osv-scanner icon indicating copy to clipboard operation
osv-scanner copied to clipboard
verified publisher icon google

[WebKit vendored code] osv-scanner misidentifies gmock and gtest as valijson project

Open ddkilzer opened this issue 1 year ago • 2 comments

Summary:

osv-scanner misidentifies gmock and gtest as valijson project in the WebKit project while scanning for vendored code dependencies.

Steps to Reproduce:

  1. Check out WebKit (at commit https://github.com/WebKit/WebKit/commit/fda388552a877f757aa8216c8d116937fe8651f2):
    git clone https://github.com/WebKit/WebKit.git WebKit.git
  1. Run osv-scanner (at commit 85563d901bec48bbe8db1242f083c42d42353ace):
    go run ./cmd/osv-scanner/main.go -r WebKit.git/Source/ThirdParty

Expected Results:

osv-scanner identifies gmock and gtest as part of the googletest repo that combined both projects.

Actual Results:

osv-scanner misidentifies gmock and gtest as the valijson project at different commits.

There are two other partial copies of googletest that aren't identified as well.

Scanning dir WebKit.git/Source/ThirdParty
Scanning directory for vendored libs: WebKit.git/Source/ThirdParty
[...]
Scanning potential vendored dir: WebKit.git/Source/ThirdParty/gmock
Identified WebKit.git/Source/ThirdParty/gmock as https://github.com/tristanpenman/valijson at c5487c39eb900b97535f8b3a38a17af098c784e3.
Scanning potential vendored dir: WebKit.git/Source/Source/ThirdParty/gtest
Identified WebKit.git/Source/ThirdParty/gtest as https://github.com/tristanpenman/valijson at 2dfc7499a31b84edef71189f4247919268ebc74e.
[...]
Scanning potential vendored dir: WebKit.git/Source/ThirdParty/libwebrtc/Source/third_party/boringssl/src/third_party/googletest
[...]
Scanning potential vendored dir: WebKit.git/Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/third_party/googletest
[...]

ddkilzer avatar Feb 13 '24 17:02 ddkilzer

This issue has not had any activity for 60 days and will be automatically closed in two weeks

github-actions[bot] avatar Jul 19 '24 18:07 github-actions[bot]

Automatically closing stale issue

github-actions[bot] avatar Aug 02 '24 19:08 github-actions[bot]

This issue has not had any activity for 60 days and will be automatically closed in two weeks

See https://github.com/google/osv-scanner/blob/main/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.

github-actions[bot] avatar Oct 06 '24 06:10 github-actions[bot]

Automatically closing stale issue

github-actions[bot] avatar Oct 20 '24 06:10 github-actions[bot]