From 242a970e44ba371dbdb7013d009cd6f1d32f67b4 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <83279292+jhelmold@users.noreply.github.com>
Date: Wed, 4 Oct 2023 08:59:00 +0200
Subject: [PATCH] Change: Use case-insensitive comparison for CPEs in CVE
 scanner

Because some CVEs where not found because of a different notation
(with capital letters / without capital letters) the comparison
for the CPEs in the CVE scanner is now made case-insensitive.
---
 src/manage_sql.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index 0eb7005d3..e4750a57e 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -20112,7 +20112,7 @@ init_host_prognosis_iterator (iterator_t* iterator, report_host_t report_host)
                  " FROM scap.cves, scap.cpes, scap.affected_products,"
                  "      report_host_details"
                  " WHERE report_host_details.report_host = %llu"
-                 " AND cpes.name = report_host_details.value"
+                 " AND LOWER(cpes.name) = LOWER(report_host_details.value)"
                  " AND report_host_details.name = 'App'"
                  " AND cpes.id=affected_products.cpe"
                  " AND cves.id=affected_products.cve"