fix(redhat): check usr/share/buildinfo/ dir to detect content sets (#…

…8222)

pkg/fanal/analyzer/buildinfo/content_manifest.go

@@ -10,12 +10,18 @@ import (
 
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
+	"github.com/aquasecurity/trivy/pkg/set"
 )
 
 func init() {
 	analyzer.RegisterAnalyzer(&contentManifestAnalyzer{})
 }
 
+var contentSetsDirs = set.New[string](
+	"root/buildinfo/content_manifests/",
+	"usr/share/buildinfo/", // for RHCOS
+)
+
 const contentManifestAnalyzerVersion = 1
 
 type contentManifest struct {
@@ -44,7 +50,7 @@ func (a contentManifestAnalyzer) Analyze(_ context.Context, target analyzer.Anal
 
 func (a contentManifestAnalyzer) Required(filePath string, _ os.FileInfo) bool {
 	dir, file := filepath.Split(filepath.ToSlash(filePath))
-	if dir != "root/buildinfo/content_manifests/" {
+	if !contentSetsDirs.Contains(dir) {
 		return false
 	}
 	return filepath.Ext(file) == ".json"

pkg/fanal/analyzer/buildinfo/content_manifest_test.go

@@ -73,12 +73,22 @@ func Test_contentManifestAnalyzer_Required(t *testing.T) {
 		want     bool
 	}{
 		{
-			name:     "happy path",
+			name:     "happy path root dir",
 			filePath: "root/buildinfo/content_manifests/nodejs-12-container-1-66.json",
 			want:     true,
 		},
 		{
-			name:     "sad path",
+			name:     "happy path usr dir",
+			filePath: "usr/share/buildinfo/nodejs-12-container-1-66.json",
+			want:     true,
+		},
+		{
+			name:     "sad path wrong dir",
+			filePath: "foo/bar/nodejs-12-container-1-66.json",
+			want:     false,
+		},
+		{
+			name:     "sad path wrong extension",
 			filePath: "root/buildinfo/content_manifests/nodejs-12-container-1-66.xml",
 			want:     false,
 		},