fix: update location handling

Do not use find_product_location to set the location field in version_scanner.py as otherwise cve-bin-tool will try to find the location of the product on the host system (which is obviously wrong). Instead, set the location to be the file_path relative to the rootdir that was given to cve-bin-tool Fix #4396 Signed-off-by: Fabrice Fontaine <[email protected]>
intel · Feb 5, 2025 · 0ef3fd3 · 0ef3fd3
1 parent 3029cb0
commit 0ef3fd3
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 15 deletions.
diff --git a/cve_bin_tool/cli.py b/cve_bin_tool/cli.py
@@ -1088,6 +1088,7 @@ def main(argv=None):
                 error_mode=error_mode,
                 validate=not args["disable_validation_check"],
                 sources=enabled_sources,
+                rootdir=args["directory"],
             )
             version_scanner.remove_skiplist(skips)
             LOGGER.info(f"Number of checkers: {version_scanner.number_of_checkers()}")

diff --git a/cve_bin_tool/version_scanner.py b/cve_bin_tool/version_scanner.py
@@ -17,14 +17,7 @@
 from cve_bin_tool.log import LOGGER
 from cve_bin_tool.parsers.parse import available_parsers, parse, valid_files
 from cve_bin_tool.strings import parse_strings
-from cve_bin_tool.util import (
-    DirWalk,
-    ProductInfo,
-    ScanInfo,
-    find_product_location,
-    inpath,
-    validate_location,
-)
+from cve_bin_tool.util import DirWalk, ProductInfo, ScanInfo, inpath
 
 if sys.version_info >= (3, 10):
     from importlib import metadata as importlib_metadata
@@ -51,6 +44,7 @@ def __init__(
         score: int = 0,
         validate: bool = True,
         sources=None,
+        rootdir=None,
     ):
         self.logger = logger or LOGGER.getChild(self.__class__.__name__)
         # Update egg if installed in development mode
@@ -77,6 +71,7 @@ def __init__(
         self.validate = validate
         # self.logger.info("Checkers loaded: %s" % (", ".join(self.checkers.keys())))
         self.language_checkers = self.available_language_checkers()
+        self.rootdir = rootdir
 
     @classmethod
     def load_checkers(cls) -> dict[str, type[Checker]]:
@@ -288,13 +283,9 @@ def run_checkers(self, filename: str, lines: str) -> Iterator[ScanInfo]:
                             f'{file_path} {result["is_or_contains"]} {dummy_checker_name} {version}'
                         )
                         for vendor, product in checker.VENDOR_PRODUCT:
-                            location = find_product_location(product)
-                            if location is None:
-                                location = "NotFound"
-                            if validate_location(location) is False:
-                                raise ValueError(
-                                    f"Invalid location {location} for {product}"
-                                )
+                            location = "/" + str(
+                                Path(file_path).relative_to(Path(self.rootdir))
+                            )
                             yield ScanInfo(
                                 ProductInfo(vendor, product, version, location),
                                 file_path,