vulncheck: add more checks for nil package of a function
Cherry-picked: https://go-review.googlesource.com/c/exp/+/380835
Change-Id: Ib8d04bb70f9c9af3f614cf86f8115bc11cebbfec
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/395056
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
diff --git a/vulncheck/source.go b/vulncheck/source.go
index df42586..b5206e9 100644
--- a/vulncheck/source.go
+++ b/vulncheck/source.go
@@ -6,7 +6,6 @@
import (
"context"
- "fmt"
"runtime"
"golang.org/x/tools/go/callgraph"
@@ -35,7 +34,6 @@
}
vulnPkgModSlice(pkgs, modVulns, result)
- fmt.Println("IMPORTS", result.Imports)
if cfg.ImportsOnly {
return result, nil
}
@@ -296,10 +294,7 @@
}
// Check if f has known vulnerabilities.
- var vulns []*osv.Entry
- if f.Package() != nil {
- vulns = modVulns.VulnsForSymbol(f.Package().Pkg.Path(), dbFuncName(f))
- }
+ vulns := modVulns.VulnsForSymbol(pkgPath(f), dbFuncName(f))
var funNode *FuncNode
// If there are vulnerabilities for f, create node for f and
@@ -362,12 +357,21 @@
return funNode
}
+// pkgPath returns the path of the f's enclosing package, if any.
+// Otherwise, returns "".
+func pkgPath(f *ssa.Function) string {
+ if f.Package() != nil && f.Package().Pkg != nil {
+ return f.Package().Pkg.Path()
+ }
+ return ""
+}
+
func funcNode(f *ssa.Function) *FuncNode {
id := nextFunID()
return &FuncNode{
ID: id,
Name: f.Name(),
- PkgPath: f.Package().Pkg.Path(),
+ PkgPath: pkgPath(f),
RecvType: funcRecvType(f),
Pos: funcPosition(f),
}