CPE: Fix false negative on part comparison

Previously, comparing CPEs will cause false negatives, if the component (right) "part" contains an "ANY" value, while the CVE (left) contains a string value or logical value "NA". Instead, this should return a match, as defined by cases 5, 13, 15 within table 6-2 in the [NIST name matching specification](https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7696.pdf).
stevespringett · Sep 1, 2023 · 0270865 · 0270865
1 parent e0db903
commit 0270865
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/java/us/springett/parsers/cpe/Cpe.java b/src/main/java/us/springett/parsers/cpe/Cpe.java
@@ -584,7 +584,7 @@ public boolean matchedBy(ICpe target) {
     protected static boolean compareAttributes(Part left, Part right) {
         if (left == right) {
             return true;
-        } else if (left == Part.ANY) {
+        } else if (left == Part.ANY || right == Part.ANY) {
             return true;
         }
         return false;