From 014017522860a38a30d071d42a6bd6b22def94b3 Mon Sep 17 00:00:00 2001 From: Terri Oda Date: Wed, 19 Jun 2024 12:11:40 -0400 Subject: [PATCH] fix: use real filenames in language parsers (#4204) * fix: use real filenames insetad of placeholders in language parsers * test: new filename in test_python_package * fix: whitespace had too much whitespace. --------- Signed-off-by: Terri Oda --- cve_bin_tool/parsers/__init__.py | 9 +++++---- cve_bin_tool/parsers/java.py | 2 +- cve_bin_tool/parsers/python.py | 2 +- test/test_language_scanner.py | 6 +++--- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/cve_bin_tool/parsers/__init__.py b/cve_bin_tool/parsers/__init__.py index 88cb7332d5..4823e52448 100644 --- a/cve_bin_tool/parsers/__init__.py +++ b/cve_bin_tool/parsers/__init__.py @@ -1,10 +1,11 @@ # Copyright (C) 2022 Intel Corporation # SPDX-License-Identifier: GPL-3.0-or-later +from __future__ import annotations + import re import sqlite3 from pathlib import Path -from typing import List, Tuple from packageurl import PackageURL @@ -73,7 +74,7 @@ def find_vendor(self, product, version): # To handle multiple vendors, return all combinations of product/vendor mappings for v in vendor_package_pair: vendor = v["vendor"] - location = v.get("location", "/usr/local/bin/product") + location = v.get("location", self.filename) self.logger.debug(f"{file_path} {product} {version} by {vendor}") vendorlist.append( ScanInfo(ProductInfo(vendor, product, version, location), file_path) @@ -96,7 +97,7 @@ def generate_purl(self, product, vendor="", qualifier={}, subpath=None): ) return purl - def find_vendor_from_purl(self, purl, ver) -> Tuple[List[ScanInfo], bool]: + def find_vendor_from_purl(self, purl, ver) -> tuple[list[ScanInfo], bool]: """ Finds the vendor information for a given PackageURL (purl) and version from the database. @@ -161,7 +162,7 @@ def db_open_and_get_cursor(self) -> sqlite3.Cursor: raise CVEDBError return cursor - def decode_cpe23(self, cpe23) -> Tuple[str, str, str]: + def decode_cpe23(self, cpe23) -> tuple[str, str, str]: """ Decodes a CPE 2.3 formatted string to extract vendor, product, and version information. diff --git a/cve_bin_tool/parsers/java.py b/cve_bin_tool/parsers/java.py index 81ab59ea15..0b792fcce1 100644 --- a/cve_bin_tool/parsers/java.py +++ b/cve_bin_tool/parsers/java.py @@ -54,7 +54,7 @@ def find_vendor(self, product, version): for pair in vendor_package_pair: vendor = pair["vendor"] file_path = self.filename - location = pair.get("location", "/usr/local/bin/product") + location = pair.get("location", self.filename) self.logger.debug(f"{file_path} {product} {version} by {vendor}") info.append( ScanInfo(ProductInfo(vendor, product, version, location), file_path) diff --git a/cve_bin_tool/parsers/python.py b/cve_bin_tool/parsers/python.py index a403389bc7..eec04e18be 100644 --- a/cve_bin_tool/parsers/python.py +++ b/cve_bin_tool/parsers/python.py @@ -158,7 +158,7 @@ def run_checker(self, filename): if vendor_package_pair != []: for pair in vendor_package_pair: vendor = pair["vendor"] - location = pair.get("location", "/usr/local/bin/product") + location = pair.get("location", self.filename) file_path = self.filename self.logger.debug( f"{file_path} is {vendor}.{product} {version}" diff --git a/test/test_language_scanner.py b/test/test_language_scanner.py index b1ce977f48..c93f80cba7 100644 --- a/test/test_language_scanner.py +++ b/test/test_language_scanner.py @@ -257,7 +257,7 @@ def test_python_package(self, filename: str) -> None: for product in scanner.scan_file(filename): if product: product_info, file_path = product - assert product_info == ProductInfo( - "facebook", "zstandard", "0.18.0", "/usr/local/bin/product" - ) + assert product_info == ProductInfo( + "facebook", "zstandard", "0.18.0", filename + ) assert file_path == filename