We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
osv-scanner misidentifies gmock and gtest as valijson project in the WebKit project while scanning for vendored code dependencies.
osv-scanner
gmock
gtest
valijson
git clone https://github.com/WebKit/WebKit.git WebKit.git
go run ./cmd/osv-scanner/main.go -r WebKit.git/Source/ThirdParty
osv-scanner identifies gmock and gtest as part of the googletest repo that combined both projects.
osv-scanner misidentifies gmock and gtest as the valijson project at different commits.
There are two other partial copies of googletest that aren't identified as well.
googletest
Scanning dir WebKit.git/Source/ThirdParty Scanning directory for vendored libs: WebKit.git/Source/ThirdParty [...] Scanning potential vendored dir: WebKit.git/Source/ThirdParty/gmock Identified WebKit.git/Source/ThirdParty/gmock as https://github.com/tristanpenman/valijson at c5487c39eb900b97535f8b3a38a17af098c784e3. Scanning potential vendored dir: WebKit.git/Source/Source/ThirdParty/gtest Identified WebKit.git/Source/ThirdParty/gtest as https://github.com/tristanpenman/valijson at 2dfc7499a31b84edef71189f4247919268ebc74e. [...] Scanning potential vendored dir: WebKit.git/Source/ThirdParty/libwebrtc/Source/third_party/boringssl/src/third_party/googletest [...] Scanning potential vendored dir: WebKit.git/Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/third_party/googletest [...]
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Summary:
osv-scanner
misidentifiesgmock
andgtest
asvalijson
project in the WebKit project while scanning for vendored code dependencies.Steps to Reproduce:
osv-scanner
(at commit 85563d9):Expected Results:
osv-scanner
identifiesgmock
andgtest
as part of the googletest repo that combined both projects.Actual Results:
osv-scanner
misidentifiesgmock
andgtest
as thevalijson
project at different commits.There are two other partial copies of
googletest
that aren't identified as well.The text was updated successfully, but these errors were encountered: