commit a062eea981d2badc1732162b090e2c340ee0d0df
author Zvonimir Pavlinovic <zpavlinovic@google.com> Fri Aug 27 17:53:34 2021 -0700
committer Zvonimir Pavlinovic <zpavlinovic@google.com> Wed Sep 01 19:34:31 2021 +0000
tree 55bc9c9d275996290f036130f6bfee034f92b499
parent b4e88ed8e8aab63a9aa9a52276782ebbc547adef

vulndb/govulncheck: add support for build tags and -tests flag

Change-Id: Ifc740c1c20c0d3eed486a2cd796445efdee9c9e5
Reviewed-on: https://go-review.googlesource.com/c/exp/+/345710
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
Trust: Zvonimir Pavlinovic <zpavlinovic@google.com>

vulndb/govulncheck/main.go

diff --git a/vulndb/govulncheck/main.go b/vulndb/govulncheck/main.go
index a3faacc..78d35f0 100644
--- a/vulndb/govulncheck/main.go
+++ b/vulndb/govulncheck/main.go
@@ -19,6 +19,7 @@
 	"encoding/json"
 	"flag"
 	"fmt"
+	"go/build"
 	"log"
 	"os"
 	"runtime"
@@ -26,6 +27,7 @@
 
 	"golang.org/x/exp/vulndb/internal/audit"
 	"golang.org/x/exp/vulndb/internal/binscan"
+	"golang.org/x/tools/go/buildutil"
 	"golang.org/x/tools/go/packages"
 	"golang.org/x/tools/go/ssa/ssautil"
 	"golang.org/x/vulndb/client"
@@ -36,13 +38,14 @@
 	verboseFlag = flag.Bool("verbose", false, "")
 	importsFlag = flag.Bool("imports", false, "")
 	allFlag     = flag.Bool("all", false, "")
+	testsFlag   = flag.Bool("tests", false, "")
 )
 
 const usage = `govulncheck: identify known vulnerabilities by call graph traversal.
 
 Usage:
 
-	govulncheck [-imports] [-json] [-all] {package pattern...}
+	govulncheck [-imports] [-json] [-all] [-tests] [-tags] {package pattern...}
 
 	govulncheck {binary path}
 
@@ -60,6 +63,10 @@
 
 	-verbose   Print progress information.
 
+	-tags	   Comma-separated list of build tags.
+
+	-tests     Boolean flag indicating if test files should be analyzed too.
+
 govulncheck can be used with either one or more package patterns (i.e. golang.org/x/crypto/...
 or ./...) or with a single path to a Go binary. In the latter case module and symbol
 information will be extracted from the binary in order to detect vulnerable symbols
@@ -70,6 +77,10 @@
 databases are merged.
 `
 
+func init() {
+	flag.Var((*buildutil.TagsFlag)(&build.Default.BuildTags), "tags", buildutil.TagsFlagDoc)
+}
+
 func main() {
 	flag.Usage = func() { fmt.Fprintln(os.Stderr, usage) }
 	flag.Parse()
@@ -89,7 +100,12 @@
 		os.Exit(1)
 	}
 
-	cfg := &packages.Config{Mode: packages.LoadAllSyntax | packages.NeedModule}
+	cfg := &packages.Config{
+		Mode:       packages.LoadAllSyntax | packages.NeedModule,
+		Tests:      *testsFlag,
+		BuildFlags: []string{fmt.Sprintf("-tags=%s", strings.Join(build.Default.BuildTags, ","))},
+	}
+
 	r, err := run(cfg, flag.Args(), *importsFlag, dbClient)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "govulncheck: %s\n", err)