fix: update location handling

Do not use find_product_location to set the location field in version_scanner.py as otherwise cve-bin-tool will try to find the location of the product on the host system (which is obviously wrong). Instead, set the location to be the file_path Fix #4396 Signed-off-by: Fabrice Fontaine <[email protected]>
intel · Feb 5, 2025 · 8022a03 · 8022a03
1 parent 3029cb0
commit 8022a03
Showing 1 changed file with 2 additions and 16 deletions.
diff --git a/cve_bin_tool/version_scanner.py b/cve_bin_tool/version_scanner.py
@@ -17,14 +17,7 @@
 from cve_bin_tool.log import LOGGER
 from cve_bin_tool.parsers.parse import available_parsers, parse, valid_files
 from cve_bin_tool.strings import parse_strings
-from cve_bin_tool.util import (
-    DirWalk,
-    ProductInfo,
-    ScanInfo,
-    find_product_location,
-    inpath,
-    validate_location,
-)
+from cve_bin_tool.util import DirWalk, ProductInfo, ScanInfo, inpath
 
 if sys.version_info >= (3, 10):
     from importlib import metadata as importlib_metadata
@@ -288,15 +281,8 @@ def run_checkers(self, filename: str, lines: str) -> Iterator[ScanInfo]:
                             f'{file_path} {result["is_or_contains"]} {dummy_checker_name} {version}'
                         )
                         for vendor, product in checker.VENDOR_PRODUCT:
-                            location = find_product_location(product)
-                            if location is None:
-                                location = "NotFound"
-                            if validate_location(location) is False:
-                                raise ValueError(
-                                    f"Invalid location {location} for {product}"
-                                )
                             yield ScanInfo(
-                                ProductInfo(vendor, product, version, location),
+                                ProductInfo(vendor, product, version, file_path),
                                 file_path,
                             )