Vulnerability Detector - Improve default CNA selection

[sebasfalcone]

Description

Currently, if no CNA can be determined for a given package, we default to the NVD.

As explained here:

• Vulnerability Detector - False positive: Grafana - CVE-2023-4822 #24952

This brings problems with packages whose information is not expressed in the feed Global map

Current behaviour

If no CNA can be determined in the selector:

wazuh/src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/packageScanner.hpp

Lines 182 to 194 in 7f31104

	auto cnaName {m_databaseFeedManager->getCnaNameByFormat(ctx->packageFormat().data())};
	if (cnaName.empty())
	{
	cnaName = m_databaseFeedManager->getCnaNameBySource(ctx->packageSource().data());
	if (cnaName.empty())
	{
	cnaName =
	m_databaseFeedManager->getCnaNameByPrefix(ctx->packageVendor().data(), ctx->osPlatform().data());
	if (cnaName.empty())
	{
	cnaName = m_databaseFeedManager->getCnaNameByContains(ctx->packageVendor().data(),
	ctx->osPlatform().data());

The NVD is used:

wazuh/src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/packageScanner.hpp

Lines 195 to 198 in 7f31104

	if (cnaName.empty())
	{
	return DEFAULT_CNA;
	}

Agent OS	Associated Feed	Default CNA
RHEL	RHEL	NVD
CentOS	RHEL	NVD
Ubuntu	Canonical	NVD
Linux Mint	Canonical	NVD
Windows	NVD	NVD

Proposed solution

If no CNA can be determined in the selector, use the feed associated with the agent OS instead of the NVD:

Agent OS	Associated Feed	Default CNA
RHEL	RHEL	RHEL
CentOS	RHEL	RHEL
Ubuntu	Canonical	Canonical
Linux Mint	Canonical	Canonical
Windows	NVD	NVD

DoD

• New logic to the getCNA method added
• Maps updated (if needed)
• Tests updated