fix: supporting .egg-info/METADATA in python.Packaging analyzer (#9151)

Co-authored-by: Amit <amit.bhardwaj@aquasec.com>

docs/docs/coverage/language/python.md

@@ -145,7 +145,7 @@ Trivy parses the manifest files of installed packages in container image scannin
 See [here](https://packaging.python.org/en/latest/discussions/package-formats/) for the detail.
 
 ### Egg
-Trivy looks for `*.egg-info`, `*.egg-info/PKG-INFO`, `*.egg` and `EGG-INFO/PKG-INFO` to identify Python packages.
+Trivy looks for `*.egg-info`, `*.egg-info/METADATA`, `*.egg-info/PKG-INFO`, `*.egg` and `EGG-INFO/PKG-INFO` to identify Python packages.
 
 ### Wheel
 Trivy looks for `.dist-info/METADATA` to identify Python packages.

pkg/fanal/analyzer/language/python/packaging/packaging.go

@@ -48,6 +48,8 @@ var (
 		// https://setuptools.readthedocs.io/en/latest/deprecated/python_eggs.html#eggs-and-their-formats
 		".egg-info",
 		".egg-info/PKG-INFO",
+		// https://github.com/aquasecurity/trivy/issues/9171
+		".egg-info/METADATA",
 	}
 )
 

pkg/fanal/analyzer/language/python/packaging/packaging_test.go

@@ -161,6 +161,11 @@ func Test_packagingAnalyzer_Required(t *testing.T) {
 			filePath: "python2.7/site-packages/cssutils-1.0-py2.7.egg/EGG-INFO/PKG-INFO",
 			want:     true,
 		},
+		{
+			name:     "egg-info/METADATA",
+			filePath: "Amazon/AWSCLIV2/cryptography-3.3.2-py3.8.egg-info/METADATA",
+			want:     true,
+		},
 		{
 			name:     "egg-info",
 			filePath: "python3.8/site-packages/wrapt-1.12.1.egg-info",