vulndb/internal/audit: don't compute trace twice
Avoid generating a import path trace a second time
just to take its length.
Change-Id: I9085c66cbe814ce127c531fed76f996d5fc36686
Reviewed-on: https://go-review.googlesource.com/c/exp/+/390554
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/vulndb/internal/audit/detect_imports.go b/vulndb/internal/audit/detect_imports.go
index 4ceaae2..4e2a78e 100644
--- a/vulndb/internal/audit/detect_imports.go
+++ b/vulndb/internal/audit/detect_imports.go
@@ -60,11 +60,12 @@
for _, imp := range pkg.Imports() {
vulns := modVulns.VulnsForPackage(imp.Path())
for _, v := range serialize(vulns) {
+ t := c.trace()
results.addFinding(v, Finding{
Symbol: imp.Path(),
Type: ImportType,
- Trace: c.trace(),
- weight: len(c.trace())})
+ Trace: t,
+ weight: len(t)})
}
queue.PushBack(&importChain{pkg: imp, parent: c})
}