| commit | eb5163711b4c63e67c26b59ea10b904bf0bf3471 | [log] [tgz] |
|---|---|---|
| author | Hana (Hyang-Ah) Kim <hyangah@gmail.com> | Thu Oct 20 21:33:50 2022 -0400 |
| committer | Hyang-Ah Hana Kim <hyangah@gmail.com> | Fri Oct 21 16:55:25 2022 +0000 |
| tree | 0c64026e59c034822e575240e6df622b1e582869 | |
| parent | fa375cee03b76f0dcf875d6311abb4f61d7bd4d2 [diff] |
internal/vulns: handle stdlib vulnerabilities (copy of cl/431838) vulnsForPackage and VulnsForPackage in this package were copied from internal/frontend/vulns.go for easier testing. (cl/429677) But I forgot to replace internal/frontend.VulnsForPackage with this new copy. Update the copy to match what's in internal/frontend/vulns.go. There were https://go-review.googlesource.com/c/pkgsite/+/430281 https://go-review.googlesource.com/c/pkgsite/+/431838 https://go-review.googlesource.com/c/pkgsite/+/432418 https://go-review.googlesource.com/c/pkgsite/+/436758 since https://go-review.googlesource.com/c/pkgsite/+/429677 But only https://go-review.googlesource.com/c/pkgsite/+/431838 changed the relevant code path. Co-authored-by: Jamal Carvalho <jamal@golang.org> Change-Id: Ifc3214389631e0904e015f7f7a69595215d14649 Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/444676 Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com> TryBot-Result: kokoro <noreply+kokoro@google.com> Reviewed-by: Jamal Carvalho <jamal@golang.org>
diff --git a/internal/vulns/vulns.go b/internal/vulns/vulns.go index 9885196..303bafa 100644 --- a/internal/vulns/vulns.go +++ b/internal/vulns/vulns.go
@@ -17,6 +17,14 @@ "golang.org/x/vuln/osv" ) +const ( + // The vulndb stores vulns in cmd/go under the modulepath toolchain. + vulnCmdGoModulePath = "toolchain" + // The vulndb stores vulns under the modulepath stdlib for all other packages + // in the standard library. + vulnStdlibModulePath = "stdlib" +) + // A Vuln contains information to display about a vulnerability. type Vuln struct { // The vulndb ID. @@ -46,6 +54,11 @@ if getVulnEntries == nil { return nil, nil } + if modulePath == stdlib.ModulePath && strings.HasPrefix(packagePath, "cmd/go") { + modulePath = vulnCmdGoModulePath + } else if modulePath == stdlib.ModulePath { + modulePath = vulnStdlibModulePath + } // Get all the vulns for this module. entries, err := getVulnEntries(ctx, modulePath) if err != nil {