commit	c387d46ab5e9f30939798d86222e5ea7691b0753	[log] [tgz]
author	Tatiana Bradley <tatianabradley@google.com>	Wed Apr 17 17:08:10 2024 -0400
committer	Tatiana Bradley <tatianabradley@google.com>	Wed May 08 17:42:44 2024 +0000
tree	748bf65381a1213a9eba192da0f0f2ad4752f087
parent	49c91e460f19eb8007236cc0d32c5ef6b1949feb [diff]

internal/{genericosv,report}: move shared logic to report.New

Move logic that makes sense to be performed on all new reports,
such as fixing references and modules, to report.New.

Some of this logic was previously only applied to GHSAs (but
should have also been applied to CVEs), so this does affect
test outputs.

Change-Id: I8e43abe385fda4cdef5c1818c701cbb83e1c403b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/579859
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

internal/genericosv/report.go[diff]
internal/genericosv/report_test.go[diff]
internal/genericosv/testdata/proxy/TestAffectedToModules/add_incompatible.json[Deleted - diff]
internal/genericosv/testdata/proxy/TestAffectedToModules/import_path.json[Deleted - diff]
internal/genericosv/testdata/proxy/TestAffectedToModules/ok.json[Deleted - diff]
internal/report/cve.go[diff]
internal/report/fix.go[diff]
internal/report/fix_test.go[diff]
internal/report/ghsa.go[diff]
internal/report/ghsa_test.go[diff]
internal/report/new.go[diff]
internal/report/testdata/cve/TestCVE5ToReport/CVE-2023-29407.txtar[diff]
internal/report/testdata/cve/TestCVE5ToReport/CVE-2023-44378.txtar[diff]
internal/report/testdata/cve/TestCVE5ToReport/CVE-2023-45283.txtar[diff]
internal/report/testdata/cve/TestCVE5ToReport/CVE-2023-45285.txtar[diff]
internal/report/testdata/cve/TestCVE5ToReport/CVE-2023-45286.txtar[diff]
internal/report/testdata/cve/TestCVEToReport/CVE-2023-29407.txtar[diff]
internal/report/testdata/cve/TestCVEToReport/CVE-2023-45283.txtar[diff]
internal/report/testdata/cve/TestCVEToReport/CVE-2023-45285.txtar[diff]
internal/report/testdata/cve/TestCVEToReport/CVE-2023-45286.txtar[diff]
internal/report/testdata/proxy/TestFixModules/add_incompatible.json[Added - diff]
internal/report/testdata/proxy/TestFixModules/canonicalize.json[Renamed from internal/genericosv/testdata/proxy/TestAffectedToModules/canonicalize.json - diff]
internal/report/testdata/proxy/TestFixModules/import_path.json[Added - diff]
internal/report/testdata/proxy/TestFixModules/major_version.json[Renamed from internal/genericosv/testdata/proxy/TestAffectedToModules/major_version.json - diff]
internal/report/testdata/proxy/TestFixModules/merge_modules.json[Renamed from internal/genericosv/testdata/proxy/TestAffectedToModules/merge_modules.json - diff]
internal/report/testdata/proxy/TestFixModules/ok.json[Added - diff]

26 files changed

tree: 748bf65381a1213a9eba192da0f0f2ad4752f087

README.md

The Go Vulnerability Database

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.