Hi, The CPE reference comes from the NVD entry for `google_test`. One of the CPE used is:
https://nvd.nist.gov/products/cpe/detail/5806549A-1DCE-4225-80C6-7099B53A0F77?namingFormat=2.3&orderBy=CPEURI&keyword=cpe%3A2.3%3Aa%3Agoogle%3Agoogle_test&status=FINAL This CPE (`cpe:2.3:a:google:google_test`) is the product name currently defined by NVD for Googletest. The complete list of available CPEs matching `google_test` can be found here: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=google_test You are correct that, at present, there are no CVEs reported for Googletest. However, the source code is already mapped to this CPE in NVD. Setting `CVE_PRODUCT` ensures that any future CVEs reported against this product will be correctly detected and attributed during CVE checking. I will send a revised patch with this information clearly documented in the commit message as a reference. Best regards, Het. ________________________________ From: [email protected] <[email protected]> on behalf of Peter Marko via lists.openembedded.org <[email protected]> Sent: Thursday, February 26, 2026 6:49 PM To: Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco) <[email protected]>; [email protected] <[email protected]> Cc: xe-linux-external(mailer list) <[email protected]>; Viral Chavda (vchavda) <[email protected]> Subject: Re: [oe] [meta-oe] [PATCH v1] googletest: Add CVE_PRODUCT to support product name > -----Original Message----- > From: [email protected] <openembedded- > [email protected]> On Behalf Of Het Patel via > lists.openembedded.org > Sent: Thursday, February 26, 2026 13:51 > To: [email protected] > Cc: [email protected]; [email protected] > Subject: [oe] [meta-oe] [PATCH v1] googletest: Add CVE_PRODUCT to support > product name > > From: Het Patel <[email protected]> > > - Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE > reporting. > > Signed-off-by: Het Patel <[email protected]> > --- > meta-oe/recipes-test/googletest/googletest_1.17.0.bb | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta-oe/recipes-test/googletest/googletest_1.17.0.bb b/meta- > oe/recipes-test/googletest/googletest_1.17.0.bb > index c8ed80053d..242f0ac7da 100644 > --- a/meta-oe/recipes-test/googletest/googletest_1.17.0.bb > +++ b/meta-oe/recipes-test/googletest/googletest_1.17.0.bb > @@ -35,3 +35,6 @@ do_configure:prepend() { > # there isn't python in HOSTTOOLS so "env python" fails > sed -i 's@^#!/usr/bin/env python$@#!/usr/bin/env python3@g' > ${S}/googlemock/test/*py ${S}/googletest/test/*py > } > + > +# Add CVE_PRODUCT to match the NVD CPE product name > +CVE_PRODUCT = "google:google_test" Where is this CPE coming from? Afaik there is no CVE for googletest to look at used CPEs. Please add reference to the commit message.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124692): https://lists.openembedded.org/g/openembedded-devel/message/124692 Mute This Topic: https://lists.openembedded.org/mt/118011140/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
