internal/cvelist: label stdlib issues
When the reference data contains a link to github.com/golang/go, assume
that it is a Stdlib CVE.
Change-Id: If890ad692685eed2483acdd4dbff1f51ddb7b639
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/357189
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
diff --git a/internal/cvelist/cvelist.go b/internal/cvelist/cvelist.go
index f90d8a1..428272d 100644
--- a/internal/cvelist/cvelist.go
+++ b/internal/cvelist/cvelist.go
@@ -155,6 +155,8 @@
return &c, nil
}
+const goGitHubRepo = "github.com/golang/go"
+
// cveToIssue creates a GoVulnIssue from a c *cveschema.CVE.
func cveToIssue(c *cveschema.CVE) (*GoVulnIssue, error) {
if isPendingCVE(c) {
@@ -194,6 +196,9 @@
CVE: c.CVEDataMeta.ID,
Description: description(c),
}
+ if mp == goGitHubRepo {
+ r.Stdlib = true
+ }
info := AdditionalInfo{
Products: products(c),
CWE: cwe,