Replace path traversal hack with $REGISTRY_PATH and $REGISTRY_MODULE_PATH env vars (#287)

fproulx-boostsecurity · claude · web-flow · commit 2fbdb0219a4a · 2026-01-26T10:48:36.000-05:00
Co-authored-by: Claude Opus 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/scanners/boostsecurityio/boost-sca/module.yaml b/scanners/boostsecurityio/boost-sca/module.yaml
@@ -55,7 +55,7 @@ setup:
   - name: Utility scripts
     run: |
       mkdir -p $SETUP_PATH/pre-scan-checks/
-      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/trivy-fs/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
+      cp $REGISTRY_PATH/scanners/boostsecurityio/trivy-fs/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
   - name: download trivy
     environment:
       VERSION: 0.67.2
diff --git a/scanners/boostsecurityio/bundler-audit/module.yaml b/scanners/boostsecurityio/bundler-audit/module.yaml
@@ -11,7 +11,7 @@ setup:
   - name: Utility scripts
     run: |
       mkdir -p $SETUP_PATH/pre-scan-checks/
-      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/bundler-audit/prescan_checks.sh $SETUP_PATH/pre-scan-checks/bundler
+      cp $REGISTRY_MODULE_PATH/prescan_checks.sh $SETUP_PATH/pre-scan-checks/bundler
 
 config:
   support_diff_scan: true
diff --git a/scanners/boostsecurityio/gitleaks-full/module.yaml b/scanners/boostsecurityio/gitleaks-full/module.yaml
@@ -53,7 +53,7 @@ setup:
     chmod +x gitleaks
 - name: Copy Boost Gitleaks Rules
   run: |
-      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/gitleaks/boost.toml $SETUP_PATH/
+      cp $REGISTRY_PATH/scanners/boostsecurityio/gitleaks/boost.toml $SETUP_PATH/
 
 steps:
   - scan:
diff --git a/scanners/boostsecurityio/gitleaks/module.yaml b/scanners/boostsecurityio/gitleaks/module.yaml
@@ -52,7 +52,7 @@ setup:
     chmod +x gitleaks
 - name: Copy Boost Gitleaks Rules
   run: |
-      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/gitleaks/boost.toml $SETUP_PATH/
+      cp $REGISTRY_MODULE_PATH/boost.toml $SETUP_PATH/
 
 steps:
   - scan:
diff --git a/scanners/boostsecurityio/gosec/module.yaml b/scanners/boostsecurityio/gosec/module.yaml
@@ -16,7 +16,7 @@ setup:
   - name: Utility scripts
     run: |
       mkdir -p $SETUP_PATH/pre-scan-checks/
-      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/gosec/prescan_checks.sh $SETUP_PATH/pre-scan-checks/gosec
+      cp $REGISTRY_MODULE_PATH/prescan_checks.sh $SETUP_PATH/pre-scan-checks/gosec
 
 steps:
   - run: $SETUP_PATH/pre-scan-checks/gosec
diff --git a/scanners/boostsecurityio/npm-audit/module.yaml b/scanners/boostsecurityio/npm-audit/module.yaml
@@ -16,7 +16,7 @@ setup:
   - name: Utility scripts
     run: |
       mkdir -p $SETUP_PATH/pre-scan-checks/
-      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/npm-audit/prescan_checks.sh $SETUP_PATH/pre-scan-checks/npm-audit
+      cp $REGISTRY_MODULE_PATH/prescan_checks.sh $SETUP_PATH/pre-scan-checks/npm-audit
 
 steps:
   - run: $SETUP_PATH/pre-scan-checks/npm-audit
diff --git a/scanners/boostsecurityio/osv-scanner/module.yaml b/scanners/boostsecurityio/osv-scanner/module.yaml
@@ -56,7 +56,7 @@ setup:
   - name: Utility scripts
     run: |
       mkdir -p $SETUP_PATH/pre-scan-checks/
-      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/osv-scanner/prescan_checks.sh $SETUP_PATH/pre-scan-checks/osv-scanner
+      cp $REGISTRY_MODULE_PATH/prescan_checks.sh $SETUP_PATH/pre-scan-checks/osv-scanner
 
 steps:
 - run: $SETUP_PATH/pre-scan-checks/osv-scanner
diff --git a/scanners/boostsecurityio/osv-scanner/prescan_checks.sh b/scanners/boostsecurityio/osv-scanner/prescan_checks.sh
@@ -5,7 +5,7 @@ while IFS= read -r line; do
     then
         exit 0
     fi
-done < $SETUP_PATH/../../registry/scanners/boostsecurityio/osv-scanner/filelist.txt
+done < $REGISTRY_MODULE_PATH/filelist.txt
 >&2 echo "Scan misconfiguration:"
 >&2 echo "  OSV-Scanner scan did not run because no supported files were detected"
 >&2 echo "  See documentation list of supported file types: https://google.github.io/osv-scanner/supported-languages-and-lockfiles/"
diff --git a/scanners/boostsecurityio/trivy-fs/module.yaml b/scanners/boostsecurityio/trivy-fs/module.yaml
@@ -55,7 +55,7 @@ setup:
   - name: Utility scripts
     run: |
       mkdir -p $SETUP_PATH/pre-scan-checks/
-      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/trivy-fs/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
+      cp $REGISTRY_MODULE_PATH/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
   - name: download trivy
     environment:
       VERSION: 0.67.2
diff --git a/scanners/boostsecurityio/trivy-fs/prescan_checks.sh b/scanners/boostsecurityio/trivy-fs/prescan_checks.sh
@@ -5,7 +5,7 @@ if [ "$(find . -name "$line" | wc -l)" != "0" ]
 then
     exit 0
 fi
-done < $SETUP_PATH/../../registry/scanners/boostsecurityio/trivy-fs/filelist.txt
+done < $REGISTRY_PATH/scanners/boostsecurityio/trivy-fs/filelist.txt
 >&2 echo "Scan misconfiguration:"
 >&2 echo "  Trivy scan did not run because no supported files were detected"
 >&2 echo "  See documentation list of supported file types: https://trivy.dev/v0.61/docs/coverage/language/"
diff --git a/scanners/boostsecurityio/trivy-sbom/module.yaml b/scanners/boostsecurityio/trivy-sbom/module.yaml
@@ -53,7 +53,7 @@ setup:
   - name: Utility scripts
     run: |
       mkdir -p $SETUP_PATH/pre-scan-checks/
-      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/trivy-fs/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
+      cp $REGISTRY_PATH/scanners/boostsecurityio/trivy-fs/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
   - name: download trivy
     environment:
       VERSION: 0.67.2
diff --git a/scanners/boostsecurityio/trivy-sbom/tests.yaml b/scanners/boostsecurityio/trivy-sbom/tests.yaml
@@ -5,11 +5,6 @@ tests:
     source:
       url: "https://github.com/gitleaks/gitleaks.git"
       ref: "v8.15.2"
-  - name: "osv-scanner"
-    type: "source-code"
-    source:
-      url: "https://github.com/google/osv-scanner.git"
-      ref: "main"
   - name: "rclone"
     type: "source-code"
     source:
