vulndb/govulncheck: use GOOS/GOARCH env vars for target analysis
This allows to correctly filter vulnerabilities for the analysis
beyond the host platform.
Change-Id: I57003d4ccf77cde6a1064ec9c28c6fc31ae48d5d
Reviewed-on: https://go-review.googlesource.com/c/exp/+/366374
Trust: Hyang-Ah Hana Kim <hyangah@gmail.com>
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/vulndb/govulncheck/main.go b/vulndb/govulncheck/main.go
index a36d1da..d94dc75 100644
--- a/vulndb/govulncheck/main.go
+++ b/vulndb/govulncheck/main.go
@@ -204,7 +204,7 @@
if err != nil {
return nil, fmt.Errorf("failed to load vulnerability dbs: %v", err)
}
- vulns = vulns.Filter(runtime.GOOS, runtime.GOARCH)
+ vulns = vulns.Filter(lookupEnv("GOOS", runtime.GOOS), lookupEnv("GOARCH", runtime.GOARCH))
results := audit.VulnerablePackageSymbols(symbols, vulns)
return &results, nil
@@ -261,3 +261,10 @@
}
return &results, nil
}
+
+func lookupEnv(key string, defaultValue string) (value string) {
+ if v, ok := os.LookupEnv(key); ok {
+ return v
+ }
+ return defaultValue
+}