Applicability scanner scans the venv parent dir

jfrog · Sep 21, 2023 · 19bc6b3 · 19bc6b3
1 parent 793e1d8
commit 19bc6b3
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 8 deletions.
diff --git a/src/main/treeDataProviders/issuesTree/descriptorTree/dependencyIssuesTreeNode.ts b/src/main/treeDataProviders/issuesTree/descriptorTree/dependencyIssuesTreeNode.ts
@@ -24,7 +24,7 @@ export class DependencyIssuesTreeNode extends vscode.TreeItem {
 
         this._name = component.package_name;
         this._version = component.package_version;
-        this._type = _parent.type
+        this._type = _parent.type;
         this.description = this._version + (_indirect ? ' (indirect)' : '');
         this.contextValue += ContextKeys.COPY_TO_CLIPBOARD_ENABLED;
     }

diff --git a/src/main/treeDataProviders/utils/analyzerUtils.ts b/src/main/treeDataProviders/utils/analyzerUtils.ts
@@ -287,20 +287,30 @@ export class AnalyzerUtils {
         for (let [fileScanBundle, cvesToScan] of filteredBundles) {
             let descriptorIssues: DependencyScanResults = <DependencyScanResults>fileScanBundle.data;
             // Map information to similar directory space
-            let spacePath: string = path.dirname(descriptorIssues.fullPath);
-            if (fileScanBundle instanceof EnvironmentTreeNode) {
-                spacePath = descriptorIssues.fullPath;
+            let workspacePath: string = AnalyzerUtils.getWorkspacePath(fileScanBundle.dataNode, descriptorIssues.fullPath);
+            if (!workspaceToScanBundles.has(workspacePath)) {
+                workspaceToScanBundles.set(workspacePath, new Map<FileScanBundle, Set<string>>());
             }
-            if (!workspaceToScanBundles.has(spacePath)) {
-                workspaceToScanBundles.set(spacePath, new Map<FileScanBundle, Set<string>>());
-            }
-            workspaceToScanBundles.get(spacePath)?.set(fileScanBundle, cvesToScan);
+            workspaceToScanBundles.get(workspacePath)?.set(fileScanBundle, cvesToScan);
             logManager.logMessage('Adding data from descriptor ' + descriptorIssues.fullPath + ' for cve applicability scan', 'INFO');
         }
 
         return workspaceToScanBundles;
     }
 
+    /**
+     * Retrieve the workspace path, whether it's a file or an environment.
+     * @param fileScanBundle - The data node for file tree, usually DescriptorTreeNode or EnvironmentTreeNode
+     * @param fullWorkspacePath - Full path to the scanning directory or file
+     * @returns the path to the workspace directory
+     */
+    private static getWorkspacePath(fileScanBundle: FileTreeNode | undefined, fullWorkspacePath: string): string {
+        if (fileScanBundle instanceof EnvironmentTreeNode) {
+            return fullWorkspacePath;
+        }
+        return path.dirname(fullWorkspacePath);
+    }
+
     /**
      * Transfer and populate information from a given applicable scan to each bundle
      * @param applicableIssues - full scan response with information relevant to all the bundles