From 8022a037a9671df35a967b290cbed8fa94f4589a Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Wed, 5 Feb 2025 16:39:48 +0100 Subject: [PATCH] fix: update location handling Do not use find_product_location to set the location field in version_scanner.py as otherwise cve-bin-tool will try to find the location of the product on the host system (which is obviously wrong). Instead, set the location to be the file_path Fix #4396 Signed-off-by: Fabrice Fontaine --- cve_bin_tool/version_scanner.py | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/cve_bin_tool/version_scanner.py b/cve_bin_tool/version_scanner.py index 0768b39d57..2fd1982aef 100644 --- a/cve_bin_tool/version_scanner.py +++ b/cve_bin_tool/version_scanner.py @@ -17,14 +17,7 @@ from cve_bin_tool.log import LOGGER from cve_bin_tool.parsers.parse import available_parsers, parse, valid_files from cve_bin_tool.strings import parse_strings -from cve_bin_tool.util import ( - DirWalk, - ProductInfo, - ScanInfo, - find_product_location, - inpath, - validate_location, -) +from cve_bin_tool.util import DirWalk, ProductInfo, ScanInfo, inpath if sys.version_info >= (3, 10): from importlib import metadata as importlib_metadata @@ -288,15 +281,8 @@ def run_checkers(self, filename: str, lines: str) -> Iterator[ScanInfo]: f'{file_path} {result["is_or_contains"]} {dummy_checker_name} {version}' ) for vendor, product in checker.VENDOR_PRODUCT: - location = find_product_location(product) - if location is None: - location = "NotFound" - if validate_location(location) is False: - raise ValueError( - f"Invalid location {location} for {product}" - ) yield ScanInfo( - ProductInfo(vendor, product, version, location), + ProductInfo(vendor, product, version, file_path), file_path, )