexCPEList creates an index of CPEs by ecosystem.
@@ -164,6 +173,13 @@ func indexCPEList(list CpeList) *dictionary.Indexed {
 
 			case strings.HasPrefix(ref, prefixForGoModules):
 				addEntryForGoModulePackage(indexed, ref, cpeItemName)
+
+			case strings.HasPrefix(ref, prefixForWordpressPlugins), strings.HasPrefix(ref, prefixForWordpressPluginsTracBrowser), strings.HasPrefix(ref, prefixForWordpressPluginsTracLog), strings.HasPrefix(ref, prefixForWordpressPluginsGitHubArchive), strings.HasPrefix(ref, prefixForWordpressPluginsWordfence):
+				addEntryForWordpressPlugin(indexed, ref, cpeItemName)
+
+			case strings.HasPrefix(ref, prefixForWordpressThemes), strings.HasPrefix(ref, prefixForWordpressThemesTracBrowser), strings.HasPrefix(ref, prefixForWordpressThemesTracLog), strings.HasPrefix(ref, prefixForWordpressThemesWordfence):
+				addEntryForWordpressTheme(indexed, ref, cpeItemName)
+
 			}
 		}
 	}
@@ -183,6 +199,37 @@ func updateIndex(indexed *dictionary.Indexed, ecosystem string, pkgName string,
 	indexed.EcosystemPackages[ecosystem][pkgName].Add(cpe)
 }
 
+func addEntryForWordpressPlugin(indexed *dictionary.Indexed, ref string, cpeItemName string) {
+	// Prune off the non-package-name parts of the URL
+	ref = strings.TrimPrefix(ref, prefixForWordpressPlugins)
+	ref = strings.TrimPrefix(ref, prefixForWordpressPluginsTracBrowser)
+	ref = strings.TrimPrefix(ref, prefixForWordpressPluginsTracLog)
+	ref = strings.TrimPrefix(ref, prefixForWordpressPluginsGitHubArchive)
+	ref = strings.TrimPrefix(ref, prefixForWordpressPluginsWordfence)
+	ref = strings.Split(ref, "?")[0]
+	ref = strings.Split(ref, "/")[0]
+	if ref == "" {
+		return
+	}
+
+	updateIndex(indexed, dictionary.EcosystemWordpressPlugins, ref, cpeItemName)
+}
+
+func addEntryForWordpressTheme(indexed *dictionary.Indexed, ref string, cpeItemName string) {
+	// Prune off the non-package-name parts of the URL
+	ref = strings.TrimPrefix(ref, prefixForWordpressThemes)
+	ref = strings.TrimPrefix(ref, prefixForWordpressThemesTracBrowser)
+	ref = strings.TrimPrefix(ref, prefixForWordpressThemesTracLog)
+	ref = strings.TrimPrefix(ref, prefixForWordpressThemesWordfence)
+	ref = strings.Split(ref, "?")[0]
+	ref = strings.Split(ref, "/")[0]
+	if ref == "" {
+		return
+	}
+
+	updateIndex(indexed, dictionary.EcosystemWordpressThemes, ref, cpeItemName)
+}
+
 func addEntryForRustCrate(indexed *dictionary.Indexed, ref string, cpeItemName string) {
 	// Prune off the non-package-name parts of the URL
 	ref = strings.TrimPrefix(ref, prefixForRustCrates)

syft/pkg/cataloger/internal/cpegenerate/dictionary/types.go

@@ -17,6 +17,8 @@ const (
 	EcosystemJenkinsPlugins   = "jenkins_plugins"
 	EcosystemRustCrates       = "rust_crates"
 	EcosystemGoModules        = "go_modules"
+	EcosystemWordpressPlugins = "wordpress_plugins"
+	EcosystemWordpressThemes  = "wordpress_themes"
 )
 
 type Indexed struct {