fix: address MaineK00n review feedback

- Rename golden files: .golden.json → .json (redundant under testdata/golden/)
- Use cmp.Or for sort comparators in normalizeResult
- Switch on langType in parseBinary to isolate sentinel errors per language
- Wrap parseExecutableBinary errors with language name, symmetrize structure
- Simplify dispatch.go: inline filepath.Base in switch, use slices.Contains
- Extract base-runner.go from compare-lockfile.go via //go:embed

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: claude

scanner/analyze_golden_test.go

@@ -95,7 +95,7 @@ var lockfiles = []lockfileEntry{
 // e.g. "npm-v3/package-lock.json" -> "npm-v3_package-lock.json"
 // Uses filepath.ToSlash to normalize path separators across platforms.
 func goldenFileName(lockfilePath string) string {
-	return strings.ReplaceAll(filepath.ToSlash(lockfilePath), "/", "_") + ".golden.json"
+	return strings.ReplaceAll(filepath.ToSlash(lockfilePath), "/", "_") + ".json"
 }
 
 func TestAnalyzeLibrary_Golden(t *testing.T) {
@@ -199,7 +199,7 @@ func TestAnalyzeLibrary_PomOnline(t *testing.T) {
 		t.Fatalf("Failed to marshal result: %v", err)
 	}
 
-	goldenPath := filepath.Join(goldenDir, "pom.xml.online.golden.json")
+	goldenPath := filepath.Join(goldenDir, "pom.xml.online.json")
 
 	if *update {
 		if err := os.MkdirAll(goldenDir, 0755); err != nil {
@@ -223,7 +223,7 @@ func TestAnalyzeLibrary_PomOnline(t *testing.T) {
 	}
 
 	// Online mode should resolve transitive dependencies, producing more results than offline.
-	offlineGoldenPath := filepath.Join(goldenDir, "pom.xml.golden.json")
+	offlineGoldenPath := filepath.Join(goldenDir, "pom.xml.json")
 	offlineJSON, err := os.ReadFile(offlineGoldenPath)
 	if err != nil {
 		t.Logf("Offline golden file not found, skipping comparison: %s", offlineGoldenPath)
@@ -268,13 +268,6 @@ type goldenLibrary struct {
 	Dev      bool   `json:"dev,omitempty"`
 }
 
-func boolToInt(b bool) int {
-	if b {
-		return 1
-	}
-	return 0
-}
-
 func normalizeResult(scanners []models.LibraryScanner) []goldenLibraryScanner {
 	result := make([]goldenLibraryScanner, 0, len(scanners))
 	for _, s := range scanners {
@@ -294,30 +287,31 @@ func normalizeResult(scanners []models.LibraryScanner) []goldenLibraryScanner {
 			})
 		}
 		slices.SortFunc(gs.Libs, func(a, b goldenLibrary) int {
-			if c := cmp.Compare(a.Name, b.Name); c != 0 {
-				return c
-			}
-			if c := cmp.Compare(a.Version, b.Version); c != 0 {
-				return c
-			}
-			if c := cmp.Compare(a.PURL, b.PURL); c != 0 {
-				return c
-			}
-			if c := cmp.Compare(a.FilePath, b.FilePath); c != 0 {
-				return c
-			}
-			if c := cmp.Compare(a.Digest, b.Digest); c != 0 {
-				return c
-			}
-			return cmp.Compare(boolToInt(a.Dev), boolToInt(b.Dev))
+			return cmp.Or(
+				cmp.Compare(a.Name, b.Name),
+				cmp.Compare(a.Version, b.Version),
+				cmp.Compare(a.PURL, b.PURL),
+				cmp.Compare(a.FilePath, b.FilePath),
+				cmp.Compare(a.Digest, b.Digest),
+				func() int {
+					switch {
+					case !a.Dev && b.Dev:
+						return -1
+					case a.Dev && !b.Dev:
+						return +1
+					default:
+						return 0
+					}
+				}(),
+			)
 		})
 		result = append(result, gs)
 	}
 	slices.SortFunc(result, func(a, b goldenLibraryScanner) int {
-		if c := cmp.Compare(a.Type, b.Type); c != 0 {
-			return c
-		}
-		return cmp.Compare(a.LockfilePath, b.LockfilePath)
+		return cmp.Or(
+			cmp.Compare(a.Type, b.Type),
+			cmp.Compare(a.LockfilePath, b.LockfilePath),
+		)
 	})
 	return result
 }

scanner/base.go

@@ -871,13 +871,22 @@ func parseLockfile(ctx context.Context, langType ftypes.LangType, filePath strin
 func parseBinary(ctx context.Context, langType ftypes.LangType, filePath string, r xio.ReadSeekerAt, parser lockfileParser) (*ftypes.Application, error) {
 	pkgs, _, err := parser.Parse(ctx, r)
 	if err != nil {
-		// Go binary parser: ErrUnrecognizedExe, ErrNonGoBinary
-		// Rust binary parser: ErrUnrecognizedExe, ErrNonRustBinary
-		if errors.Is(err, gobinary.ErrUnrecognizedExe) || errors.Is(err, gobinary.ErrNonGoBinary) ||
-			errors.Is(err, rustbinary.ErrUnrecognizedExe) || errors.Is(err, rustbinary.ErrNonRustBinary) {
-			return nil, nil
+		switch langType {
+		case ftypes.GoBinary:
+			// Go binary parser: ErrUnrecognizedExe, ErrNonGoBinary
+			if errors.Is(err, gobinary.ErrUnrecognizedExe) || errors.Is(err, gobinary.ErrNonGoBinary) {
+				return nil, nil
+			}
+			return nil, xerrors.Errorf("parse error: %w", err)
+		case ftypes.RustBinary:
+			// Rust binary parser: ErrUnrecognizedExe, ErrNonRustBinary
+			if errors.Is(err, rustbinary.ErrUnrecognizedExe) || errors.Is(err, rustbinary.ErrNonRustBinary) {
+				return nil, nil
+			}
+			return nil, xerrors.Errorf("parse error: %w", err)
+		default:
+			return nil, xerrors.Errorf("unexpected language type for binary parser. expected: %q, actual: %q", []ftypes.LangType{ftypes.GoBinary, ftypes.RustBinary}, langType)
 		}
-		return nil, xerrors.Errorf("parse error: %w", err)
 	}
 	if len(pkgs) == 0 {
 		return nil, nil
@@ -895,7 +904,7 @@ func parseExecutableBinary(ctx context.Context, filePath string, r xio.ReadSeeke
 	// Try Go binary first
 	app, err := parseBinary(ctx, ftypes.GoBinary, filePath, r, gobinary.NewParser())
 	if err != nil {
-		return nil, err
+		return nil, xerrors.Errorf("Failed to parse Go binary: %w", err)
 	}
 	if app != nil {
 		return app, nil
@@ -905,7 +914,16 @@ func parseExecutableBinary(ctx context.Context, filePath string, r xio.ReadSeeke
 	if _, err := r.Seek(0, io.SeekStart); err != nil {
 		return nil, xerrors.Errorf("seek error: %w", err)
 	}
-	return parseBinary(ctx, ftypes.RustBinary, filePath, r, rustbinary.NewParser())
+
+	app, err = parseBinary(ctx, ftypes.RustBinary, filePath, r, rustbinary.NewParser())
+	if err != nil {
+		return nil, xerrors.Errorf("Failed to parse Rust binary: %w", err)
+	}
+	if app != nil {
+		return app, nil
+	}
+
+	return nil, nil
 }
 
 // parseYarn handles yarn.lock which has a different parser signature (4 return values including licenses).

scanner/dispatch.go

@@ -3,6 +3,7 @@ package scanner
 import (
 	"os"
 	"path/filepath"
+	"slices"
 	"strings"
 
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
@@ -45,10 +46,8 @@ const (
 // detectParserType determines which parser should handle a given file,
 // replicating the logic of each Trivy fanal analyzer's Required() method.
 func detectParserType(filePath string, filemode os.FileMode) parserType {
-	fileName := filepath.Base(filePath)
-
 	// Exact filename matches (most common case)
-	switch fileName {
+	switch filepath.Base(filePath) {
 	// Node.js
 	case ftypes.NpmPkgLock: // package-lock.json
 		if containsDir(filePath, "node_modules") {
@@ -159,12 +158,7 @@ func detectParserType(filePath string, filemode os.FileMode) parserType {
 
 // containsDir checks if a filepath contains a specific directory component.
 func containsDir(filePath, dir string) bool {
-	for _, part := range strings.Split(filepath.ToSlash(filePath), "/") {
-		if part == dir {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(strings.Split(filepath.ToSlash(filePath), "/"), dir)
 }
 
 // isExecutable checks if the file is an executable binary.