internal/worker: pass CVE states to Run
Rather than just reading the set of CVEs that have been triaged from
triaged-cve-list, a map is now passed to Run containing the state of
those CVEs.
Change-Id: I9926c75c17662e4fdb602b315c7ff170e4564f5b
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/362236
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
diff --git a/cmd/cvetriage/main.go b/cmd/cvetriage/main.go
index 89530c3..152e7a2 100644
--- a/cmd/cvetriage/main.go
+++ b/cmd/cvetriage/main.go
@@ -58,9 +58,9 @@
statusTriaged = "triaged"
)
-func readTriagedCVEList() (_ map[string]bool, err error) {
+func readTriagedCVEList() (_ map[string]string, err error) {
defer derrors.Wrap(&err, "readTriagedCVEList()")
- triaged := map[string]bool{}
+ triaged := map[string]string{}
lines, err := internal.ReadFileLines(triagedCVEList)
if err != nil {
return nil, err
@@ -71,20 +71,20 @@
return nil, fmt.Errorf("unexpected syntax: %q", l)
}
var (
- cveID = vuln[0]
- status = vuln[1]
+ cveID = vuln[0]
+ state = vuln[1]
)
- if status != statusFalsePositive && status != statusTriaged {
+ if state != statusFalsePositive && state != statusTriaged {
return nil, fmt.Errorf("unexpected syntax: %q", l)
}
- if status == statusTriaged {
+ if state == statusTriaged {
if len(vuln) != 3 {
return nil, fmt.Errorf("unexpected syntax: %q", l)
}
- triaged[cveID] = true
+ triaged[cveID] = state
}
- if status == statusFalsePositive {
- triaged[cveID] = true
+ if state == statusFalsePositive {
+ triaged[cveID] = state
}
}
return triaged, nil
diff --git a/internal/worker/worker.go b/internal/worker/worker.go
index 1c7957a..fca2e81 100644
--- a/internal/worker/worker.go
+++ b/internal/worker/worker.go
@@ -25,7 +25,7 @@
// Run clones the CVEProject/cvelist repository and compares the files to the
// existing triaged-cve-list.
-func Run(dirpath string, triaged map[string]bool) (err error) {
+func Run(dirpath string, triaged map[string]string) (err error) {
defer derrors.Wrap(&err, "Run(triaged)")
var repo *git.Repository
if dirpath != "" {
@@ -50,7 +50,7 @@
// team.
// TODO: Create GitHub issues. At the moment, this just prints the number of
// issues to be created.
-func createIssuesToTriage(r *git.Repository, t *object.Tree, triaged map[string]bool) (err error) {
+func createIssuesToTriage(r *git.Repository, t *object.Tree, triaged map[string]string) (err error) {
defer derrors.Wrap(&err, "createIssuesToTriage(r, t, triaged)")
log.Printf("Finding new Go vulnerabilities from CVE list...")
cves, issues, err := walkRepo(r, t, "", triaged)
@@ -73,7 +73,7 @@
// walkRepo looks at the files in t, recursively, and check if it is a CVE that
// needs to be manually triaged.
-func walkRepo(r *git.Repository, t *object.Tree, dirpath string, triaged map[string]bool) (newCVEs map[string]bool, newIssues []*GoVulnIssue, err error) {
+func walkRepo(r *git.Repository, t *object.Tree, dirpath string, triaged map[string]string) (newCVEs map[string]bool, newIssues []*GoVulnIssue, err error) {
defer derrors.Wrap(&err, "walkRepo(r, t, %q, triaged)", dirpath)
newCVEs = map[string]bool{}
for _, e := range t.Entries {
@@ -100,7 +100,7 @@
continue
}
cveID := strings.TrimSuffix(e.Name, ".json")
- if triaged[cveID] {
+ if _, ok := triaged[cveID]; ok {
continue
}
newCVEs[cveID] = true
