cmd/govulncheck: test default output for binaries
Test running govulncheck on a compiled Go binary, in default mode.
Change-Id: I9d6842d4a8f43c329832fd55c2ad7d79762d0f11
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/400119
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/cmd/govulncheck/main.go b/cmd/govulncheck/main.go
index 575a5c2..02b7e79 100644
--- a/cmd/govulncheck/main.go
+++ b/cmd/govulncheck/main.go
@@ -142,7 +142,7 @@
topPackages[p.PkgPath] = true
}
vulnGroups := groupByIDAndPackage(vulns)
- moduleVersions := moduleVersionMap(r.Requires)
+ moduleVersions := moduleVersionMap(r.Modules)
if *htmlFlag {
if err := html(os.Stdout, r, callStacks, moduleVersions, topPackages, vulnGroups); err != nil {
die("writing HTML: %v", err)
@@ -160,12 +160,12 @@
}
// moduleVersionMap builds a map from module paths to versions.
-func moduleVersionMap(rg *vulncheck.RequireGraph) map[string]string {
+func moduleVersionMap(mods []*vulncheck.Module) map[string]string {
moduleVersions := map[string]string{}
- for _, m := range rg.Modules {
+ for _, m := range mods {
v := m.Version
- if m.Replace != 0 {
- v = rg.Modules[m.Replace].Version
+ if m.Replace != nil {
+ v = m.Replace.Version
}
moduleVersions[m.Path] = v
}
diff --git a/cmd/govulncheck/main_test.go b/cmd/govulncheck/main_test.go
index f7a0996..8a6d823 100644
--- a/cmd/govulncheck/main_test.go
+++ b/cmd/govulncheck/main_test.go
@@ -65,6 +65,20 @@
}
return out, err
}
+
+ // Build test module binaries.
+ moduleDirs, err := filepath.Glob("testdata/modules/*")
+ if err != nil {
+ t.Fatal(err)
+ }
+ for _, md := range moduleDirs {
+ binary, cleanup := buildtest.GoBuild(t, md)
+ defer cleanup()
+ // Set an environment variable to the path to the binary, so tests
+ // can refer to it.
+ varName := filepath.Base(md) + "_binary"
+ os.Setenv(varName, binary)
+ }
ts.Run(t, *update)
}
diff --git a/cmd/govulncheck/testdata/default-binary.ct b/cmd/govulncheck/testdata/default-binary.ct
new file mode 100644
index 0000000..4986f45
--- /dev/null
+++ b/cmd/govulncheck/testdata/default-binary.ct
@@ -0,0 +1,14 @@
+# Test of default mode with a binary.
+
+# No vulnerabilities, no output.
+$ govulncheck ${novuln_binary}
+
+$ govulncheck ${vuln_binary} --> FAIL 3
+package: golang.org/x/text/language
+your version: v0.3.0
+fixed version: v0.3.7
+reference: https://pkg.go.dev/vuln/GO-2021-0113
+description: Due to improper index calculation, an incorrectly formatted
+ language tag can cause Parse to panic via an out of bounds read.
+ If Parse is used to process untrusted user inputs, this may be
+ used as a vector for a denial of service attack.