oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2026-02-12 10:36:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: Remove three Rust crate false positive CPE matches (#3967)

Browse Source 
Signed-off-by: John Vandenberg <jayvdb@gmail.com>
This commit is contained in:
John Vandenberg 2025-06-06 16:29:06 +08:00 committed by GitHub
parent 868a6a7584
commit bc1cbde4f7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
syft/pkg/cataloger/internal/cpegenerate/candidate_by_package_type.go
View File

@ -630,14 +630,34 @@ var defaultCandidateRemovals = buildCandidateRemovalLookup(
candidateRemovals{ProductsToRemove: []string{"grpc"}}, candidateRemovals{ProductsToRemove: []string{"grpc"}},
}, },
// Rust packages // Rust packages
{
pkg.RustPkg,
candidateKey{PkgName: "hyper"},
// Avoid matching CVE-2024-23741
candidateRemovals{VendorsToRemove: []string{"vercel"}},
},
{ {
pkg.RustPkg, pkg.RustPkg,
candidateKey{PkgName: "opentelemetry"}, candidateKey{PkgName: "opentelemetry"},
// Avoid matching CVE-2023-45142
candidateRemovals{ProductsToRemove: []string{"opentelemetry"}}, candidateRemovals{ProductsToRemove: []string{"opentelemetry"}},
}, },
{
pkg.RustPkg,
candidateKey{PkgName: "prometheus"},
// Avoid matching CVE-2019-3826
candidateRemovals{VendorsToRemove: []string{"prometheus"}},
},
{
pkg.RustPkg,
candidateKey{PkgName: "phf"},
// Avoid matching CVE-2000-1186
candidateRemovals{VendorsToRemove: []string{"phf"}},
},
{ {
pkg.RustPkg, pkg.RustPkg,
candidateKey{PkgName: "redis"}, candidateKey{PkgName: "redis"},
// Avoid matching CVE-2022-24735
candidateRemovals{VendorsToRemove: []string{"redis"}}, candidateRemovals{VendorsToRemove: []string{"redis"}},
}, },
// PHP packages // PHP packages