feat(scanner): enhance products with no identified vulnerabilities

Currently, cve-bin-tool will return gnu:zlib in "Products with No
Identified Vulnerabilities" if zlib is found but not affected by
CVE-2016-9842 (i.e. zlib >= 1.2.9) because NVD NIST database contains
two CPE IDs for zlib (gnu:zlib and zlib:zlib)

With this update, product with multiple vendors will not be displayed
under above section if a CVE is found with one of the vendor.

Fix intel#3169

Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>

cve_bin_tool/output_engine/__init__.py

@@ -481,8 +481,12 @@ def output_pdf(
                     [10, 10, 10],
                 )
                 row = 1
+                products_with_cves = list(map(lambda x: (x[1]), all_cve_data))
                 for product_data in all_product_data:
-                    if all_product_data[product_data] == 0:
+                    if (
+                        all_product_data[product_data] == 0
+                        and product_data.product not in products_with_cves
+                    ):
                         product_entry = [
                             product_data.vendor,
                             product_data.product,

cve_bin_tool/output_engine/console.py

@@ -258,8 +258,12 @@ def validate_cell_length(cell_name, cell_type):
         table.add_column("Product")
         table.add_column("Version")
 
+        products_with_cves = list(map(lambda x: (x[1]), all_cve_data))
         for product_data in all_product_data:
-            if all_product_data[product_data] == 0:
+            if (
+                all_product_data[product_data] == 0
+                and product_data.product not in products_with_cves
+            ):
                 cells = [
                     Text.styled(product_data.vendor, color),
                     Text.styled(product_data.product, color),