Ensure references generated by the weak credential detector cannot contain spaces.

PiperOrigin-RevId: 831273342
Change-Id: I7c829676dbd16a422998deea08ec4b27ad9d40be

Author: tooryx

google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/GenericWeakCredentialDetector.java

@@ -216,7 +216,8 @@ private void addFindingForCredential(
   }
 
   private static String buildVulnerabilityId(NetworkService networkService) {
-    return "WEAK_CREDENTIALS_FOR_" + Ascii.toUpperCase(getServiceName(networkService));
+    var name = "WEAK_CREDENTIALS_FOR_" + Ascii.toUpperCase(getServiceName(networkService));
+    return name.replace(' ', '_');
   }
 
   private static String getServiceName(NetworkService networkService) {

google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/GenericWeakCredentialDetectorTest.java

@@ -152,7 +152,7 @@ public MockResponse dispatch(RecordedRequest request) throws InterruptedExceptio
             .setNetworkEndpoint(
                 forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
             .setTransportProtocol(TransportProtocol.TCP)
-            .setServiceName("wordpress")
+            .setServiceName("word press")
             .build();
     wpWebService =
         NetworkService.newBuilder()
@@ -164,7 +164,7 @@ public MockResponse dispatch(RecordedRequest request) throws InterruptedExceptio
                 ServiceContext.newBuilder()
                     .setWebServiceContext(
                         WebServiceContext.newBuilder()
-                            .setSoftware(Software.newBuilder().setName("wordpress").build())
+                            .setSoftware(Software.newBuilder().setName("word press").build())
                             .build())
                     .build())
             .build();
@@ -196,7 +196,7 @@ private DetectionReportList runDetectOnMockWebServer() {
                 .setNetworkEndpoint(
                     forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
                 .setTransportProtocol(TransportProtocol.TCP)
-                .setServiceName("wordpress")
+                .setServiceName("word press")
                 .build()));
   }
 
@@ -225,13 +225,13 @@ private DetectionReport.Builder generateDetectionReport(
                 .setMainId(
                     VulnerabilityId.newBuilder()
                         .setPublisher("GOOGLE")
-                        .setValue("WEAK_CREDENTIALS_FOR_WORDPRESS"))
+                        .setValue("WEAK_CREDENTIALS_FOR_WORD_PRESS"))
                 .setSeverity(Severity.CRITICAL)
-                .setTitle("Weak 'wordpress' service credential")
+                .setTitle("Weak 'word press' service credential")
                 .setCvssV3("7.5")
                 .setDescription(
                     String.format(
-                        "Well known or weak credentials are detected for 'wordpress' service on"
+                        "Well known or weak credentials are detected for 'word press' service on"
                             + " port '%s'.",
                         mockWebServer.getPort()))
                 .setRecommendation("Change the password of all affected users to a strong one.")