cmd,exp/internal: fix build errors
A series of errors are fixed due to bad submits and merge conflicts.
This reverts some refactoring changes, which will be added back in
subsequent CLs.
Change-Id: Ia3c825fc9c0ee2c07a770869f1ff8eaffeb6ae21
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/437863
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Julie Qiu <julieqiu@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
diff --git a/cmd/govulncheck/main.go b/cmd/govulncheck/main.go
index f4bfadf..7c8a407 100644
--- a/cmd/govulncheck/main.go
+++ b/cmd/govulncheck/main.go
@@ -5,7 +5,6 @@
package main
import (
- "context"
"errors"
"flag"
"fmt"
@@ -75,8 +74,7 @@
buildFlags = []string{fmt.Sprintf("-tags=%s", strings.Join(tagsFlag, ","))}
}
- ctx := context.Background()
- err := govulncheck.Run(ctx, govulncheck.Config{
+ err := govulncheck.Run(govulncheck.Config{
AnalysisType: mode,
OutputType: outputType,
Patterns: patterns,
diff --git a/exp/govulncheck/govulncheck.go b/exp/govulncheck/govulncheck.go
index 3507f9e..d9512ae 100644
--- a/exp/govulncheck/govulncheck.go
+++ b/exp/govulncheck/govulncheck.go
@@ -6,15 +6,13 @@
package govulncheck
import (
- "context"
-
"golang.org/x/vuln/internal/govulncheck"
)
// Config is the configuration for Main.
type Config = govulncheck.Config
-// Run is the primary function for the govulncheck command line tool.
-func Run(ctx context.Context, cfg Config) error {
- return govulncheck.Run(ctx, cfg)
+// Run is the main function for the govulncheck command line tool.
+func Run(cfg Config) error {
+ return govulncheck.Run(cfg)
}
diff --git a/internal/govulncheck/config.go b/internal/govulncheck/config.go
index 55ff8ed..e634638 100644
--- a/internal/govulncheck/config.go
+++ b/internal/govulncheck/config.go
@@ -33,18 +33,8 @@
)
const (
- // EnvGOVULNDB is the GOVULNDB environment variable, which accepts a list
- // of a comma-separated list of vulnerability database URLs, with http://,
- // https://, or file:// protocols.
- //
- // If this is empty, govulncheck will default to the Go vulnerability
- // database at vuln.go.dev.
- EnvGOVULNDB = "GOVULNDB"
-
- // envGOVULNDB represents the GOVERSION environment variable.
- envGOVERSION = "GOVERSION"
-
- vulndbHost = "https://vuln.go.dev"
+ envGOVULNDB = "GOVULNDB"
+ vulndbHost = "https://vuln.go.dev"
)
// Config is the configuration for Main.
diff --git a/internal/govulncheck/run.go b/internal/govulncheck/run.go
index ff521ee..7e1f707 100644
--- a/internal/govulncheck/run.go
+++ b/internal/govulncheck/run.go
@@ -5,28 +5,34 @@
package govulncheck
import (
- "bytes"
"context"
"encoding/json"
"fmt"
"os"
- "os/exec"
"path/filepath"
"sort"
"strings"
"golang.org/x/exp/maps"
"golang.org/x/vuln/client"
+ "golang.org/x/vuln/internal"
"golang.org/x/vuln/osv"
"golang.org/x/vuln/vulncheck"
)
// Run is the main function for the govulncheck command line tool.
-func Run(ctx context.Context, cfg Config) error {
- vcfg, err := createVulncheckConfig(cfg)
+func Run(cfg Config) error {
+ dbs := []string{vulndbHost}
+ if db := os.Getenv(envGOVULNDB); db != "" {
+ dbs = strings.Split(db, ",")
+ }
+ dbClient, err := client.NewClient(dbs, client.Options{
+ HTTPCache: DefaultCache(),
+ })
if err != nil {
return err
}
+ vcfg := &vulncheck.Config{Client: dbClient, SourceGoVersion: internal.GoVersion()}
format := cfg.OutputType
if format == OutputTypeText || format == OutputTypeVerbose {
@@ -36,6 +42,7 @@
r *vulncheck.Result
pkgs []*vulncheck.Package
unaffected []*vulncheck.Vuln
+ ctx = context.Background()
)
switch cfg.AnalysisType {
case AnalysisTypeBinary:
@@ -287,33 +294,6 @@
return s[:i]
}
-func createVulncheckConfig(cfg Config) (*vulncheck.Config, error) {
- dbs := []string{vulndbHost}
- if db := os.Getenv(envGOVULNDB); db != "" {
- dbs = strings.Split(db, ",")
- }
- dbClient, err := client.NewClient(dbs, client.Options{
- HTTPCache: DefaultCache(),
- })
- if err != nil {
- return nil, err
- }
- return &vulncheck.Config{Client: dbClient, SourceGoVersion: goVersion()}, nil
-}
-
-func goVersion() string {
- if v := os.Getenv(envGOVERSION); v != "" {
- // Unlikely to happen in practice, mostly used for testing.
- return v
- }
- out, err := exec.Command("go", "env", envGOVERSION).Output()
- if err != nil {
- fmt.Fprintf(os.Stderr, "failed to determine go version; skipping stdlib scanning: %v\n", err)
- return ""
- }
- return string(bytes.TrimSpace(out))
-}
-
func packageVersionString(packagePath, version string) string {
v := "v" + version
if importPathInStdlib(packagePath) {
