From 11d15351a2fece06ac7d191007f8e02f6df51878 Mon Sep 17 00:00:00 2001
From: Peter Marko <peter.marko@siemens.com>
Date: Sun, 5 Nov 2023 15:04:28 +0100
Subject: [PATCH] grpc-go: add grpc to CVE_PRODUCT

Some cves are reported with "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*"
See https://nvd.nist.gov/vuln/detail/CVE-2023-44487

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 recipes-devtools/go/grpc-go_git.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/recipes-devtools/go/grpc-go_git.bb b/recipes-devtools/go/grpc-go_git.bb
index d5bfaab9..b3b58ed4 100644
--- a/recipes-devtools/go/grpc-go_git.bb
+++ b/recipes-devtools/go/grpc-go_git.bb
@@ -39,3 +39,7 @@ go_grpc_sysroot_preprocess () {
 FILES:${PN} += " \
     ${prefix}/local/go/src/${PKG_NAME}/* \
 "
+
+# some CVEs are reported with "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*"
+# it's better to have false positives than false negatives
+CVE_PRODUCT += "grpc"