From c0c089ffd5a5560859f49fe3e968f4850b4e6ae9 Mon Sep 17 00:00:00 2001
From: Dan Luhring <luhring@users.noreply.github.com>
Date: Mon, 10 Jul 2023 10:24:42 -0400
Subject: [PATCH] fix: Don't use the actual redis or grpc CPEs for gems (#1926)

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
---
 .../cataloger/common/cpe/candidate_by_package_type.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
index 875b6dad02c..6588ea8bb18 100644
--- a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
+++ b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
@@ -461,6 +461,17 @@ var defaultCandidateRemovals = buildCandidateRemovalLookup(
 				VendorsToRemove:  []string{"gradle"},
 			},
 		},
+		// Ruby packages
+		{
+			pkg.GemPkg,
+			candidateKey{PkgName: "redis"},
+			candidateRemovals{ProductsToRemove: []string{"redis"}},
+		},
+		{
+			pkg.GemPkg,
+			candidateKey{PkgName: "grpc"},
+			candidateRemovals{ProductsToRemove: []string{"grpc"}},
+		},
 	})
 
 // buildCandidateLookup is a convenience function for creating the defaultCandidateAdditions set