Fix oversized values in CodebaseResource.extension

- Normalize extension from file name instead of trusting input
- Reject invalid extensions containing '$'
- Preserve multi-part extensions such as .tar.gz-extract
- Maintain compatibility with existing pipelines and behaviors

Fixes #1537

Signed-off-by: Monal-Reddy <monalreddy001@gmail.com>

Author: Monal-Reddy

scanpipe/pipes/__init__.py

@@ -44,6 +44,27 @@
 logger = logging.getLogger("scanpipe.pipes")
 
 
+def normalize_extension(name, extension, max_length=100):
+    if not name:
+        return ""
+
+    suffix = Path(name).suffix
+
+    if not suffix:
+        return ""
+
+    # Reject invalid extensions
+    if "$" in suffix:
+        return ""
+
+    # Special case: handle .tar.gz-* patterns
+    if ".tar.gz" in name:
+        idx = name.find(".tar.gz")
+        return name[idx:]
+
+    return suffix
+
+
 def make_codebase_resource(project, location, save=True, **extra_fields):
     """
     Create a CodebaseResource instance in the database for the given ``project``.
@@ -94,6 +115,12 @@ def make_codebase_resource(project, location, save=True, **extra_fields):
     if extra_fields:
         resource_data.update(**extra_fields)
 
+    # Normalize extension to avoid oversized non-extension values
+    resource_data["extension"] = normalize_extension(
+        resource_data.get("name"),
+        resource_data.get("extension"),
+    )
+
     codebase_resource = CodebaseResource(
         project=project,
         path=relative_path,

scanpipe/tests/pipes/test_pipes.py

@@ -448,3 +448,23 @@ def test_scanpipe_pipes_collect_and_create_codebase_resources(self):
         self.assertEqual("from", from_resource.tag)
         to_resource = p1.codebaseresources.get(path="to/a.txt")
         self.assertEqual("to", to_resource.tag)
+
+    def test_normalize_extension_valid(self):
+        name = "file.py"
+        result = pipes.normalize_extension(name, None)
+        self.assertEqual(".py", result)
+
+    def test_normalize_extension_no_extension(self):
+        name = "file"
+        result = pipes.normalize_extension(name, None)
+        self.assertEqual("", result)
+
+    def test_normalize_extension_rejects_long_invalid(self):
+        name = "file.$VeryVeryVeryLongInvalidExtensionNameThatShouldNotBeAccepted"
+        result = pipes.normalize_extension(name, None)
+        self.assertEqual("", result)
+
+    def test_normalize_extension_ignores_input_extension(self):
+        name = "file.py"
+        result = pipes.normalize_extension(name, ".wrongext")
+        self.assertEqual(".py", result)