Skip to content

#1775: validate and update CPE vendor and product for all tools#1796

Draft
MarvMa wants to merge 1217 commits intodevonfw:mainfrom
MarvMa:bugfix/#1775-validate-cve-reportings
Draft

#1775: validate and update CPE vendor and product for all tools#1796
MarvMa wants to merge 1217 commits intodevonfw:mainfrom
MarvMa:bugfix/#1775-validate-cve-reportings

Conversation

@MarvMa
Copy link
Copy Markdown
Contributor

@MarvMa MarvMa commented Apr 2, 2026
edited
Loading

This PR fixes #1775

Implemented changes:

  • updated cpe's for all products
  • removed cpe-vendor and cpe-product for tools where no cpe entry exists on nvd
  • created a shell-script to verify cpe data using a POST request with search params. (doesn't work for all the CPEs, some needed a manual check)
    collect-cpe-report.sh

Checklist for this PR

Make sure everything is checked before merging this PR. For further info please also see
our DoD.

  • When running mvn clean test locally all tests pass and build is successful
  • PR title is of the form #«issue-id»: «brief summary» (e.g. #921: fixed setup.bat). If no issue ID exists, title only.
  • PR top-level comment summarizes what has been done and contains link to addressed issue(s)
  • PR and issue(s) have suitable labels
  • Issue is set to In Progress and assigned to you or there is no issue (might happen for very small PRs)
  • You followed all coding conventions
  • You have added the issue implemented by your PR in CHANGELOG.adoc unless issue is labeled
    with internal

jan-vcapgemini and others added 30 commits October 22, 2025 00:22
@jan-vcapgemini
devonfw#1536: Disable uninstall for corepack and npm (devonfw#1541)
1cb23b2
@jan-vcapgemini @hohwille
devonfw#1534: Run migration first (devonfw#1540)
89c6c94 
Co-authored-by: Jörg Hohwiller <hohwille@users.noreply.github.com>
@jan-vcapgemini @hohwille
devonfw#1535: Fixed blocked env command (devonfw#1538)
09d7ac2 
Co-authored-by: Jörg Hohwiller <hohwille@users.noreply.github.com>
@jan-vcapgemini @hohwille
devonfw#1514: Fixed npm prefix not set (devonfw#1539)
5da1a41 
Co-authored-by: Jörg Hohwiller <hohwille@users.noreply.github.com>
@jan-vcapgemini
devonfw#858: Fixed kotlincnative naming (devonfw#1544)
82b512e
@devonfw-core
set release version to 2025.10.001
2425d43
@devonfw-core
set next version to 2025.10.002-SNAPSHOT
b10cfba
@jan-vcapgemini
devonfw#1545: Fixed Yarn installation (devonfw#1546)
1db9615
@wustudent @hohwille
devonfw#1526: correct parameter name and javadoc for FileAccess.compr…
a09cb4f 
…ess. (devonfw#1542)

Co-authored-by: Jörg Hohwiller <hohwille@users.noreply.github.com>
@wustudent @jan-vcapgemini
devonfw#1475: Fix isOnline check for Wiremock tests. (devonfw#1532)
9f9a7c9 
Co-authored-by: jan-vcapgemini <59438728+jan-vcapgemini@users.noreply.github.com>
@jan-vcapgemini @hohwille
devonfw#1549: Adjusted download exception type (devonfw#1550)
202caa0 
Co-authored-by: Jörg Hohwiller <hohwille@users.noreply.github.com>
@jan-vcapgemini @hohwille
devonfw#1492: Add Spring-Boot-CLI Commandlet (devonfw#1496)
71621da 
Co-authored-by: Jörg Hohwiller <hohwille@users.noreply.github.com>
@devonfw-core
set release version to 2025.10.002
c48a42a
@devonfw-core
set next version to 2025.10.003-SNAPSHOT
e543664
@hohwille
Update Maven revision version to 2025.11.001-SNAPSHOT
65065d2
@jan-vcapgemini @hohwille
devonfw#1555: Add npm_config_prefix env variable to Npm (devonfw#1556)
fc7cbb3 
Co-authored-by: Jörg Hohwiller <hohwille@users.noreply.github.com>
@hohwille
Clean up changelog by removing duplicate entry
b7fc682 
Removed duplicate entry for issue devonfw#1549 from changelog.
@hohwille @jan-vcapgemini
devonfw#1553: speed up environment commandlet (devonfw#1554)
1d75209 
Co-authored-by: jan-vcapgemini <59438728+jan-vcapgemini@users.noreply.github.com>
@maybeec
Fix test isolation by preventing escape to developer IDE installation
e4466c4 
Fixes devonfw#1581

- Extracted findIdeHome() as protected method in AbstractIdeContext returning Map.Entry<Path, String>
- Made isIdeHome() protected to allow access in test contexts
- Overridden findIdeHome() in AbstractIdeTestContext to enforce test boundaries
- Added findTestProjectRoot() to locate test resource boundaries via src/test/resources/ide-projects marker
- Set ide.test.root.boundary system property to prevent upward traversal beyond test scope
- Validated detected IDE home stays within test boundaries with clear error messages
- All 80 tests pass successfully with no failures or errors
@maybeec
devonfw#1169: Fix Windows junction creation over broken junctions (de…
1525667 
…vonfw#1583)
@hohwille
Merge branch 'feature/1581-test-isolation-fix' of https://github.com/…
0c544ad 
…maybeec/IDEasy into maybeec-feature/1581-test-isolation-fix
@hohwille
devonfw#1581: constructive review
99c9a31
@hohwille
devonfw#1169: devonfw#1583: fixed test on Windows
b2dc11d
@maybeec @jan-vcapgemini
devonfw#1510: Add icd command hint to help output (devonfw#1574)
518726e 
Co-authored-by: jan-vcapgemini <59438728+jan-vcapgemini@users.noreply.github.com>
@maybeec @jan-vcapgemini
devonfw#1294: Refactor getMavenConfigurationFolder (devonfw#1573)
ccb99c2 
Co-authored-by: jan-vcapgemini <59438728+jan-vcapgemini@users.noreply.github.com>
@maybeec
devonfw#1560: enable trace logging in setup scripts (devonfw#1588)
865c180
@maybeec @jan-vcapgemini @hohwille
devonfw#536: Fix duplicate completion candidates (devonfw#1578)
7c6610a 
Co-authored-by: jan-vcapgemini <59438728+jan-vcapgemini@users.noreply.github.com>
Co-authored-by: Jörg Hohwiller <hohwille@users.noreply.github.com>
@maybeec @hohwille
devonfw#1338: Replace IllegalStateException with assert (devonfw#1572)
68dd4ae 
Co-authored-by: Jörg Hohwiller <hohwille@users.noreply.github.com>
@hohwille @jan-vcapgemini
devonfw#1551: add NetworkStatus and improve status commandlet (devonf…
4221f55 
…w#1557)

Co-authored-by: jan-vcapgemini <59438728+jan-vcapgemini@users.noreply.github.com>
@hohwille
devonfw#1576: screenshots for gatekeeper
f8a90d5
@MarvMa MarvMa moved this from 👀 In review to 🏗 In progress in IDEasy board Apr 14, 2026
@MarvMa MarvMa marked this pull request as draft April 14, 2026 09:35
MarvMa and others added 22 commits April 15, 2026 09:33
@MarvMa
devonfw#1775: updated tests and docs
e8199d2
@MarvMa
devonfw#1775: updated tests and docs
0f398bc
@MarvMa
devonfw#1775: updated implementation to add multiple vendors and prod…
df2f188 
…ucts, added tests, updated documentation
@MarvMa
devonfw#1775: updated implementation to add multiple vendors and prod…
c6211c2 
…ucts, added tests, updated documentation
@jakozian @MarvMa @hohwille
devonfw#906: Add feature configurable intellij vm args (devonfw#1820)
2bcde06 
Co-authored-by: MarvMa <marvin.meitzner@gmail.com>
Co-authored-by: Jörg Hohwiller <hohwille@users.noreply.github.com>
@MarvMa
Merge branch 'main' into bugfix/devonfw#1775-validate-cve-reportings
75048e2
@MarvMa
Merge branch 'main' into bugfix/devonfw#1775-validate-cve-reportings
07981c8
@devonfw-core
set release version to 2026.04.002
cfc7ccf
@devonfw-core
set next version to 2026.04.003-SNAPSHOT
1c9ecf7
@MarvMa
devonfw#1775: updated cpe logic, added tests and changed cpe values o…
373421f 
…f tools
@MarvMa
devonfw#1775: updated cpe logic, added tests and changed cpe values o…
fd93189 
…f tools
@MarvMa
Merge branch 'bugfix/devonfw#1775-validate-cve-reportings' of github.…
1ec8497 
…com:MarvMa/IDEasy into bugfix/devonfw#1775-validate-cve-reportings
@MarvMa
Merge branch 'bugfix/devonfw#1775-validate-cve-reportings' of github.…
112f57c 
…com:MarvMa/IDEasy into bugfix/devonfw#1775-validate-cve-reportings
@MarvMa
Merge branch 'main' of github.com:devonfw/IDEasy into bugfix/devonfw#…
fc9486b 
…1775-validate-cve-reportings
@MarvMa
Merge branch 'main' of github.com:devonfw/IDEasy into bugfix/devonfw#…
df85be2 
…1775-validate-cve-reportings
@MarvMa
devonfw#1775: update implementation and update cpes for azure
5ed931f
@MarvMa
devonfw#1775: update implementation and update cpes for azure
6035f83
@MarvMa
Merge branch 'main' of github.com:devonfw/IDEasy
58afd99
@MarvMa
Merge branch 'bugfix/devonfw#1775-validate-cve-reportings' of github.…
c4ffdc3 
…com:MarvMa/IDEasy into bugfix/devonfw#1775-validate-cve-reportings
@MarvMa
Merge branch 'main' of github.com:MarvMa/IDEasy into bugfix/devonfw#1775
a85520d 
-validate-cve-reportings
@MarvMa
devonfw#1775: update changelog
ea79798
@MarvMa
Merge branch 'main' of https://github.com/devonfw/IDEasy into bugfix/d…
f3c5262 
…evonfw#1775-validate-cve-reportings
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hohwille hohwille hohwille approved these changes

Assignees

@MarvMa MarvMa

Labels

security CVEs or other vulnerabilities workflow GitHub actions (CI,CD,update urls/CVEs)

Projects

IDEasy board
Status: 🏗 In progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Validate and Fix CPE Vendor/Product Identifiers for All Tools