fix: update location handling

ffontaine · ffontaine · commit 0ef3fd3f3194 · 2025-02-05T17:19:44.000+01:00
Do not use find_product_location to set the location field in version_scanner.py as otherwise cve-bin-tool will try to find the location of the product on the host system (which is obviously wrong). Instead, set the location to be the file_path relative to the rootdir that was given to cve-bin-tool Fix #4396 Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
diff --git a/cve_bin_tool/cli.py b/cve_bin_tool/cli.py
@@ -1088,6 +1088,7 @@ def main(argv=None):
                 error_mode=error_mode,
                 validate=not args["disable_validation_check"],
                 sources=enabled_sources,
+                rootdir=args["directory"],
             )
             version_scanner.remove_skiplist(skips)
             LOGGER.info(f"Number of checkers: {version_scanner.number_of_checkers()}")
diff --git a/cve_bin_tool/version_scanner.py b/cve_bin_tool/version_scanner.py
@@ -17,14 +17,7 @@
 from cve_bin_tool.log import LOGGER
 from cve_bin_tool.parsers.parse import available_parsers, parse, valid_files
 from cve_bin_tool.strings import parse_strings
-from cve_bin_tool.util import (
-    DirWalk,
-    ProductInfo,
-    ScanInfo,
-    find_product_location,
-    inpath,
-    validate_location,
-)
+from cve_bin_tool.util import DirWalk, ProductInfo, ScanInfo, inpath
 
 if sys.version_info >= (3, 10):
     from importlib import metadata as importlib_metadata
@@ -51,6 +44,7 @@ def __init__(
         score: int = 0,
         validate: bool = True,
         sources=None,
+        rootdir=None,
     ):
         self.logger = logger or LOGGER.getChild(self.__class__.__name__)
         # Update egg if installed in development mode
@@ -77,6 +71,7 @@ def __init__(
         self.validate = validate
         # self.logger.info("Checkers loaded: %s" % (", ".join(self.checkers.keys())))
         self.language_checkers = self.available_language_checkers()
+        self.rootdir = rootdir
 
     @classmethod
     def load_checkers(cls) -> dict[str, type[Checker]]:
@@ -288,13 +283,9 @@ def run_checkers(self, filename: str, lines: str) -> Iterator[ScanInfo]:
                             f'{file_path} {result["is_or_contains"]} {dummy_checker_name} {version}'
                         )
                         for vendor, product in checker.VENDOR_PRODUCT:
-                            location = find_product_location(product)
-                            if location is None:
-                                location = "NotFound"
-                            if validate_location(location) is False:
-                                raise ValueError(
-                                    f"Invalid location {location} for {product}"
-                                )
+                            location = "/" + str(
+                                Path(file_path).relative_to(Path(self.rootdir))
+                            )
                             yield ScanInfo(
                                 ProductInfo(vendor, product, version, location),
                                 file_path,

Original file line number	Diff line number	Diff line change
`@@ -1088,6 +1088,7 @@ def main(argv=None):`
`1088`	`1088`	`error_mode=error_mode,`
`1089`	`1089`	`validate=not args["disable_validation_check"],`
`1090`	`1090`	`sources=enabled_sources,`
	`1091`	`+ rootdir=args["directory"],`
`1091`	`1092`	`)`
`1092`	`1093`	`version_scanner.remove_skiplist(skips)`
`1093`	`1094`	`LOGGER.info(f"Number of checkers: {version_scanner.number_of_checkers()}")`