[WebKit vendored code] osv-scanner misidentifies gmock and gtest as valijson project

[ddkilzer]

Summary:

osv-scanner misidentifies gmock and gtest as valijson project in the WebKit project while scanning for vendored code dependencies.

Steps to Reproduce:

1. Check out WebKit (at commit WebKit/WebKit@fda3885):

    git clone https://github.com/WebKit/WebKit.git WebKit.git

2. Run osv-scanner (at commit 85563d9):

    go run ./cmd/osv-scanner/main.go -r WebKit.git/Source/ThirdParty

Expected Results:

osv-scanner identifies gmock and gtest as part of the googletest repo that combined both projects.

Actual Results:

osv-scanner misidentifies gmock and gtest as the valijson project at different commits.

There are two other partial copies of googletest that aren't identified as well.

Scanning dir WebKit.git/Source/ThirdParty
Scanning directory for vendored libs: WebKit.git/Source/ThirdParty
[...]
Scanning potential vendored dir: WebKit.git/Source/ThirdParty/gmock
Identified WebKit.git/Source/ThirdParty/gmock as https://github.com/tristanpenman/valijson at c5487c39eb900b97535f8b3a38a17af098c784e3.
Scanning potential vendored dir: WebKit.git/Source/Source/ThirdParty/gtest
Identified WebKit.git/Source/ThirdParty/gtest as https://github.com/tristanpenman/valijson at 2dfc7499a31b84edef71189f4247919268ebc74e.
[...]
Scanning potential vendored dir: WebKit.git/Source/ThirdParty/libwebrtc/Source/third_party/boringssl/src/third_party/googletest
[...]
Scanning potential vendored dir: WebKit.git/Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/third_party/googletest
[...]