A PackageSearchNames function was added to the VulnerabilityProvider interface here. This function is due to the fact that Java (and maybe other) packages have names in the v6 database stored in the form: <group-id>:<package-name> and there needs to be some way to match this appropriately.

It is my feeling that what we should be doing is pushing as much to the matchers as possible, in order to make the matching process as clear as possible. One potential solution to this is to add a GroupName criteria, which the Java matcher knows about and adds to the FindVulnerabilities call, and the v6 VulnerabilityProvider knows, if there's a GroupName and a PackageName, it should concatenate these to form the correct string to search with. By forcing the matchers to concatenate these to form PackageNames, it is less flexible in the future if, for example, the group name is separated to its own column. By providing the criteria separately, it would allow the VP to do the right thing, respective to its data regardless of how it's stored.