Fix CPE generation for Citrix Workspace without YYMM suffix (#46811)

[mostlikelee]

Related issue: Resolves #46811

A single Citrix Workspace install produces several programs rows (e.g. Citrix Workspace, Citrix Workspace(DV), Citrix Workspace Inside) whose names lack the YYMM release suffix. The version normalizer only matched names like Citrix Workspace 2603, so these rows kept their raw file version (e.g. 25.7.1.6) in the generated CPE and failed to match NVD. Broadened the matcher to normalize any Citrix Workspace* program published by Citrix Systems, Inc. on Windows.

Checklist for submitter

• Changes file added for user-visible changes in changes/.
• Input data is properly validated, SELECT * is avoided, SQL injection is prevented (no SQL changes; version normalization only).

Testing

• Added/updated automated tests (TestMutateSoftware regression cases for Incorrect CPE generated for Cisco Workspace (Windows) #46811).
• QA'd all new/changed functionality manually (verified real osquery programs rows on a Windows host).

Summary by CodeRabbit

• Bug Fixes
  • Fixed vulnerability detection for Citrix Workspace running on Windows by implementing proper version format normalization to align with National Vulnerability Database (NVD) standards. This ensures Citrix Workspace installations are accurately matched against known vulnerabilities and enables comprehensive security risk assessment with improved visibility across affected Windows environments.

[mostlikelee]

@coderabbitai full review

[coderabbitai]

✅ Action performed

Full review finished.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 494f1a57-56ef-44a9-aa74-e8f035779eda

📥 Commits

Reviewing files that changed from the base of the PR and between 532c5d5 and 1cd91c5.

📒 Files selected for processing (3)

• changes/46811-citrix-workspace-cpe
• server/vulnerabilities/nvd/cpe.go
• server/vulnerabilities/nvd/cpe_test.go

---

Walkthrough

This PR fixes CPE generation for Citrix Workspace installations on Windows. The changes expand the CPE software transformer to detect Citrix Workspace entries that originate from the Windows programs source without YYMM-style release naming, then normalize their version strings to match NVD format (e.g., 25.7.1.6 becomes 2507.1.6). Two regression test cases and a changelog entry document and validate the fix.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the fix addressing version normalization for Citrix Workspace entries without YYMM suffix, matching the primary change in the PR.
Description check	✅ Passed	The description covers the core issue, the changes made (broadened matcher), testing added (regression cases), and required checklist items are checked including changes file and security validation.
Linked Issues check	✅ Passed	The PR directly addresses #46811 by expanding the version normalizer to handle Citrix Workspace programs lacking YYMM suffix, ensuring generated CPEs use normalized YYMM format (e.g., 2507) to match NVD.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing CPE generation for Citrix Workspace: matcher updates, version normalization, and regression test cases. No unrelated modifications found.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch investigate-46811-citrix-cpe

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 67.18%. Comparing base (9279a99) to head (1cd91c5).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #47545      +/-   ##
==========================================
- Coverage   67.18%   67.18%   -0.01%     
==========================================
  Files        3548     3548              
  Lines      228890   228892       +2     
  Branches    11909    11909              
==========================================
- Hits       153782   153777       -5     
- Misses      61263    61268       +5     
- Partials    13845    13847       +2     

Flag	Coverage Δ
backend	68.82% <100.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.