fix: use real filenames in language parsers (#4204)

* fix: use real filenames insetad of placeholders in language parsers * test: new filename in test_python_package * fix: whitespace had too much whitespace. --------- Signed-off-by: Terri Oda <[email protected]>
intel · Jun 19, 2024 · 0140175 · 0140175
1 parent c794765
commit 0140175
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 9 deletions.
diff --git a/cve_bin_tool/parsers/__init__.py b/cve_bin_tool/parsers/__init__.py
@@ -1,10 +1,11 @@
 # Copyright (C) 2022 Intel Corporation
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+from __future__ import annotations
+
 import re
 import sqlite3
 from pathlib import Path
-from typing import List, Tuple
 
 from packageurl import PackageURL
 
@@ -73,7 +74,7 @@ def find_vendor(self, product, version):
             # To handle multiple vendors, return all combinations of product/vendor mappings
             for v in vendor_package_pair:
                 vendor = v["vendor"]
-                location = v.get("location", "/usr/local/bin/product")
+                location = v.get("location", self.filename)
                 self.logger.debug(f"{file_path} {product} {version} by {vendor}")
                 vendorlist.append(
                     ScanInfo(ProductInfo(vendor, product, version, location), file_path)
@@ -96,7 +97,7 @@ def generate_purl(self, product, vendor="", qualifier={}, subpath=None):
         )
         return purl
 
-    def find_vendor_from_purl(self, purl, ver) -> Tuple[List[ScanInfo], bool]:
+    def find_vendor_from_purl(self, purl, ver) -> tuple[list[ScanInfo], bool]:
         """
         Finds the vendor information for a given PackageURL (purl) and version from the database.
 
@@ -161,7 +162,7 @@ def db_open_and_get_cursor(self) -> sqlite3.Cursor:
             raise CVEDBError
         return cursor
 
-    def decode_cpe23(self, cpe23) -> Tuple[str, str, str]:
+    def decode_cpe23(self, cpe23) -> tuple[str, str, str]:
         """
         Decodes a CPE 2.3 formatted string to extract vendor, product, and version information.
 

diff --git a/cve_bin_tool/parsers/java.py b/cve_bin_tool/parsers/java.py
@@ -54,7 +54,7 @@ def find_vendor(self, product, version):
             for pair in vendor_package_pair:
                 vendor = pair["vendor"]
                 file_path = self.filename
-                location = pair.get("location", "/usr/local/bin/product")
+                location = pair.get("location", self.filename)
                 self.logger.debug(f"{file_path} {product} {version} by {vendor}")
                 info.append(
                     ScanInfo(ProductInfo(vendor, product, version, location), file_path)

diff --git a/cve_bin_tool/parsers/python.py b/cve_bin_tool/parsers/python.py
@@ -158,7 +158,7 @@ def run_checker(self, filename):
                 if vendor_package_pair != []:
                     for pair in vendor_package_pair:
                         vendor = pair["vendor"]
-                        location = pair.get("location", "/usr/local/bin/product")
+                        location = pair.get("location", self.filename)
                         file_path = self.filename
                         self.logger.debug(
                             f"{file_path} is {vendor}.{product} {version}"

diff --git a/test/test_language_scanner.py b/test/test_language_scanner.py
@@ -257,7 +257,7 @@ def test_python_package(self, filename: str) -> None:
         for product in scanner.scan_file(filename):
             if product:
                 product_info, file_path = product
-        assert product_info == ProductInfo(
-            "facebook", "zstandard", "0.18.0", "/usr/local/bin/product"
-        )
+                assert product_info == ProductInfo(
+                    "facebook", "zstandard", "0.18.0", filename
+                )
         assert file_path == filename