internal/report: relax the summary length max from 100 to 125
To make it easier to pass lint checks for auto-generated reports,
relax the summary length requirement. (Note that the OSV format
recommends that summaries be around 120 characters or less, so 125
seems totally reasonable).
Change-Id: I0d92f6a973d930ce0eea0dc416ea1d51c30dfa09
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/581804
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/internal/genericosv/testdata/yaml/GHSA-28r2-q6m8-9hpx.yaml b/internal/genericosv/testdata/yaml/GHSA-28r2-q6m8-9hpx.yaml
index 16f9b5d..595e938 100644
--- a/internal/genericosv/testdata/yaml/GHSA-28r2-q6m8-9hpx.yaml
+++ b/internal/genericosv/testdata/yaml/GHSA-28r2-q6m8-9hpx.yaml
@@ -38,7 +38,5 @@
- web: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/
- web: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
- web: https://github.com/hashicorp/go-getter/releases
-notes:
- - lint: 'summary: too long (found 115 characters, want <=100)'
source:
id: GHSA-28r2-q6m8-9hpx
diff --git a/internal/genericosv/testdata/yaml/GHSA-627p-rr78-99rj.yaml b/internal/genericosv/testdata/yaml/GHSA-627p-rr78-99rj.yaml
index 687a6da..6b9574f 100644
--- a/internal/genericosv/testdata/yaml/GHSA-627p-rr78-99rj.yaml
+++ b/internal/genericosv/testdata/yaml/GHSA-627p-rr78-99rj.yaml
@@ -70,6 +70,5 @@
- lint: 'description: possible markdown formatting (found `users`)'
- lint: 'modules[0] "github.com/concourse/concourse": 4 versions do not exist: 6.3.0, 6.3.1, 6.4.0, 6.4.1'
- lint: 'modules[1] "github.com/concourse/dex": 4 versions do not exist: 6.3.0, 6.3.1, 6.4.0, 6.4.1'
- - lint: 'summary: too long (found 115 characters, want <=100)'
source:
id: GHSA-627p-rr78-99rj
diff --git a/internal/genericosv/testdata/yaml/GHSA-66p8-j459-rq63.yaml b/internal/genericosv/testdata/yaml/GHSA-66p8-j459-rq63.yaml
index 0aa2b6b..21f8b1e 100644
--- a/internal/genericosv/testdata/yaml/GHSA-66p8-j459-rq63.yaml
+++ b/internal/genericosv/testdata/yaml/GHSA-66p8-j459-rq63.yaml
@@ -45,6 +45,6 @@
- lint: 'description: possible markdown formatting (found ### )'
- lint: 'description: possible markdown formatting (found [`GHSA-p8r3-83r8-jwj5`](https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5))'
- lint: 'description: possible markdown formatting (found `GHSA-p8r3-83r8-jwj5`)'
- - lint: 'summary: too long (found 163 characters, want <=100)'
+ - lint: 'summary: too long (found 163 characters, want <=125)'
source:
id: GHSA-66p8-j459-rq63
diff --git a/internal/genericosv/testdata/yaml/GHSA-6rg3-8h8x-5xfv.yaml b/internal/genericosv/testdata/yaml/GHSA-6rg3-8h8x-5xfv.yaml
index 368a588..23ba044 100644
--- a/internal/genericosv/testdata/yaml/GHSA-6rg3-8h8x-5xfv.yaml
+++ b/internal/genericosv/testdata/yaml/GHSA-6rg3-8h8x-5xfv.yaml
@@ -29,6 +29,6 @@
- advisory: https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv
notes:
- lint: 'description: possible markdown formatting (found ### )'
- - lint: 'summary: too long (found 142 characters, want <=100)'
+ - lint: 'summary: too long (found 142 characters, want <=125)'
source:
id: GHSA-6rg3-8h8x-5xfv
diff --git a/internal/genericosv/testdata/yaml/GHSA-7943-82jg-wmw5.yaml b/internal/genericosv/testdata/yaml/GHSA-7943-82jg-wmw5.yaml
index 64dcaca..5bc74d1 100644
--- a/internal/genericosv/testdata/yaml/GHSA-7943-82jg-wmw5.yaml
+++ b/internal/genericosv/testdata/yaml/GHSA-7943-82jg-wmw5.yaml
@@ -131,6 +131,5 @@
- lint: 'description: possible markdown formatting (found [discussions](https://github.com/argoproj/argo-cd/discussions))'
- lint: 'description: possible markdown formatting (found `--dex-server`)'
- lint: 'modules[0] "github.com/argoproj/argo-cd": version 2.2.11 does not exist'
- - lint: 'summary: too long (found 108 characters, want <=100)'
source:
id: GHSA-7943-82jg-wmw5
diff --git a/internal/genericosv/testdata/yaml/GHSA-g9wh-3vrx-r7hg.yaml b/internal/genericosv/testdata/yaml/GHSA-g9wh-3vrx-r7hg.yaml
index a63d108..38fc5eb 100644
--- a/internal/genericosv/testdata/yaml/GHSA-g9wh-3vrx-r7hg.yaml
+++ b/internal/genericosv/testdata/yaml/GHSA-g9wh-3vrx-r7hg.yaml
@@ -24,6 +24,5 @@
- web: https://www.debian.org/security/2022/dsa-5041
notes:
- lint: 'description: possible markdown formatting (found ## )'
- - lint: 'summary: too long (found 108 characters, want <=100)'
source:
id: GHSA-g9wh-3vrx-r7hg
diff --git a/internal/genericosv/testdata/yaml/GHSA-jmp2-wc4p-wfh2.yaml b/internal/genericosv/testdata/yaml/GHSA-jmp2-wc4p-wfh2.yaml
index a58b069..2529536 100644
--- a/internal/genericosv/testdata/yaml/GHSA-jmp2-wc4p-wfh2.yaml
+++ b/internal/genericosv/testdata/yaml/GHSA-jmp2-wc4p-wfh2.yaml
@@ -61,6 +61,6 @@
- lint: 'description: possible markdown formatting (found ### )'
- lint: 'description: possible markdown formatting (found [CVE-2003-0069](https://nvd.nist.gov/vuln/detail/CVE-2003-0069))'
- lint: 'description: possible markdown formatting (found `list`)'
- - lint: 'summary: too long (found 144 characters, want <=100)'
+ - lint: 'summary: too long (found 144 characters, want <=125)'
source:
id: GHSA-jmp2-wc4p-wfh2
diff --git a/internal/genericosv/testdata/yaml/GHSA-wx8q-rgfr-cf6v.yaml b/internal/genericosv/testdata/yaml/GHSA-wx8q-rgfr-cf6v.yaml
index c9107c4..efdfbed 100644
--- a/internal/genericosv/testdata/yaml/GHSA-wx8q-rgfr-cf6v.yaml
+++ b/internal/genericosv/testdata/yaml/GHSA-wx8q-rgfr-cf6v.yaml
@@ -28,6 +28,5 @@
- web: https://github.com/google/exposure-notifications-verification-server/releases/tag/v1.1.2
notes:
- lint: 'description: possible markdown formatting (found ### )'
- - lint: 'summary: too long (found 106 characters, want <=100)'
source:
id: GHSA-wx8q-rgfr-cf6v
diff --git a/internal/genericosv/testdata/yaml/GHSA-xx9w-464f-7h6f.yaml b/internal/genericosv/testdata/yaml/GHSA-xx9w-464f-7h6f.yaml
index d036b1d..16b70b3 100644
--- a/internal/genericosv/testdata/yaml/GHSA-xx9w-464f-7h6f.yaml
+++ b/internal/genericosv/testdata/yaml/GHSA-xx9w-464f-7h6f.yaml
@@ -44,6 +44,5 @@
notes:
- lint: 'description: possible markdown formatting (found ### )'
- lint: 'modules[0] "github.com/goharbor/harbor": version 1.0.0 does not exist'
- - lint: 'summary: too long (found 105 characters, want <=100)'
source:
id: GHSA-xx9w-464f-7h6f
diff --git a/internal/report/lint.go b/internal/report/lint.go
index 47ce631..f75b5cf 100644
--- a/internal/report/lint.go
+++ b/internal/report/lint.go
@@ -292,6 +292,8 @@
}
}
+const summaryMaxLen = 125
+
func (s *Summary) lint(l *linter, r *Report) {
summary := s.String()
if !r.IsExcluded() && len(summary) == 0 {
@@ -307,8 +309,8 @@
return
}
checkNoMarkdown(l, summary)
- if ln := len(summary); ln > 100 {
- l.Errorf("too long (found %d characters, want <=100)", ln)
+ if ln := len(summary); ln > summaryMaxLen {
+ l.Errorf("too long (found %d characters, want <=%d)", ln, summaryMaxLen)
}
if strings.HasSuffix(summary, ".") {
l.Error("must not end in a period (should be a phrase, not a sentence)")
diff --git a/internal/report/lint_test.go b/internal/report/lint_test.go
index 9c8bfd1..aec2f65 100644
--- a/internal/report/lint_test.go
+++ b/internal/report/lint_test.go
@@ -272,9 +272,11 @@
},
{
name: "summary_too_long",
- desc: "The summary must be 100 characters or less.",
+ desc: fmt.Sprintf("The summary must be %d characters or less.", summaryMaxLen),
report: validReport(func(r *Report) {
- r.Summary = "This summary of golang.org/x/net is too long; it needs to be shortened to less than 101 characters to pass the lint check"
+ r.Summary = Summary(
+ fmt.Sprintf("This summary of golang.org/x/net is too long and probably has unnecessary detail; it needs to be shortened to %d or fewer characters to pass the lint check", summaryMaxLen),
+ )
}),
wantNumLints: 1,
},
diff --git a/internal/report/testdata/lint/TestLintOffline/summary_too_long.txtar b/internal/report/testdata/lint/TestLintOffline/summary_too_long.txtar
index 33a1930..2c1027f 100644
--- a/internal/report/testdata/lint/TestLintOffline/summary_too_long.txtar
+++ b/internal/report/testdata/lint/TestLintOffline/summary_too_long.txtar
@@ -1,9 +1,9 @@
-Copyright 2023 The Go Authors. All rights reserved.
+Copyright 2024 The Go Authors. All rights reserved.
Use of this source code is governed by a BSD-style
license that can be found in the LICENSE file.
Test: TestLintOffline/summary_too_long
-Description: The summary must be 100 characters or less.
+Description: The summary must be 125 characters or less.
-- data/reports/GO-0000-0000.yaml --
id: GO-0000-0000
@@ -12,10 +12,10 @@
vulnerable_at: 1.2.3
packages:
- package: golang.org/x/net/http2
-summary: This summary of golang.org/x/net is too long; it needs to be shortened to less than 101 characters to pass the lint check
+summary: This summary of golang.org/x/net is too long and probably has unnecessary detail; it needs to be shortened to 125 or fewer characters to pass the lint check
description: description
cves:
- CVE-1234-0000
-- golden --
-summary: too long (found 121 characters, want <=100)
+summary: too long (found 156 characters, want <=125)
