Skip to content

Fix --exclude parameter issue by restoring logic from v3.1.2 #5162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix --exclude parameter issue by restoring logic from v3.1.2 #5162

wants to merge 1 commit into from

Conversation

alex-cheng-techman
Copy link

Summary

This PR fixes a regression where the --exclude parameter became ineffective starting from version 3.2. The issue was due to a change in the way directory paths were constructed in util.py during recursive scanning.

By restoring the use of os.path.join(...) instead of Path(...)/..., folder name patterns passed via --exclude now match correctly against directory paths.

Changes

  • Replaced str(Path(...)/dirname) with os.path.join(...) in walk() method in cve_bin_tool/util.py
  • This aligns the path string format with what self.folder_exclude_pattern expects
  • Resolves mismatch that broke pattern filtering during directory scan

Root Cause

  • Path(...) / dirname produces a Path object, and str() creates a platform-dependent string (e.g., PosixPath or WindowsPath).
  • When comparing with --exclude regex patterns (typically slash-based), these values failed to match.
  • os.path.join(...) restores the correct string structure for filtering.

Affected Version(s)

  • Regression introduced in v3.2
  • Present through v3.4.1rc0

@alex-cheng-techman alex-cheng-techman mentioned this pull request Jun 20, 2025
Open
@ffontaine
Copy link
Contributor

Thanks for this PR, however it only partially reverts commit d964a2f.

For example,

cve-bin-tool/cve_bin_tool/util.py

Line 529 in 1c9c88f

str(Path(dirpath) / filename),
is not updated.

Moreover, it should be noted that using pathlib instead of os.path was an explicit request from @terriko: #1983

@alex-cheng-techman
Copy link
Author

Thanks for the feedback.

You're absolutely right that this change only partially reverts d964a2f, and intentionally so. This PR is meant as a minimal, scoped fix to restore --exclude functionality for directories only, which has been broken since v3.2.

I understand that the migration to pathlib was intentional (as noted in #1983), and I’ve tried to avoid reverting the broader change. Instead, this PR restores the relevant behavior to make the folder exclusion work again, while still retaining pathlib for file-level paths.

Of course, if a more complete fix is in progress that preserves pathlib and resolves the --exclude regression, I'm happy to close this PR in favor of that.

But in the meantime, I believe this patch offers a working interim solution to unblock users who rely on --exclude.

Let me know if you'd prefer I revise it to conform to the pathlib usage throughout.

@ffontaine
Copy link
Contributor

Thanks a lot for your detailled answer.
I approved the workflows to run and I'll let @terriko decide if this PR can be accepted.
If it is accepted, I would advocate to update the commit log to explain why this change was needed. This would avoid that someone breaks again exclude behavior on Windows. Perhaps a test could also be added to avoid that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alex-cheng-techman @ffontaine