Add comprehensive tests for Go and Python version conflict detection and licensing normalization

- Implemented GoVersionConflictDetectorTests to validate pseudo-version detection, conflict analysis, and conflict retrieval for Go modules. - Created VersionConflictDetectorTests for Python to assess conflict detection across various version scenarios, including major, minor, and patch differences. - Added SpdxLicenseNormalizerTests to ensure accurate normalization of SPDX license strings and classifiers. - Developed VendoredPackageDetectorTests to identify vendored packages and extract embedded packages from Python packages, including handling of vendor directories and known vendored packages.
2025-12-07 01:51:37 +02:00
parent 98934170ca
commit e0f6efecce
66 changed files with 7591 additions and 451 deletions
--- a/src/Scanner/StellaOps.Scanner.Analyzers.Native/PeImportParser.cs
+++ b/src/Scanner/StellaOps.Scanner.Analyzers.Native/PeImportParser.cs
@@ -80,7 +80,7 @@ public static class PeImportParser

            if (importRva > 0 && importSize > 0)
            {
-                dependencies = ParseImportDirectory(span, importRva, sections, "pe-import");
+                dependencies = ParseImportDirectory(span, importRva, sections, "pe-import", is64Bit);
            }
        }

@@ -198,7 +198,7 @@ public static class PeImportParser
    }

    private static List<PeDeclaredDependency> ParseImportDirectory(
-        ReadOnlySpan<byte> span, uint importRva, List<SectionInfo> sections, string reasonCode)
+        ReadOnlySpan<byte> span, uint importRva, List<SectionInfo> sections, string reasonCode, bool is64Bit)
    {
        var dependencies = new List<PeDeclaredDependency>();
        var seen = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
@@ -231,7 +231,7 @@ public static class PeImportParser
                if (!string.IsNullOrEmpty(dllName) && seen.Add(dllName))
                {
                    // Parse imported function names (optional, for detailed analysis)
-                    var functions = ParseImportedFunctions(span, originalFirstThunk, sections, is64Bit: false);
+                    var functions = ParseImportedFunctions(span, originalFirstThunk, sections, is64Bit);
                    dependencies.Add(new PeDeclaredDependency(dllName, reasonCode, functions));
                }
            }
@@ -416,7 +416,7 @@ public static class PeImportParser
                if ((offsetOrData & 0x80000000) != 0)
                {
                    var subDirOffset = resourceOffset + (int)(offsetOrData & 0x7FFFFFFF);
-                    return FindFirstResourceData(span, subDirOffset, resourceOffset);
+                    return FindFirstResourceData(span, subDirOffset, resourceOffset, sections);
                }
            }

@@ -426,7 +426,7 @@ public static class PeImportParser
        return null;
    }

-    private static byte[]? FindFirstResourceData(ReadOnlySpan<byte> span, int dirOffset, int resourceBase)
+    private static byte[]? FindFirstResourceData(ReadOnlySpan<byte> span, int dirOffset, int resourceBase, List<SectionInfo> sections)
    {
        if (dirOffset + 16 > span.Length)
        {
@@ -446,31 +446,23 @@ public static class PeImportParser
            {
                // Another subdirectory (language level)
                var langDirOffset = resourceBase + (int)(offsetOrData & 0x7FFFFFFF);
-                return FindFirstResourceData(span, langDirOffset, resourceBase);
+                return FindFirstResourceData(span, langDirOffset, resourceBase, sections);
            }
            else
            {
-                // Data entry
+                // Data entry - IMAGE_RESOURCE_DATA_ENTRY structure
                var dataEntryOffset = resourceBase + (int)offsetOrData;
                if (dataEntryOffset + 16 <= span.Length)
                {
                    var dataRva = BinaryPrimitives.ReadUInt32LittleEndian(span.Slice(dataEntryOffset, 4));
                    var dataSize = BinaryPrimitives.ReadUInt32LittleEndian(span.Slice(dataEntryOffset + 4, 4));

-                    // For resources, the RVA is relative to the image base, but we need the file offset
-                    // Resource data RVA is typically within the .rsrc section
-                    var dataOffset = dataEntryOffset - resourceBase + (int)dataRva - (int)dataRva;
-
-                    // Actually, we need to convert the RVA properly
-                    // Find which section contains this RVA
-                    foreach (var section in ParseSectionHeaders(span, 0, 0))
+                    // Convert RVA to file offset using section headers
+                    var dataOffset = RvaToFileOffset(dataRva, sections);
+                    if (dataOffset >= 0 && dataSize > 0 && dataOffset + dataSize <= span.Length)
                    {
-                        // This approach won't work without sections, let's use a simpler heuristic
+                        return span.Slice(dataOffset, (int)dataSize).ToArray();
                    }
-
-                    // Simple heuristic: data is often right after the directory in .rsrc section
-                    // For embedded manifests, just search for "<?xml" or "<assembly"
-                    return SearchForManifestXml(span);
                }
            }
        }