vulndb/govulncheck: add support for build tags and -tests flag Change-Id: Ifc740c1c20c0d3eed486a2cd796445efdee9c9e5 Reviewed-on: https://go-review.googlesource.com/c/exp/+/345710 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Tim King <taking@google.com> Trust: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/vulndb/govulncheck/main.go b/vulndb/govulncheck/main.go index a3faacc..78d35f0 100644 --- a/vulndb/govulncheck/main.go +++ b/vulndb/govulncheck/main.go
@@ -19,6 +19,7 @@ "encoding/json" "flag" "fmt" + "go/build" "log" "os" "runtime" @@ -26,6 +27,7 @@ "golang.org/x/exp/vulndb/internal/audit" "golang.org/x/exp/vulndb/internal/binscan" + "golang.org/x/tools/go/buildutil" "golang.org/x/tools/go/packages" "golang.org/x/tools/go/ssa/ssautil" "golang.org/x/vulndb/client" @@ -36,13 +38,14 @@ verboseFlag = flag.Bool("verbose", false, "") importsFlag = flag.Bool("imports", false, "") allFlag = flag.Bool("all", false, "") + testsFlag = flag.Bool("tests", false, "") ) const usage = `govulncheck: identify known vulnerabilities by call graph traversal. Usage: - govulncheck [-imports] [-json] [-all] {package pattern...} + govulncheck [-imports] [-json] [-all] [-tests] [-tags] {package pattern...} govulncheck {binary path} @@ -60,6 +63,10 @@ -verbose Print progress information. + -tags Comma-separated list of build tags. + + -tests Boolean flag indicating if test files should be analyzed too. + govulncheck can be used with either one or more package patterns (i.e. golang.org/x/crypto/... or ./...) or with a single path to a Go binary. In the latter case module and symbol information will be extracted from the binary in order to detect vulnerable symbols @@ -70,6 +77,10 @@ databases are merged. ` +func init() { + flag.Var((*buildutil.TagsFlag)(&build.Default.BuildTags), "tags", buildutil.TagsFlagDoc) +} + func main() { flag.Usage = func() { fmt.Fprintln(os.Stderr, usage) } flag.Parse() @@ -89,7 +100,12 @@ os.Exit(1) } - cfg := &packages.Config{Mode: packages.LoadAllSyntax | packages.NeedModule} + cfg := &packages.Config{ + Mode: packages.LoadAllSyntax | packages.NeedModule, + Tests: *testsFlag, + BuildFlags: []string{fmt.Sprintf("-tags=%s", strings.Join(build.Default.BuildTags, ","))}, + } + r, err := run(cfg, flag.Args(), *importsFlag, dbClient) if err != nil { fmt.Fprintf(os.Stderr, "govulncheck: %s\n", err)