all: replace uses of vulncheck with govulncheck
The substitutions introduced in this CL apply to types, functions,
commands, and make rules.
Note that this CL does not change the name of the BigQuery table nor the
scan endpoints.
This changes comes as a part of CL series that replace the uses of
"vulncheck" with "govulncheck".
Change-Id: I663da0f7fd5f462c411748714d08c75e47cec346
Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/476060
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/Makefile b/Makefile
index 2bf4db5..514ac24 100644
--- a/Makefile
+++ b/Makefile
@@ -75,20 +75,20 @@
docker run --detach $(DOCKER_RUN_ARGS) $(IMAGE) > $(DOCKER_ID_FILE)
while ! curl -s --head http://localhost:8080 > /dev/null; do sleep 1; done
-test: docker-run-bg vulncheck-test analysis-test
+test: docker-run-bg govulncheck-test analysis-test
docker container stop `cat $(DOCKER_ID_FILE)`
-VULNCHECK_TEST_FILE := /tmp/vtest.out
+GOVULNCHECK_TEST_FILE := /tmp/vtest.out
# Test by scanning a small module.
-vulncheck-test:
- curl -s 'http://localhost:8080/vulncheck/scan/github.com/fossas/fossa-cli@v1.1.10?importedby=1&serve=true' > $(VULNCHECK_TEST_FILE)
- @if [[ `grep -c GO-2020-0016 $(VULNCHECK_TEST_FILE)` -ge 4 ]]; then \
+govulncheck-test:
+ curl -s 'http://localhost:8080/vulncheck/scan/github.com/fossas/fossa-cli@v1.1.10?importedby=1&serve=true' > $(GOVULNCHECK_TEST_FILE)
+ @if [[ `grep -c GO-2020-0016 $(GOVULNCHECK_TEST_FILE)` -ge 4 ]]; then \
echo PASS; \
- rm $(VULNCHECK_TEST_FILE); \
+ rm $(GOVULNCHECK_TEST_FILE); \
else \
echo FAIL; \
- echo "output in $(VULNCHECK_TEST_FILE)"; \
+ echo "output in $(GOVULNCHECK_TEST_FILE)"; \
docker container stop `cat $(DOCKER_ID_FILE)`; \
exit 1; \
fi
@@ -113,4 +113,4 @@
rm -f config.json
rm -f govulncheck_sandbox
-.PHONY: docker-run docker-run-bg test vulncheck-test analysis-test clean
+.PHONY: docker-run docker-run-bg test govulncheck-test analysis-test clean
diff --git a/cmd/govulncheck_sandbox/govulncheck_sandbox.go b/cmd/govulncheck_sandbox/govulncheck_sandbox.go
index 1d92bb2..1da36b9 100644
--- a/cmd/govulncheck_sandbox/govulncheck_sandbox.go
+++ b/cmd/govulncheck_sandbox/govulncheck_sandbox.go
@@ -2,12 +2,12 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// This program runs vulncheck.Source or vulncheck.Binary on a module, then
+// This program runs govulncheck on a module or a binary and then
// writes the result as JSON. It is intended to be run in a sandbox.
//
// Unless it panics, this program always terminates with exit code 0.
// If there is an error, it writes a JSON object with field "Error".
-// Otherwise, it writes a vulncheck.Result as JSON.
+// Otherwise, it writes a internal/govulncheck.SandboxResponse as JSON.
package main
import (
@@ -47,7 +47,7 @@
return
}
mode := args[1]
- if !worker.IsValidVulncheckMode(mode) {
+ if !worker.IsValidGovulncheckMode(mode) {
fail(fmt.Errorf("%q is not a valid mode", mode))
return
}
diff --git a/internal/config/config.go b/internal/config/config.go
index 7329089..c414f77 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -80,7 +80,7 @@
// associated load balancer.
VulnDBBucketProjectID string
- // BinaryBucket holds binaries for vulncheck scanning.
+ // BinaryBucket holds binaries for govulncheck scanning.
BinaryBucket string
// The host, port and user of the pkgsite database used to find
diff --git a/internal/derrors/derrors.go b/internal/derrors/derrors.go
index 495b710..d3a4d6f 100644
--- a/internal/derrors/derrors.go
+++ b/internal/derrors/derrors.go
@@ -48,12 +48,12 @@
ScanModulePanicError = errors.New("scan module panic")
// ScanModuleOSError is used to capture issues with writing the module zip
- // to disk during the scan setup process. This is not an error with vulncheck.
+ // to disk during the scan setup process. This is not an error with govulncheck.
ScanModuleOSError = errors.New("scan module OS error")
// LoadPackagesError is used to capture general unclassified issues with
// load packages during the scan setup process. This is not an error with
- // vulncheck. There are specific load packages errors that are categorized
+ // govulncheck. There are specific load packages errors that are categorized
// separately, e.g., LoadPackagesNoGoModError.
LoadPackagesError = errors.New("scan module load packages error")
@@ -64,33 +64,33 @@
// LoadPackagesNoGoModError is used to capture a specific issue with
// loading packages during the scan setup process where a go.mod file
- // is missing. This is not an error with vulncheck.
+ // is missing. This is not an error with govulncheck.
LoadPackagesNoGoModError = errors.New("scan module load packages error: does not have go.mod")
// LoadPackagesNoGoSumError is used to capture a specific issue with
// loading packages during the scan setup process where a go.sum file
- // is missing. This is not an error with vulncheck.
+ // is missing. This is not an error with govulncheck.
LoadPackagesNoGoSumError = errors.New("scan module load packages error: does not have go.sum")
// LoadPackagesNoRequiredModuleError is used to capture a specific
// issue with loading packages during the scan setup process where a package
// is imported but no required module is provided. This is not an error with
- // vulncheck and is likely happening due to outdated go.sum file.
+ // govulncheck and is likely happening due to outdated go.sum file.
LoadPackagesNoRequiredModuleError = errors.New("scan module load packages error: no required module provided")
// LoadPackagesMissingGoSumEntryError is used to capture a specific
// issue with loading packages during the scan setup process where a package
// is imported but some of its go.sum entries are missing. This is not an error
- // with vulncheck and is likely happening due to outdated go.sum file.
+ // with govulncheck and is likely happening due to outdated go.sum file.
LoadPackagesMissingGoSumEntryError = errors.New("scan module load packages error: missing go.sum entry")
- // ScanModuleVulncheckDBConnectionError is used to capture a specific
- // vulncheck scan error where a connection to vuln db failed.
- ScanModuleVulncheckDBConnectionError = errors.New("scan module vulncheck error: communication with vuln db failed")
+ // ScanModuleGovulncheckDBConnectionError is used to capture a specific
+ // govulncheck scan error where a connection to vuln db failed.
+ ScanModuleGovulncheckDBConnectionError = errors.New("scan module govulncheck error: communication with vuln db failed")
- // ScanModuleVulncheckError is used to capture general issues where
- // vulncheck.Source fails due to an uncategorized error.
- ScanModuleVulncheckError = errors.New("scan module vulncheck error")
+ // ScanModuleGovulncheckError is used to capture general issues where
+ // govulncheck fails due to an uncategorized error.
+ ScanModuleGovulncheckError = errors.New("scan module govulncheck error")
// ScanModuleMemoryLimitExceeded occurs when scanning uses too much memory.
ScanModuleMemoryLimitExceeded = errors.New("scan module memory limit exceeded")
@@ -173,9 +173,9 @@
// CategorizeError returns the category for a given error.
func CategorizeError(err error) string {
switch {
- case errors.Is(err, ScanModuleVulncheckError):
+ case errors.Is(err, ScanModuleGovulncheckError):
return "VULNCHECK - MISC"
- case errors.Is(err, ScanModuleVulncheckDBConnectionError):
+ case errors.Is(err, ScanModuleGovulncheckDBConnectionError):
return "VULNCHECK - DB CONNECTION"
case errors.Is(err, LoadPackagesError):
return "LOAD"
diff --git a/internal/govulncheck/govulncheck.go b/internal/govulncheck/govulncheck.go
index f15d3f2..0883e68 100644
--- a/internal/govulncheck/govulncheck.go
+++ b/internal/govulncheck/govulncheck.go
@@ -25,7 +25,7 @@
"google.golang.org/api/iterator"
)
-// EnqueueQueryParams for vulncheck/enqueue
+// EnqueueQueryParams for govulncheck/enqueue
type EnqueueQueryParams struct {
Suffix string // appended to task queue IDs to generate unique tasks
Mode string // type of analysis to run
@@ -40,10 +40,10 @@
QueryParams
}
-// QueryParams has query parameters for a vulncheck scan request.
+// QueryParams has query parameters for a govulncheck scan request.
type QueryParams struct {
ImportedBy int // imported-by count
- Mode string // vulncheck mode (VTA, etc)
+ Mode string // govulncheck mode
Insecure bool // if true, run outside sandbox
Serve bool // serve results back to client instead of writing them to BigQuery
}
@@ -139,8 +139,7 @@
// - changing a column from required to nullable.
// See https://cloud.google.com/bigquery/docs/managing-table-schemas for details.
-// Result is a row in the BigQuery vulncheck table. It corresponds to a
-// result from the output for vulncheck.Source.
+// Result is a row in the BigQuery govulncheck table.
type Result struct {
CreatedAt time.Time `bigquery:"created_at"`
ModulePath string `bigquery:"module_path"`
@@ -199,8 +198,7 @@
vr.ErrorCategory = derrors.CategorizeError(err)
}
-// Vuln is a record in Result and corresponds to an item in
-// vulncheck.Result.Vulns.
+// Vuln is a record in Result.
type Vuln struct {
ID string `bigquery:"id"`
Symbol string `bigquery:"symbol"`
@@ -211,7 +209,7 @@
RequireSink bq.NullInt64 `bigquery:"require_sink"`
}
-// SchemaVersion changes whenever the vulncheck schema changes.
+// SchemaVersion changes whenever the govulncheck schema changes.
var SchemaVersion string
func init() {
@@ -223,7 +221,7 @@
bigquery.AddTable(TableName, s)
}
-// ReadWorkVersions reads the most recent WorkVersions in the vulncheck table.
+// ReadWorkVersions reads the most recent WorkVersions in the govulncheck table.
func ReadWorkVersions(ctx context.Context, c *bigquery.Client) (_ map[[2]string]*WorkVersion, err error) {
defer derrors.Wrap(&err, "ReadWorkVersions")
m := map[[2]string]*WorkVersion{}
@@ -355,7 +353,7 @@
}
// ScanStats represent monitoring information about a given
-// run of govulncheck or vulncheck
+// run of govulncheck.
type ScanStats struct {
// ScanSeconds is the amount of time a scan took to run, in seconds.
ScanSeconds float64
diff --git a/internal/worker/govulncheck.go b/internal/worker/govulncheck.go
index 9fd8890..6f48380 100644
--- a/internal/worker/govulncheck.go
+++ b/internal/worker/govulncheck.go
@@ -15,13 +15,13 @@
"golang.org/x/pkgsite-metrics/internal/log"
)
-type VulncheckServer struct {
+type GovulncheckServer struct {
*Server
storedWorkVersions map[[2]string]*govulncheck.WorkVersion
workVersion *govulncheck.WorkVersion
}
-func newVulncheckServer(ctx context.Context, s *Server) (*VulncheckServer, error) {
+func newGovulncheckServer(ctx context.Context, s *Server) (*GovulncheckServer, error) {
var (
swv map[[2]string]*govulncheck.WorkVersion
err error
@@ -33,14 +33,14 @@
}
log.Infof(ctx, "read %d work versions", len(swv))
}
- return &VulncheckServer{
+ return &GovulncheckServer{
Server: s,
storedWorkVersions: swv,
}, nil
}
-func (h *VulncheckServer) getWorkVersion(ctx context.Context) (_ *govulncheck.WorkVersion, err error) {
- defer derrors.Wrap(&err, "VulncheckServer.getWorkVersion")
+func (h *GovulncheckServer) getWorkVersion(ctx context.Context) (_ *govulncheck.WorkVersion, err error) {
+ defer derrors.Wrap(&err, "GovulncheckServer.getWorkVersion")
h.mu.Lock()
defer h.mu.Unlock()
@@ -59,7 +59,7 @@
SchemaVersion: govulncheck.SchemaVersion,
VulnVersion: vulnVersion,
}
- log.Infof(ctx, "vulncheck work version: %+v", h.workVersion)
+ log.Infof(ctx, "govulncheck work version: %+v", h.workVersion)
}
return h.workVersion, nil
}
diff --git a/internal/worker/govulncheck_enqueue.go b/internal/worker/govulncheck_enqueue.go
index eb133da..078e36a 100644
--- a/internal/worker/govulncheck_enqueue.go
+++ b/internal/worker/govulncheck_enqueue.go
@@ -23,17 +23,17 @@
"google.golang.org/api/iterator"
)
-// handleEnqueue enqueues multiple modules for a single vulncheck mode.
-func (h *VulncheckServer) handleEnqueue(w http.ResponseWriter, r *http.Request) error {
+// handleEnqueue enqueues multiple modules for a single govulncheck mode.
+func (h *GovulncheckServer) handleEnqueue(w http.ResponseWriter, r *http.Request) error {
return h.enqueue(r, false)
}
-// handleEnqueueAll enqueues multiple modules for all vulncheck modes.
-func (h *VulncheckServer) handleEnqueueAll(w http.ResponseWriter, r *http.Request) error {
+// handleEnqueueAll enqueues multiple modules for all govulncheck modes.
+func (h *GovulncheckServer) handleEnqueueAll(w http.ResponseWriter, r *http.Request) error {
return h.enqueue(r, true)
}
-func (h *VulncheckServer) enqueue(r *http.Request, allModes bool) error {
+func (h *GovulncheckServer) enqueue(r *http.Request, allModes bool) error {
ctx := r.Context()
params := &govulncheck.EnqueueQueryParams{Min: defaultMinImportedByCount}
if err := scan.ParseParams(r, params); err != nil {
@@ -43,7 +43,7 @@
if err != nil {
return fmt.Errorf("%w: %v", derrors.InvalidArgument, err)
}
- tasks, err := createVulncheckQueueTasks(ctx, h.cfg, params, modes)
+ tasks, err := createGovulncheckQueueTasks(ctx, h.cfg, params, modes)
if err != nil {
return err
}
@@ -60,14 +60,14 @@
sort.Strings(ms) // make deterministic for testing
return ms, nil
}
- mode, err := vulncheckMode(modeParam)
+ mode, err := govulncheckMode(modeParam)
if err != nil {
return nil, err
}
return []string{mode}, nil
}
-func createVulncheckQueueTasks(ctx context.Context, cfg *config.Config, params *govulncheck.EnqueueQueryParams, modes []string) (_ []queue.Task, err error) {
+func createGovulncheckQueueTasks(ctx context.Context, cfg *config.Config, params *govulncheck.EnqueueQueryParams, modes []string) (_ []queue.Task, err error) {
defer derrors.Wrap(&err, "createVulncheckQueueTasks(%v)", modes)
var (
tasks []queue.Task
@@ -115,7 +115,7 @@
return sreqs
}
-func vulncheckMode(mode string) (string, error) {
+func govulncheckMode(mode string) (string, error) {
if mode == "" {
// ModeGovulncheck is the default mode.
return ModeGovulncheck, nil
diff --git a/internal/worker/govulncheck_enqueue_test.go b/internal/worker/govulncheck_enqueue_test.go
index 65305b0..d59c766 100644
--- a/internal/worker/govulncheck_enqueue_test.go
+++ b/internal/worker/govulncheck_enqueue_test.go
@@ -59,7 +59,7 @@
}
params := &govulncheck.EnqueueQueryParams{Min: 8, File: "testdata/modules.txt"}
- gotTasks, err := createVulncheckQueueTasks(context.Background(), &config.Config{}, params, []string{ModeGovulncheck})
+ gotTasks, err := createGovulncheckQueueTasks(context.Background(), &config.Config{}, params, []string{ModeGovulncheck})
if err != nil {
t.Fatal(err)
}
@@ -76,7 +76,7 @@
if err != nil {
t.Fatal(err)
}
- gotTasks, err = createVulncheckQueueTasks(context.Background(), &config.Config{}, params, allModes)
+ gotTasks, err = createGovulncheckQueueTasks(context.Background(), &config.Config{}, params, allModes)
if err != nil {
t.Fatal(err)
}
diff --git a/internal/worker/govulncheck_results.go b/internal/worker/govulncheck_results.go
index af2f7d3..cd7ac01 100644
--- a/internal/worker/govulncheck_results.go
+++ b/internal/worker/govulncheck_results.go
@@ -19,7 +19,7 @@
var insertResultsCounter = event.NewCounter("insert-results", &event.MetricOptions{Namespace: metricNamespace})
-func (h *VulncheckServer) handleInsertResults(w http.ResponseWriter, r *http.Request) (err error) {
+func (h *GovulncheckServer) handleInsertResults(w http.ResponseWriter, r *http.Request) (err error) {
defer func() {
insertResultsCounter.Record(r.Context(), 1, event.Bool("success", err == nil))
}()
diff --git a/internal/worker/govulncheck_scan.go b/internal/worker/govulncheck_scan.go
index 90ae9b0..027606a 100644
--- a/internal/worker/govulncheck_scan.go
+++ b/internal/worker/govulncheck_scan.go
@@ -55,7 +55,7 @@
ModeGovulncheck: true,
}
-func IsValidVulncheckMode(mode string) bool {
+func IsValidGovulncheckMode(mode string) bool {
return modes[mode]
}
@@ -66,8 +66,8 @@
var scanCounter = event.NewCounter("scans", &event.MetricOptions{Namespace: metricNamespace})
// path: /vulncheck/scan/MODULE_VERSION_SUFFIX?params
-// See internal/vulncheck.ParseRequest for allowed path forms and query params.
-func (h *VulncheckServer) handleScan(w http.ResponseWriter, r *http.Request) (err error) {
+// See internal/govulncheck.ParseRequest for allowed path forms and query params.
+func (h *GovulncheckServer) handleScan(w http.ResponseWriter, r *http.Request) (err error) {
defer derrors.Wrap(&err, "handleScan")
defer func() {
@@ -86,7 +86,7 @@
log.Infof(ctx, "skipping (module in shouldSkip list): %s", sreq.Path())
return nil
}
- if err := h.readVulncheckWorkVersions(ctx); err != nil {
+ if err := h.readGovulncheckWorkVersions(ctx); err != nil {
return err
}
scanner, err := newScanner(ctx, h)
@@ -106,7 +106,7 @@
return scanner.ScanModule(ctx, w, sreq)
}
-func (h *VulncheckServer) readVulncheckWorkVersions(ctx context.Context) error {
+func (h *GovulncheckServer) readGovulncheckWorkVersions(ctx context.Context) error {
h.mu.Lock()
defer h.mu.Unlock()
if h.storedWorkVersions != nil {
@@ -132,7 +132,7 @@
sbox *sandbox.Sandbox
}
-func newScanner(ctx context.Context, h *VulncheckServer) (*scanner, error) {
+func newScanner(ctx context.Context, h *GovulncheckServer) (*scanner, error) {
workVersion, err := h.getWorkVersion(ctx)
if err != nil {
return nil, err
@@ -216,9 +216,9 @@
case errors.Is(err, derrors.LoadPackagesError):
// general load packages error
case isVulnDBConnection(err):
- err = fmt.Errorf("%v: %w", err, derrors.ScanModuleVulncheckDBConnectionError)
+ err = fmt.Errorf("%v: %w", err, derrors.ScanModuleGovulncheckDBConnectionError)
default:
- err = fmt.Errorf("%v: %w", err, derrors.ScanModuleVulncheckError)
+ err = fmt.Errorf("%v: %w", err, derrors.ScanModuleGovulncheckError)
}
row.AddError(err)
} else {
@@ -351,7 +351,7 @@
return nil, errors.New("binary bucket not configured; set GO_ECOSYSTEM_BINARY_BUCKET")
}
// Copy the binary from GCS to the local disk, because vulncheck.Binary
- // requires a ReaderAt and GCS doesn't provide that.
+ // ultimately requires a ReaderAt and GCS doesn't provide that.
gcsPathname := fmt.Sprintf("%s/%s@%s/%s", gcsBinaryDir, modulePath, version, binDir)
const destDir = binaryDir
log.Debug(ctx, "copying",
@@ -359,7 +359,7 @@
"to", destDir,
"module", modulePath, "version", version,
"dir", binDir)
- destf, err := os.CreateTemp(destDir, "vulncheck-binary-")
+ destf, err := os.CreateTemp(destDir, "govulncheck-binary-")
if err != nil {
return nil, err
}
@@ -373,9 +373,9 @@
return nil, err
}
- log.Infof(ctx, "running vulncheck in sandbox on %s: %s@%s/%s", modulePath, version, binDir, destf.Name())
+ log.Infof(ctx, "running govulncheck in sandbox on %s: %s@%s/%s", modulePath, version, binDir, destf.Name())
stdout, err := s.sbox.Command(binaryDir+"/govulncheck_sandbox", govulncheckPath, ModeBinary, destf.Name()).Output()
- log.Infof(ctx, "done with vulncheck in sandbox on %s: %s@%s/%s err=%v", modulePath, version, binDir, destf.Name(), err)
+ log.Infof(ctx, "done with govulncheck in sandbox on %s: %s@%s/%s err=%v", modulePath, version, binDir, destf.Name(), err)
if err != nil {
return nil, errors.New(derrors.IncludeStderr(err))
@@ -410,8 +410,8 @@
if s.gcsBucket == nil {
return nil, errors.New("binary bucket not configured; set GO_ECOSYSTEM_BINARY_BUCKET")
}
- // Copy the binary from GCS to the local disk, because vulncheck.Binary
- // requires a ReaderAt and GCS doesn't provide that.
+ // Copy the binary from GCS to the local disk, because govulncheck
+ // ultimately requires a ReaderAt and GCS doesn't provide that.
gcsPathname := fmt.Sprintf("%s/%s@%s/%s", gcsBinaryDir, modulePath, version, binDir)
log.Debug(ctx, "copying to temp dir",
"from", gcsPathname, "module", modulePath, "version", version, "dir", binDir)
diff --git a/internal/worker/govulncheck_scan_test.go b/internal/worker/govulncheck_scan_test.go
index 1c2e6ec..db7feab 100644
--- a/internal/worker/govulncheck_scan_test.go
+++ b/internal/worker/govulncheck_scan_test.go
@@ -19,7 +19,7 @@
"golang.org/x/pkgsite-metrics/internal/derrors"
"golang.org/x/pkgsite-metrics/internal/govulncheck"
"golang.org/x/pkgsite-metrics/internal/proxy"
- vulnc "golang.org/x/vuln/client"
+ vulnclient "golang.org/x/vuln/client"
)
var integration = flag.Bool("integration", false, "test against actual service")
@@ -75,7 +75,7 @@
if err != nil {
t.Fatal(err)
}
- dbClient, err := vulnc.NewClient([]string{cfg.VulnDBURL}, vulnc.Options{})
+ dbClient, err := vulnclient.NewClient([]string{cfg.VulnDBURL}, vulnclient.Options{})
if err != nil {
t.Fatal(err)
}
diff --git a/internal/worker/server.go b/internal/worker/server.go
index a7b41dd..356c885 100644
--- a/internal/worker/server.go
+++ b/internal/worker/server.go
@@ -119,7 +119,7 @@
derrors.SetReportingClient(reportingClient)
}
- if err := s.registerVulncheckHandlers(ctx); err != nil {
+ if err := s.registerGovulncheckHandlers(ctx); err != nil {
return nil, err
}
if err := s.registerAnalysisHandlers(ctx); err != nil {
@@ -165,8 +165,8 @@
http.Handle(pattern, s.observer.Observe(h))
}
-func (s *Server) registerVulncheckHandlers(ctx context.Context) error {
- h, err := newVulncheckServer(ctx, s)
+func (s *Server) registerGovulncheckHandlers(ctx context.Context) error {
+ h, err := newGovulncheckServer(ctx, s)
if err != nil {
return err
}
