done for booth bugs

Author: cx-dmitri-rivin

internal/commands/scan.go

@@ -2268,7 +2268,7 @@ func definePathForZipFileOrDirectory(cmd *cobra.Command) (zipFile, sourceDir str
 	return zipFile, sourceDir, err
 }
 
-// enforceLocalResolutionForTarFiles checks if any container image is a tar file
+// enforceLocalResolutionForTarFiles checks if any container image is a tar file or oci-dir
 // and enforces local resolution by setting the --containers-local-resolution flag.
 // Container-security scan-type related function.
 func enforceLocalResolutionForTarFiles(cmd *cobra.Command) error {
@@ -2289,7 +2289,7 @@ func enforceLocalResolutionForTarFiles(cmd *cobra.Command) error {
 
 	// Parse container images list
 	containerImagesList := strings.Split(strings.TrimSpace(containerImagesFlag), ",")
-	hasTarFile := false
+	needsLocalResolution := false
 
 	for _, containerImageName := range containerImagesList {
 		// Normalize input: trim spaces and quotes
@@ -2303,15 +2303,21 @@ func enforceLocalResolutionForTarFiles(cmd *cobra.Command) error {
 
 		// Check if this is a tar file by checking if it contains a tar file reference
 		if isTarFileReference(containerImageName) {
-			hasTarFile = true
+			needsLocalResolution = true
+			break
+		}
+
+		// Check if this is an oci-dir reference - these also require local resolution
+		if strings.HasPrefix(containerImageName, ociDirPrefix) {
+			needsLocalResolution = true
 			break
 		}
 	}
 
-	// If at least one tar file is found, enforce local resolution
-	if hasTarFile {
-		logger.PrintIfVerbose("Detected tar file(s) in --container-images flag")
-		fmt.Println("Warning: Tar file(s) detected in --container-images. Automatically enabling --containers-local-resolution flag.")
+	// If at least one tar file or oci-dir is found, enforce local resolution
+	if needsLocalResolution {
+		logger.PrintIfVerbose("Detected tar file(s) or oci-dir in --container-images flag")
+		fmt.Println("Warning: Tar file(s) or oci-dir detected in --container-images. Automatically enabling --containers-local-resolution flag.")
 
 		// Set the flag to true
 		err := cmd.Flags().Set(commonParams.ContainerResolveLocallyFlag, "true")
@@ -3828,13 +3834,19 @@ func validateOCIDirPrefix(imageRef string) error {
 	// 3. Can have optional :tag suffix
 
 	pathToCheck := imageRef
-	if strings.Contains(imageRef, ":") {
+
+	// Handle Windows absolute paths (e.g., C:\path\to\dir) before splitting on colons
+	// Windows paths have a drive letter followed by colon and path separator
+	if !isWindowsAbsolutePath(imageRef) && strings.Contains(imageRef, ":") {
 		// Handle case like "oci-dir:/path/to/dir:tag" or "oci-dir:name.tar:tag"
+		// For Unix paths, we can safely split on colon to extract the tag
 		pathParts := strings.Split(imageRef, ":")
 		if len(pathParts) > 0 && pathParts[0] != "" {
 			pathToCheck = pathParts[0]
 		}
 	}
+	// For Windows absolute paths, use the entire imageRef as pathToCheck
+	// since the colon is part of the drive letter (e.g., C:\path\to\dir)
 
 	exists, err := osinstaller.FileExists(pathToCheck)
 	if err != nil {

internal/commands/scan_test.go

@@ -4515,7 +4515,7 @@ func TestIsTarFileReference(t *testing.T) {
 	}
 }
 
-// TestEnforceLocalResolutionForTarFiles tests the automatic enforcement of local resolution when tar files are detected.
+// TestEnforceLocalResolutionForTarFiles tests the automatic enforcement of local resolution when tar files or oci-dir are detected.
 // Container-security scan-type related test function.
 func TestEnforceLocalResolutionForTarFiles(t *testing.T) {
 	testCases := []struct {
@@ -4530,15 +4530,20 @@ func TestEnforceLocalResolutionForTarFiles(t *testing.T) {
 		{"Already enabled", "alpine.tar", true, true, false},
 		{"Only image:tag", "nginx:latest,alpine:3.18", false, false, false},
 		{"Non-tar prefixes", "docker:nginx:latest,registry:ubuntu:22.04", false, false, false},
-		{"Invalid tar:tag format", "oci-dir:file.tar:latest", false, false, false},
 
-		// Should enable local resolution
+		// Should enable local resolution - tar files
 		{"Single tar", "alpine.tar", false, true, true},
 		{"Mixed tar+image", "nginx:latest,alpine.tar", false, true, true},
 		{"Tar with spaces/quotes", " 'alpine.tar' ,nginx:latest", false, true, true},
 		{"Prefixed tar", "docker-archive:alpine.tar", false, true, true},
 		{"oci-dir tar", "oci-dir:image.tar", false, true, true},
 		{"Tar at end", "nginx:latest,ubuntu.tar", false, true, true},
+
+		// Should enable local resolution - oci-dir directories
+		{"oci-dir directory", "oci-dir:my-alpine-image", false, true, true},
+		{"oci-dir with path", "oci-dir:/path/to/oci-layout", false, true, true},
+		{"oci-dir with tag suffix", "oci-dir:file.tar:latest", false, true, true},
+		{"Mixed oci-dir+image", "nginx:latest,oci-dir:my-image", false, true, true},
 	}
 
 	for _, tc := range testCases {
@@ -4578,7 +4583,7 @@ func TestEnforceLocalResolutionForTarFiles(t *testing.T) {
 				t.Errorf("Expected local resolution=%v, got=%v", tc.expectedLocalResolution, actualLocalResolution)
 			}
 
-			hasWarning := strings.Contains(output, "Warning:") && strings.Contains(output, "Tar file")
+			hasWarning := strings.Contains(output, "Warning:") && (strings.Contains(output, "Tar file") || strings.Contains(output, "oci-dir"))
 			if tc.expectWarning && !hasWarning {
 				t.Errorf("Expected warning but got: %s", output)
 			} else if !tc.expectWarning && hasWarning {