internal/cvelist: label stdlib issues When the reference data contains a link to github.com/golang/go, assume that it is a Stdlib CVE. Change-Id: If890ad692685eed2483acdd4dbff1f51ddb7b639 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/357189 Trust: Julie Qiu <julie@golang.org> Run-TryBot: Julie Qiu <julie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>

commit: 6fab4863a06be7e72ef99e296a2fc466ad5c0853 [log] [tgz]
author: Julie Qiu <julie@golang.org> Tue Oct 19 22:47:39 2021 -0400
committer: Julie Qiu <julie@golang.org> Tue Oct 26 20:09:33 2021 +0000
tree: 9bb1586a629c3c995b80b0ffd3f9a69d39325cc1
parent: 5720154d4149d19f535ac306b5e93980f2d09181 [diff]
diff --git a/internal/cvelist/cvelist.go b/internal/cvelist/cvelist.go
index f90d8a1..428272d 100644
--- a/internal/cvelist/cvelist.go
+++ b/internal/cvelist/cvelist.go

@@ -155,6 +155,8 @@
 	return &c, nil
 }
 
+const goGitHubRepo = "github.com/golang/go"
+
 // cveToIssue creates a GoVulnIssue from a c *cveschema.CVE.
 func cveToIssue(c *cveschema.CVE) (*GoVulnIssue, error) {
 	if isPendingCVE(c) {
@@ -194,6 +196,9 @@
 		CVE:         c.CVEDataMeta.ID,
 		Description: description(c),
 	}
+	if mp == goGitHubRepo {
+		r.Stdlib = true
+	}
 	info := AdditionalInfo{
 		Products: products(c),
 		CWE:      cwe,
commit	6fab4863a06be7e72ef99e296a2fc466ad5c0853	[log] [tgz]
author	Julie Qiu <julie@golang.org>	Tue Oct 19 22:47:39 2021 -0400
committer	Julie Qiu <julie@golang.org>	Tue Oct 26 20:09:33 2021 +0000
tree	9bb1586a629c3c995b80b0ffd3f9a69d39325cc1
parent	5720154d4149d19f535ac306b5e93980f2d09181 [diff]