internal/worker: get rid of vulncheck
Makes imports mode private. Now, ModeGovulncheck will store imports
vulnerability numbers in a separate row with modeImports as ScanMode.
This is possible since govulncheck returns all vulnerabilities, imported
or called.
Also, save only called vulnerabilities for ModeGovulncheck.
Change-Id: I5839c4a1b3f4c958f0b996ea3a6193d47ef8e209
Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/475255
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/cmd/vulncheck_sandbox/vulncheck_sandbox.go b/cmd/vulncheck_sandbox/vulncheck_sandbox.go
index a3a5eba..eae5f2b 100644
--- a/cmd/vulncheck_sandbox/vulncheck_sandbox.go
+++ b/cmd/vulncheck_sandbox/vulncheck_sandbox.go
@@ -12,18 +12,14 @@
import (
"context"
- "encoding/json"
"errors"
"flag"
"fmt"
"io"
- "log"
"os"
"os/exec"
- "golang.org/x/pkgsite-metrics/internal/load"
"golang.org/x/pkgsite-metrics/internal/worker"
- "golang.org/x/vuln/vulncheck"
)
// vulnDBDir should contain a local copy of the vuln DB, with a LAST_MODIFIED
@@ -42,42 +38,26 @@
fmt.Fprintln(w)
}
- if len(args) != 2 {
- fail(errors.New("need two args: mode, and module dir or binary"))
+ if len(args) != 3 {
+ fail(errors.New("need three args: govulncheck path, mode, and module dir or binary"))
return
}
- mode := args[0]
+ mode := args[1]
if !worker.IsValidVulncheckMode(mode) {
fail(fmt.Errorf("%q is not a valid mode", mode))
return
}
- var b []byte
- var err error
- if mode == worker.ModeImports {
- res, err := runImportsAnalysis(context.Background(), args[1], vulnDBDir)
- if err != nil {
- fail(err)
- return
- }
- b, err = json.MarshalIndent(res, "", "\t")
- if err != nil {
- fail(fmt.Errorf("json.MarshalIndent: %v", err))
- return
- }
- } else {
- b, err = runGovulncheck(context.Background(), args[1], mode, vulnDBDir)
- if err != nil {
- fail(err)
- return
- }
+ b, err := runGovulncheck(context.Background(), args[0], mode, args[2], vulnDBDir)
+ if err != nil {
+ fail(err)
+ return
}
-
w.Write(b)
fmt.Println()
}
-func runGovulncheck(ctx context.Context, filePath, mode, vulnDBDir string) ([]byte, error) {
+func runGovulncheck(ctx context.Context, govulncheckPath, mode, filePath, vulnDBDir string) ([]byte, error) {
pattern := "./..."
dir := ""
if mode == worker.ModeBinary {
@@ -86,41 +66,9 @@
dir = filePath
}
- govulncheckCmd := exec.Command("/binaries/govulncheck", "-json", pattern)
+ govulncheckCmd := exec.Command(govulncheckPath, "-json", pattern)
govulncheckCmd.Dir = dir
govulncheckCmd.Env = append(govulncheckCmd.Environ(), "GOVULNDB=file://"+vulnDBDir)
return govulncheckCmd.Output()
}
-
-func runImportsAnalysis(ctx context.Context, moduleDir, vulnDBDir string) (*vulncheck.Result, error) {
- dbClient, err := NewLocalLMTClient(vulnDBDir)
- if err != nil {
- return nil, fmt.Errorf("NewLocalLMTClient: %v", err)
- }
- vcfg := &vulncheck.Config{
- Client: dbClient,
- ImportsOnly: true,
- }
-
- // Load all the packages in moduleDir.
- cfg := load.DefaultConfig()
- cfg.Dir = moduleDir
- cfg.Logf = log.Printf
- pkgs, pkgErrors, err := load.Packages(cfg, "./...")
- if err == nil && len(pkgErrors) > 0 {
- err = fmt.Errorf("%v", pkgErrors)
- }
- if err != nil {
- return nil, fmt.Errorf("loading packages: %v", err)
- }
- if len(pkgs) == 0 {
- return nil, fmt.Errorf("no packages in %s", moduleDir)
- }
-
- res, err := vulncheck.Source(ctx, vulncheck.Convert(pkgs), vcfg)
- if err != nil {
- return nil, err
- }
- return res, nil
-}
