vulndb/internal/audit: don't compute trace twice Avoid generating a import path trace a second time just to take its length. Change-Id: I9085c66cbe814ce127c531fed76f996d5fc36686 Reviewed-on: https://go-review.googlesource.com/c/exp/+/390554 Trust: Jonathan Amsterdam <jba@google.com> Run-TryBot: Jonathan Amsterdam <jba@google.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>

commit: a1099baf94bf6dbf362c544bc8f7aa0080beb793 [log] [tgz]
author: Jonathan Amsterdam <jba@google.com> Mon Mar 07 14:14:04 2022 -0500
committer: Jonathan Amsterdam <jba@google.com> Mon Mar 07 20:09:41 2022 +0000
tree: 4c40b8595b9c0826498e24ce6b92ce672f035599
parent: 02c09b7a9fa93fed1c3245dda538120721910906 [diff]
diff --git a/vulndb/internal/audit/detect_imports.go b/vulndb/internal/audit/detect_imports.go
index 4ceaae2..4e2a78e 100644
--- a/vulndb/internal/audit/detect_imports.go
+++ b/vulndb/internal/audit/detect_imports.go

@@ -60,11 +60,12 @@
 		for _, imp := range pkg.Imports() {
 			vulns := modVulns.VulnsForPackage(imp.Path())
 			for _, v := range serialize(vulns) {
+				t := c.trace()
 				results.addFinding(v, Finding{
 					Symbol: imp.Path(),
 					Type:   ImportType,
-					Trace:  c.trace(),
-					weight: len(c.trace())})
+					Trace:  t,
+					weight: len(t)})
 			}
 			queue.PushBack(&importChain{pkg: imp, parent: c})
 		}
commit	a1099baf94bf6dbf362c544bc8f7aa0080beb793	[log] [tgz]
author	Jonathan Amsterdam <jba@google.com>	Mon Mar 07 14:14:04 2022 -0500
committer	Jonathan Amsterdam <jba@google.com>	Mon Mar 07 20:09:41 2022 +0000
tree	4c40b8595b9c0826498e24ce6b92ce672f035599
parent	02c09b7a9fa93fed1c3245dda538120721910906 [diff]