lib/inspect-apps.c: Match name, display name and publisher across all regexs

For McAfee VirusScan, the name is bogus and the display name is the actual name: <application> <name>{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}</name> <display_name>McAfee VirusScan Enterprise</display_name> <version>8.8.04001</version> <install_path>C:Program Files (x86)McAfeeVirusScan Enterprise\</install_path> <publisher>McAfee, Inc.</publisher> <url>http://www.mcafeesecurity.com/</url> </application> Simplify the existing ad hoc code so we just match name, display name and publisher (if present) against all the virus scanning strings.
2026-03-21 22:53:37 +00:00 · 2025-11-04 13:22:39 +00:00
parent 3c1554e7f2
commit 344d96e158
1 changed files with 24 additions and 14 deletions
--- a/lib/inspect-apps.c
+++ b/lib/inspect-apps.c
@@ -582,7 +582,7 @@ list_applications_apk (guestfs_h *g, const char *root)
 }

 static void list_applications_windows_from_path (guestfs_h *g, struct guestfs_application2_list *apps, const char **path, size_t path_len);
-static const char *get_class_from_windows_app (guestfs_h *g, const char *name, const char *publisher);
+static const char *get_class_from_windows_app (guestfs_h *g, const char *name, const char *display_name, const char *publisher);

 static struct guestfs_application2_list *
 list_applications_windows (guestfs_h *g, const char *root)
@@ -681,7 +681,7 @@ list_applications_windows_from_path (guestfs_h *g,
        if (value)
          comments = guestfs_hivex_value_string (g, value);

-        class_ = get_class_from_windows_app (g, name, publisher);
+        class_ = get_class_from_windows_app (g, name, display_name, publisher);

        add_application (g, apps, name, display_name, 0,
                         version ? : "",
@@ -711,18 +711,28 @@ COMPILE_REGEXP (av_avg_tech,  "avg technologies", PCRE2_CASELESS);

 static const char *
 get_class_from_windows_app (guestfs_h *g,
-                            const char *name, const char *publisher)
+                            const char *name,
+                            const char *display_name,
+                            const char *publisher)
 {
-  if (name && (match (g, name,      av_virus) ||
-               match (g, name,      av_kaspersky) ||
-               match (g, name,      av_mcafee) ||
-               match (g, name,      av_norton) ||
-               match (g, name,      av_sophos) ||
-               match (g, name,      av_trend)))
+  const char *fields[] = { name, display_name, publisher };
+  size_t i;
+
+  for (i = 0; i < sizeof (fields) / sizeof (fields[0]); ++i) {
+    const char *field = fields[i];
+
+    if (field) {
+      if (match (g, field, av_virus) ||
+          match (g, field, av_kaspersky) ||
+          match (g, field, av_mcafee) ||
+          match (g, field, av_norton) ||
+          match (g, field, av_sophos) ||
+          match (g, field, av_trend) ||
+          match (g, field, av_avg_tech))
        return "antivirus";
-  else if (publisher && match (g, publisher, av_avg_tech))
-    return "antivirus";
-  else
+    }
+  }
+
  return "";
 }