Description
Description
The --exclude parameter no longer works as expected in cve-bin-tool version 3.2 and above. Files and subdirectories under the excluded path are still scanned.
To reproduce
Steps to reproduce the behaviour:
- Prepare a test directory structure like:
sample/
└── vision/
└── abc.dll - Run the following command:
ve-bin-tool sample --exclude sample/vision - Observe that
sample/vision/abc.dllstill appears in the scan output.
Expected behaviour:
Files under sample/vision/ should be excluded from scanning.
Actual behaviour:
The file sample/vision/abc.dll is still scanned and reported.
Version/platform info
Version of CVE-bin-tool( e.g. output of cve-bin-tool --version):
❌ Bug observed in: 3.2, 3.3, 3.4
✅ Last working version: 3.1.2
Installed from pypi or github?
pip
Operating system: Linux/Windows (other platforms are unsupported but feel free to report issues anyhow)
- On Linux (or Windows Subsystem for Linux) you can run
uname -a - On Windows you can run
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name: Microsoft Windows 10 Enterprise
OS Version: 10.0.19045 N/A Build 19045
Python version (e.g. python3 --version):
Running in any particular CI environment we should know about? (e.g. Github Actions)
Python 3.11.9
Anything else?
This seems to be a regression introduced in version 3.2. The --exclude option used to work correctly in version 3.1.2, including recursive exclusion of subdirectories. Please help verify if recent changes to the file walker or path handling have caused this.