Only convert platform names when products match

A rule can be loaded from yaml in any context, even when building unrelated products. A rule is completely loaded, and then its prodtype is assessed against the product being built. This limits the conversion of platform names to cpe names to situations where the rule is compatible with the product.
ComplianceAsCode · Apr 27, 2021 · 81d53dc · 81d53dc
1 parent 8702b3e
commit 81d53dc
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/ssg/build_yaml.py b/ssg/build_yaml.py
@@ -1101,8 +1101,9 @@ def from_yaml(cls, yaml_file, env_yaml=None):
             rule.platforms.add(rule.platform)
 
         # Convert the platform names to CPE names
-        # But there is no reason to do it without an env_yaml, as there are no product CPEs defined
-        if env_yaml:
+        # But only do it if an env_yaml was specified (otherwise there would be no product CPEs to lookup),
+        # and the rule's prodtype matches the product being built
+        if env_yaml and env_yaml["product"] in parse_prodtype(rule.prodtype):
             for platform in rule.platforms:
                 try:
                     rule.cpe_names.add(env_yaml["product_cpes"].get_cpe_name(platform))