vulncheck: add more checks for nil package of a function
Change-Id: Iad61bc4ee41d376e63ca853a0b51633cc07e6fa4
Reviewed-on: https://go-review.googlesource.com/c/exp/+/380835
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Trust: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/vulncheck/source.go b/vulncheck/source.go
index 419f9b2..5d11aa0 100644
--- a/vulncheck/source.go
+++ b/vulncheck/source.go
@@ -6,7 +6,6 @@
import (
"context"
- "fmt"
"runtime"
"golang.org/x/exp/vulncheck/internal/derrors"
@@ -38,7 +37,6 @@
}
vulnPkgModSlice(pkgs, modVulns, result)
- fmt.Println("IMPORTS", result.Imports)
if cfg.ImportsOnly {
return result, nil
}
@@ -299,10 +297,7 @@
}
// Check if f has known vulnerabilities.
- var vulns []*osv.Entry
- if f.Package() != nil {
- vulns = modVulns.VulnsForSymbol(f.Package().Pkg.Path(), dbFuncName(f))
- }
+ vulns := modVulns.VulnsForSymbol(pkgPath(f), dbFuncName(f))
var funNode *FuncNode
// If there are vulnerabilities for f, create node for f and
@@ -365,12 +360,21 @@
return funNode
}
+// pkgPath returns the path of the f's enclosing package, if any.
+// Otherwise, returns "".
+func pkgPath(f *ssa.Function) string {
+ if f.Package() != nil && f.Package().Pkg != nil {
+ return f.Package().Pkg.Path()
+ }
+ return ""
+}
+
func funcNode(f *ssa.Function) *FuncNode {
id := nextFunID()
return &FuncNode{
ID: id,
Name: f.Name(),
- PkgPath: f.Package().Pkg.Path(),
+ PkgPath: pkgPath(f),
RecvType: funcRecvType(f),
Pos: funcPosition(f),
}