fix: fix xerces CPE ID

[ffontaine]

apache:xerces-c has been deprecated in favor of apache-xerces-c\+\+ since February 2023:

<cpe-item name="cpe:/a:apache:xerces-c:3.1.1" deprecated="true" deprecation_date="2023-02-05T21:10:01.860Z">
      <reference href="https://marc.info/?l=xerces-c-users&amp;m=157653840106914&amp;w=2">Advisory</reference>
      <reference href="https://xerces.apache.org/xerces-c/releases_archive.html">Version</reference>
    <cpe-23:cpe23-item name="cpe:2.3:a:apache:xerces-c:3.1.1:*:*:*:*:*:*:*">
        <cpe-23:deprecated-by name="cpe:2.3:a:apache:xerces-c\+\+:3.1.1:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>

[terriko]

Looks like a bunch of the tests are looking for the old productname and will need to be changed to match.

[codecov-commenter]

Codecov Report

Merging #2932 (ad76e9b) into main (b94d922) will decrease coverage by 0.93%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #2932      +/-   ##
==========================================
- Coverage   82.93%   82.00%   -0.93%     
==========================================
  Files         676      714      +38     
  Lines       10660    10983     +323     
  Branches     1429     1476      +47     
==========================================
+ Hits         8841     9007     +166     
- Misses       1457     1601     +144     
- Partials      362      375      +13     

Flag	Coverage Δ
longtests	82.00% <100.00%> (-0.46%)	⬇️
win-longtests	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
test/test_data/xerces.py	100.00% <ø> (ø)
cve_bin_tool/checkers/xerces.py	100.00% <100.00%> (ø)

... and 68 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[terriko]

Hm, now black (and maybe pyupgrade?) don't like the + construction:

cve_bin_tool/checkers/xerces.py:23:43: W605 invalid escape sequence '\+'
cve_bin_tool/checkers/xerces.py:23:45: W605 invalid escape sequence '\+'
test/test_data/xerces.py:6:[29](https://github.com/intel/cve-bin-tool/actions/runs/4941224876/jobs/8833631559?pr=2932#step:5:30): W605 invalid escape sequence '\+'
test/test_data/xerces.py:6:[31](https://github.com/intel/cve-bin-tool/actions/runs/4941224876/jobs/8833631559?pr=2932#step:5:32): W605 invalid escape sequence '\+'
test/test_data/xerces.py:15:29: W605 invalid escape sequence '\+'
test/test_data/xerces.py:15:31: W605 invalid escape sequence '\+'

Not sure if it needs another \ or what?

[terriko]

And now windows can't figure out the files:

=========================== short test summary info ===========================
FAILED test/test_scanner.py::TestScanner::test_version_mapping[xerces-c\\+\\+-3.1.1-version_strings472] - FileNotFoundError: [Errno 2] No such file or directory: 'C:\\Users\\RUNNER~1\\AppData\\Local\\Temp\\mapping-test-c3qd0gzw\\tmp4pq8zltp-xerces-c\\+\\+-3.1.1.out'
==== 1 failed, 1741 passed, 37 skipped, 25 warnings in 3124.01s (0:52:04) =====

backslashes are the worst.

[terriko]

Thanks for sorting this one out!