Skip to content

#1775: validate and update CPE vendor and product for all tools #1796

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MarvMa wants to merge 14 commits into
base: main
Choose a base branch
from
Open

#1775: validate and update CPE vendor and product for all tools #1796

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
0f81059
#1647: updated cpe values for docker/rancher
MarvMa Mar 25, 2026
e4a43e2
#1174: added functionality for JavaAzul
MarvMa Mar 25, 2026
980267f
#1174: added edition logic to javaAzul
MarvMa Mar 25, 2026
0bb9303
Merge branch 'main' of https://github.com/devonfw/IDEasy into bugfix/…
MarvMa Mar 31, 2026
d56266a
#1775: updated cpes for all tools, deleting configurations for non ex…
MarvMa Apr 2, 2026
6512285
#1775: updated changelog
MarvMa Apr 2, 2026
1b3042a
Merge branch 'main' into bugfix/#1775-validate-cve-reportings
MarvMa Apr 7, 2026
713d9cb
Update CHANGELOG for release 2026.04.002
MarvMa Apr 7, 2026
57291fc
#1775: remove Java Azul logic from wrong branch
MarvMa Apr 7, 2026
81b059b
Merge branch 'main' of https://github.com/devonfw/IDEasy into bugfix/…
MarvMa Apr 7, 2026
4de5d54
#1775: added CPE changes to changelog
MarvMa Apr 7, 2026
e89d3c3
Merge branch 'bugfix/#1775-validate-cve-reportings' of https://github…
MarvMa Apr 7, 2026
5a563ae
Apply suggestions from code review
MarvMa Apr 8, 2026
6845b88
Merge branch 'main' of https://github.com/devonfw/IDEasy into bugfix/…
MarvMa Apr 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ This file documents all notable changes to https://github.com/devonfw/IDEasy[IDE
Release with new features and bugfixes:

* https://github.com/devonfw/IDEasy/issues/1552[#1552]: Add Commandlet to fix TLS issue
* https://github.com/devonfw/IDEasy/issues/1775[#1775]: validated and updated CPE's for all products

The full list of changes for this release can be found in https://github.com/devonfw/IDEasy/milestone/43?closed=1[milestone 2026.04.002].

Expand Down
11 changes: 1 addition & 10 deletions ...r/src/main/java/com/devonfw/tools/ide/url/tool/androidstudio/AndroidStudioUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,14 +76,5 @@ protected Collection<AndroidJsonItem> getVersionItems(AndroidJsonObject jsonObje

return jsonObject.content().item();
}

@Override
public String getCpeVendor() {
return "google";
}

@Override
public String getCpeProduct() {
return "android_studio";
}

}
2 changes: 1 addition & 1 deletion url-updater/src/main/java/com/devonfw/tools/ide/url/tool/aws/AwsUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ public String getCpeVendor() {

@Override
public String getCpeProduct() {
return "aws";
return "aws_command_line_interface";
}

}
2 changes: 1 addition & 1 deletion url-updater/src/main/java/com/devonfw/tools/ide/url/tool/az/AzureUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,6 @@ public String getCpeVendor() {

@Override
public String getCpeProduct() {
return "az";
return "azure_command-line_interface";
}
}
11 changes: 1 addition & 10 deletions url-updater/src/main/java/com/devonfw/tools/ide/url/tool/corepack/CorepackUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,5 @@ protected String getPackageName() {

return "corepack";
}

@Override
public String getCpeVendor() {
return "corepack";
}

@Override
public String getCpeProduct() {
return "corepack";
}

}
2 changes: 1 addition & 1 deletion url-updater/src/main/java/com/devonfw/tools/ide/url/tool/docker/DockerDesktopUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,6 @@ public String getCpeVendor() {

@Override
public String getCpeProduct() {
return "docker";
return "desktop";
}
}
2 changes: 1 addition & 1 deletion url-updater/src/main/java/com/devonfw/tools/ide/url/tool/dotnet/DotNetUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,6 @@ public String getCpeVendor() {

@Override
public String getCpeProduct() {
return "dotnet";
return ".net";
}
}
2 changes: 1 addition & 1 deletion url-updater/src/main/java/com/devonfw/tools/ide/url/tool/eclipse/EclipseUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,6 @@ public String getCpeVendor() {

@Override
public String getCpeProduct() {
return "eclipse";
return "eclipse_ide";
}
}
11 changes: 1 addition & 10 deletions url-updater/src/main/java/com/devonfw/tools/ide/url/tool/gcloud/GCloudUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,15 +51,6 @@ protected void addVersion(UrlVersion urlVersion) {
}
}
}

@Override
public String getCpeVendor() {
return "google";
}

@Override
public String getCpeProduct() {
return "gcloud";
}


}
11 changes: 0 additions & 11 deletions url-updater/src/main/java/com/devonfw/tools/ide/url/tool/gcviewer/GcViewerUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,15 +47,4 @@ public String mapVersion(String version) {
return null;
}
}

@Override
public String getCpeVendor() {
return "chewiebug";
}

@Override
public String getCpeProduct() {
return "gcviewer";
}

}
2 changes: 1 addition & 1 deletion url-updater/src/main/java/com/devonfw/tools/ide/url/tool/gh/GhUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,6 @@ public String getCpeVendor() {

@Override
public String getCpeProduct() {
return "gh";
return "cli";
}
}
10 changes: 10 additions & 0 deletions url-updater/src/main/java/com/devonfw/tools/ide/url/tool/go/GoUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,5 +66,15 @@ protected void addVersion(UrlVersion urlVersion) {
protected String getCustomVersionFilter() {
return "rc";
}

@Override
public String getCpeVendor() {
return "golang";
}

@Override
public String getCpeProduct() {
return "go";
}
}

22 changes: 11 additions & 11 deletions url-updater/src/main/java/com/devonfw/tools/ide/url/tool/helm/HelmUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,17 +35,6 @@ protected String getDownloadBaseUrl() {
return "https://get.helm.sh";
}

@Override
public String getCpeVendor() {

return "helm";
}

@Override
public String getCpeProduct() {

return "helm";
}

@Override
protected void addVersion(UrlVersion urlVersion) {
Expand All @@ -67,5 +56,16 @@ public String mapVersion(String version) {
return super.mapVersion("v" + version);
}

@Override
public String getCpeVendor() {

return "helm";
}

@Override
public String getCpeProduct() {

return "helm";
}

}
2 changes: 1 addition & 1 deletion url-updater/src/main/java/com/devonfw/tools/ide/url/tool/intellij/IntellijUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public String getCpeVendor() {

@Override
public String getCpeProduct() {
return "intellij";
return "intellij_idea";
}


Expand Down
19 changes: 10 additions & 9 deletions url-updater/src/main/java/com/devonfw/tools/ide/url/tool/jasypt/JasyptUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,15 +28,6 @@ protected String getMavenArtifcatId() {
return "jasypt";
}

@Override
public String getCpeVendor() {
return "jasypt";
}

@Override
public String getCpeProduct() {
return "jasypt";
}

@Override
public boolean isValidVersion(String version) {
Expand All @@ -48,4 +39,14 @@ public boolean isValidVersion(String version) {
return false;
}

@Override
public String getCpeVendor() {
return "jasypt_project";
}

@Override
public String getCpeProduct() {
return "jasypt";
}

}
4 changes: 3 additions & 1 deletion url-updater/src/main/java/com/devonfw/tools/ide/url/tool/java/JavaJsonVersion.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@
*
* @see JavaJsonObject#versions()
*/
public record JavaJsonVersion(@JsonProperty("openjdk_version") String openjdkVersion, @JsonProperty("semver") String semver) implements JsonVersionItem {
public record JavaJsonVersion(
@JsonProperty("openjdk_version") String openjdkVersion,
@JsonProperty("semver") String semver) implements JsonVersionItem {

@Override
public String version() {
Expand Down
23 changes: 12 additions & 11 deletions url-updater/src/main/java/com/devonfw/tools/ide/url/tool/java/JavaUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,17 +26,6 @@ public String mapVersion(String version) {
return super.mapVersion(version);
}

@Override
public String getCpeVendor() {

return "eclipse";
}

@Override
public String getCpeProduct() {

return "temurin";
}

@Override
protected void addVersion(UrlVersion urlVersion) {
Expand Down Expand Up @@ -107,4 +96,16 @@ protected Collection<JavaJsonVersion> getVersionItems(JavaJsonObject jsonObject)

return jsonObject.versions();
}

@Override
public String getCpeVendor() {

return "oracle";
}

@Override
public String getCpeProduct() {

return "jdk";
Copy link
Copy Markdown
Member

@hohwille hohwille Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still not convinced about this one. See e.g.
https://cveawg.mitre.org/api/cve/CVE-2025-21587

"criteria": "cpe:2.3:a:oracle:java_se:17.0.14:*:*:*:*:*:*:*"

Copy link
Copy Markdown
Member

@hohwille hohwille Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So IMHO here we have two products: jdk and java_se.
Please have a look and see if you can agree with my observation or not.
If we agree, we maybe create a new issue for that (Support multiple values for CPE product), merge this PR and plan a new PR to fix the new issue.

Copy link
Copy Markdown
Contributor Author

@MarvMa MarvMa Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, there is a few cases where two CPEs exist. For now i just chose one of them, but we should definitely consider adding an option to add more than one CPE 0..N for both CPE vendor and product.

}
}
2 changes: 1 addition & 1 deletion url-updater/src/main/java/com/devonfw/tools/ide/url/tool/jenkins/JenkinsUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ protected void addVersion(UrlVersion urlVersion) {

@Override
public String getCpeVendor() {
return "jenkinsci";
return "jenkins";
Copy link
Copy Markdown
Member

@hohwille hohwille Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also no CPE in CVEs like https://cveawg.mitre.org/api/cve/CVE-2026-33001

Copy link
Copy Markdown
Contributor Author

@MarvMa MarvMa Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found this one. Isn't this the correct one?
https://nvd.nist.gov/products/cpe/detail/91BF01B3-BE76-4BDA-A42B-6DDA5BB9036E?namingFormat=2.3&orderBy=CPEURI&keyword=cpe%3A2.3%3Aa%3Ajenkins%3Ajenkins&status=FINAL

}

@Override
Expand Down
10 changes: 0 additions & 10 deletions url-updater/src/main/java/com/devonfw/tools/ide/url/tool/jmc/JmcUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,4 @@ protected void addVersion(UrlVersion urlVersion) {
doAddVersion(urlVersion, baseUrl + "macosx.cocoa.x86_64.tar.gz", MAC);
doAddVersion(urlVersion, baseUrl + "linux.gtk.x86_64.tar.gz", LINUX);
}

@Override
public String getCpeVendor() {
return "adoptium";
}

@Override
public String getCpeProduct() {
return "jmc-build";
}
}
12 changes: 1 addition & 11 deletions ...updater/src/main/java/com/devonfw/tools/ide/url/tool/kotlinc/KotlincNativeUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,5 @@ protected Pattern getVersionPattern() {

return Pattern.compile("[0-9]+\\.[0-9]+\\.[0-9]+");
}

@Override
public String getCpeVendor() {
return "jetbrains";
}

@Override
public String getCpeProduct() {
return "kotlin-native";
}


}
11 changes: 0 additions & 11 deletions ...updater/src/main/java/com/devonfw/tools/ide/url/tool/lazydocker/LazyDockerUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,15 +53,4 @@ protected void addVersion(UrlVersion urlVersion) {
doAddVersion(urlVersion, baseUrl + "Darwin_arm64.tar.gz", MAC, ARM64);
}
}

@Override
public String getCpeVendor() {
return "jesseduffield";
}

@Override
public String getCpeProduct() {
return "lazydocker";
}

}
23 changes: 12 additions & 11 deletions url-updater/src/main/java/com/devonfw/tools/ide/url/tool/mvn/MvnUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,17 +20,6 @@ public String getTool() {
return "mvn";
}

@Override
public String getCpeVendor() {

return "apache";
}

@Override
public String getCpeProduct() {

return "maven";
}

@Override
protected String getGithubOrganization() {
Expand Down Expand Up @@ -80,4 +69,16 @@ protected void addVersion(UrlVersion urlVersion) {
doAddVersion(urlVersion, getDownloadBaseUrl() + "/dist/maven/" + majorFolder + "/${version}/binaries/apache-maven-${version}-bin.zip");
}
}

@Override
public String getCpeVendor() {

return "apache";
}

@Override
public String getCpeProduct() {

return "maven";
}
}
16 changes: 8 additions & 8 deletions url-updater/src/main/java/com/devonfw/tools/ide/url/tool/node/NodeUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,20 +65,20 @@ protected void addVersion(UrlVersion urlVersion) {
}
}


@Override
public String getCpeVendor() {
return "nodejs";
public String mapVersion(String version) {

return super.mapVersion("v" + version);
}

@Override
public String getCpeProduct() {
return "node";
public String getCpeVendor() {
return "nodejs";
}

@Override
public String mapVersion(String version) {

return super.mapVersion("v" + version);
public String getCpeProduct() {
return "node.js";
}

}
2 changes: 1 addition & 1 deletion url-updater/src/main/java/com/devonfw/tools/ide/url/tool/npm/NpmUrlUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ protected String getPackageName() {

@Override
public String getCpeVendor() {
return "npm";
return "npmjs";
}

@Override
Expand Down
Loading
Loading