Skip to content

fix: drop location handling #4822

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 20, 2025
Merged

fix: drop location handling #4822

merged 1 commit into from
Feb 20, 2025

Conversation

ffontaine
Copy link
Contributor

Drop find_product_location as it tries to find the location of the product on the system parsing the SBOM which obviously doesn't make sense

While at it, drop location totally from ProductInfo. Indeed, currently only the first location of the product is saved in the SBOM. Instead of using this location field, set the evidence to be the list of paths saved in all_cve_data. This will avoid to duplicate information.

__identity_members, __eq__ and __hash__, which were added by commit f1d3c75 to handle location, are kept to still handle the optional purl parameter and avoid breaking test_product_info_{equality,hashing} tests.

Fix #4676

@ffontaine ffontaine force-pushed the drop-find_product_location branch from 980ea99 to 2d78947 Compare February 14, 2025 18:13
@ffontaine ffontaine changed the title fix: rework location handling fix: drop location handling Feb 14, 2025
@ffontaine ffontaine force-pushed the drop-find_product_location branch 5 times, most recently from 05bb229 to ee399fa Compare February 14, 2025 20:50
@ffontaine
fix: drop location handling
e56e94c 
Drop find_product_location as it tries to find the location of the
product on the system parsing the SBOM which obviously doesn't make
sense

While at it, drop location totally from ProductInfo. Indeed, currently
only the first location of the product is saved in the SBOM. Instead of
using this location field, set the evidence to be the list of paths
saved in all_cve_data. This will avoid to duplicate information.

__identity_members, __eq__ and __hash__, which were added by commit
f1d3c75 to handle location, are kept to
still handle the optional purl parameter and avoid breaking
test_product_info_{equality,hashing} tests.

Fix intel#4676

Signed-off-by: Fabrice Fontaine <[email protected]>
@ffontaine ffontaine force-pushed the drop-find_product_location branch from ee399fa to e56e94c Compare February 14, 2025 21:03
terriko
terriko approved these changes Feb 20, 2025
View reviewed changes
Copy link
Contributor

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! I think we may want to sometimes set the sbom/component list file as the location explicitly, but we can figure that out later.

@terriko terriko merged commit 96ff61b into intel:main Feb 20, 2025
23 of 24 checks passed
@ffontaine ffontaine deleted the drop-find_product_location branch February 21, 2025 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@terriko terriko terriko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: [bug description] Location field for component when scanning a SBOM maybe inaccurate
2 participants
@ffontaine @terriko