internal/{osv,vuln}: consolidate refs to special module paths
Change-Id: Ia3c4f84c5559adef42b9f8659231024a7fc062a9
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/486455
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: kokoro <noreply+kokoro@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
diff --git a/internal/osv/affected.go b/internal/osv/affected.go
index 8cbd84c..e552b3a 100644
--- a/internal/osv/affected.go
+++ b/internal/osv/affected.go
@@ -11,7 +11,7 @@
var affected []string
for _, a := range e.Affected {
switch a.Module.Path {
- case "stdlib", "toolchain":
+ case GoStdModulePath, GoCmdModulePath:
// Name specific standard library packages and tools.
for _, p := range a.EcosystemSpecific.Packages {
affected = append(affected, p.Path)
diff --git a/internal/vuln/vulns.go b/internal/vuln/vulns.go
index a785288..6edf372 100644
--- a/internal/vuln/vulns.go
+++ b/internal/vuln/vulns.go
@@ -17,14 +17,6 @@
"golang.org/x/pkgsite/internal/version"
)
-const (
- // The vulndb stores vulns in cmd/go under the modulepath toolchain.
- vulnCmdGoModulePath = "toolchain"
- // The vulndb stores vulns under the modulepath stdlib for all other packages
- // in the standard library.
- vulnStdlibModulePath = "stdlib"
-)
-
// A Vuln contains information to display about a vulnerability.
type Vuln struct {
// The vulndb ID.
@@ -51,17 +43,21 @@
func vulnsForPackage(ctx context.Context, modulePath, vers, packagePath string, vc *Client) (_ []Vuln, err error) {
defer derrors.Wrap(&err, "vulnsForPackage(%q, %q, %q)", modulePath, vers, packagePath)
- // Stdlib pages requested at master will map to a pseudo version that puts
- // all vulns in range. We can't really tell you're at master so version.IsPseudo
- // is the best we can do. The result is vulns won't be reported for a pseudoversion
- // that refers to a commit that is in a vulnerable range.
- if modulePath == stdlib.ModulePath && version.IsPseudo(vers) {
- return nil, nil
- }
- if modulePath == stdlib.ModulePath && strings.HasPrefix(packagePath, "cmd/go") {
- modulePath = vulnCmdGoModulePath
- } else if modulePath == stdlib.ModulePath {
- modulePath = vulnStdlibModulePath
+ // Handle special module paths.
+ if modulePath == stdlib.ModulePath {
+ // Stdlib pages requested at master will map to a pseudo version
+ // that puts all vulns in range.
+ // We can't really tell you're at master so version.IsPseudo
+ // is the best we can do. The result is vulns won't be reported for a
+ // pseudoversion that refers to a commit that is in a vulnerable range.
+ switch {
+ case version.IsPseudo(vers):
+ return nil, nil
+ case strings.HasPrefix(packagePath, "cmd/"):
+ modulePath = osv.GoCmdModulePath
+ default:
+ modulePath = osv.GoStdModulePath
+ }
}
// Get all the vulns for this package/version.
