vulndb/govulncheck: add support for build tags and -tests flag
Change-Id: Ifc740c1c20c0d3eed486a2cd796445efdee9c9e5
Reviewed-on: https://go-review.googlesource.com/c/exp/+/345710
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
Trust: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/vulndb/govulncheck/main.go b/vulndb/govulncheck/main.go
index a3faacc..78d35f0 100644
--- a/vulndb/govulncheck/main.go
+++ b/vulndb/govulncheck/main.go
@@ -19,6 +19,7 @@
"encoding/json"
"flag"
"fmt"
+ "go/build"
"log"
"os"
"runtime"
@@ -26,6 +27,7 @@
"golang.org/x/exp/vulndb/internal/audit"
"golang.org/x/exp/vulndb/internal/binscan"
+ "golang.org/x/tools/go/buildutil"
"golang.org/x/tools/go/packages"
"golang.org/x/tools/go/ssa/ssautil"
"golang.org/x/vulndb/client"
@@ -36,13 +38,14 @@
verboseFlag = flag.Bool("verbose", false, "")
importsFlag = flag.Bool("imports", false, "")
allFlag = flag.Bool("all", false, "")
+ testsFlag = flag.Bool("tests", false, "")
)
const usage = `govulncheck: identify known vulnerabilities by call graph traversal.
Usage:
- govulncheck [-imports] [-json] [-all] {package pattern...}
+ govulncheck [-imports] [-json] [-all] [-tests] [-tags] {package pattern...}
govulncheck {binary path}
@@ -60,6 +63,10 @@
-verbose Print progress information.
+ -tags Comma-separated list of build tags.
+
+ -tests Boolean flag indicating if test files should be analyzed too.
+
govulncheck can be used with either one or more package patterns (i.e. golang.org/x/crypto/...
or ./...) or with a single path to a Go binary. In the latter case module and symbol
information will be extracted from the binary in order to detect vulnerable symbols
@@ -70,6 +77,10 @@
databases are merged.
`
+func init() {
+ flag.Var((*buildutil.TagsFlag)(&build.Default.BuildTags), "tags", buildutil.TagsFlagDoc)
+}
+
func main() {
flag.Usage = func() { fmt.Fprintln(os.Stderr, usage) }
flag.Parse()
@@ -89,7 +100,12 @@
os.Exit(1)
}
- cfg := &packages.Config{Mode: packages.LoadAllSyntax | packages.NeedModule}
+ cfg := &packages.Config{
+ Mode: packages.LoadAllSyntax | packages.NeedModule,
+ Tests: *testsFlag,
+ BuildFlags: []string{fmt.Sprintf("-tags=%s", strings.Join(build.Default.BuildTags, ","))},
+ }
+
r, err := run(cfg, flag.Args(), *importsFlag, dbClient)
if err != nil {
fmt.Fprintf(os.Stderr, "govulncheck: %s\n", err)