fix(fp): Fix more common false positives for popular PHP/composer frameworks with generic names (#7994)

Signed-off-by: Chad Wilson <[email protected]>

Author: chadlwilson

core/src/main/resources/dependencycheck-base-suppression.xml

@@ -369,18 +369,54 @@
     </suppress>
     <suppress base="true">
         <notes><![CDATA[
-        FP per #7542
+        FP per #7542 and #7984 (prefixed symfony vendor packages which are not part of core symfony product)
         ]]></notes>
-        <packageUrl regex="true">^pkg:composer/symfony/polyfill-.*$</packageUrl>
+        <packageUrl regex="true">^pkg:composer/symfony/(polyfill-|ux-|panther|webpack-encore-bundle|mercure@|mercure-bundle|monolog-bundle).*$</packageUrl>
         <cpe>cpe:/a:sensiolabs:symfony</cpe>
     </suppress>
     <suppress base="true">
         <notes><![CDATA[
-        FP per #7545
+        FP per #7545 and #7984 (suffixed symfony vendor packages which are not part of core symfony product)
         ]]></notes>
-        <packageUrl regex="true">^pkg:composer/symfony/.*-contracts@.*$</packageUrl>
+        <packageUrl regex="true">^pkg:composer/symfony/.*(contracts|-pack)@.*$</packageUrl>
         <cpe>cpe:/a:sensiolabs:symfony</cpe>
     </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        FP per #7984 - only the pimcore/pimcore package reflects the actual pimcore product
+        ]]></notes>
+        <packageUrl regex="true">^pkg:composer/(?!pimcore/pimcore@).*$</packageUrl>
+        <cpe>cpe:/a:pimcore:pimcore</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        FP per #7984 - only the pear/pear-core-minimal packages reflect the actual pear product
+        ]]></notes>
+        <packageUrl regex="true">^pkg:composer/(?!pear/pear@|pear/pear-core-minimal@).*$</packageUrl>
+        <cpe>cpe:/a:pear:pear</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        FP per #7984 - only the laravel/framework packages reflect the actual laravel products (each have their own CPE)
+        ]]></notes>
+        <packageUrl regex="true">^pkg:composer/(?!laravel/framework@|laravel/laravel@).*$</packageUrl>
+        <cpe>cpe:/a:laravel:laravel</cpe>
+        <cpe>cpe:/a:laravel:framework</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        FP per #7984 - only the drupal/services package represents the drupal services project
+        ]]></notes>
+        <packageUrl regex="true">^pkg:composer/(?!drupal/services@).*$</packageUrl>
+        <cpe>cpe:/a:services_project:services</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        FP per #7984 - only the doctrine/orm package represents the core doctrine project
+        ]]></notes>
+        <packageUrl regex="true">^pkg:composer/(?!doctrine/orm@).*$</packageUrl>
+        <cpe>cpe:/a:doctrine-project:doctrine</cpe>
+    </suppress>
     <suppress base="true">
         <notes><![CDATA[
         FP per #2957