Google Git
Sign in
go / vuln / 88cf1226ab4dcb73b4ea695a28b05d77048bac5f^! / .
commit88cf1226ab4dcb73b4ea695a28b05d77048bac5f[log] [tgz]
authorRoland Shoemaker <roland@golang.org>Tue Jun 01 09:21:32 2021 -0700
committerRoland Shoemaker <roland@golang.org>Wed Jun 02 14:32:24 2021 +0000
tree9953a843abc2d6be2cb8c837011b9bfe4d921e6d
parent090c04e1ab2dae915d6361b260aed8a5bea19a4d [diff]
report,cmd/gendb: use lowercase JSON keys and fix public URL

Change-Id: Iaf276b94700bf66abe24e14aad04904571b3e6a4
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/323949
Trust: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>

diff --git a/cmd/gendb/main.go b/cmd/gendb/main.go
index 176130d..9bb283f 100644
--- a/cmd/gendb/main.go
+++ b/cmd/gendb/main.go

@@ -24,14 +24,14 @@
 	os.Exit(1)
 }
 
-// TODO: obviously not for the real world
-const dbURL = "https://go.googlesource.com/vulndb/+/refs/heads/main/reports/"
+// TODO(rolandshoemaker): once we have the HTML representation ready this should
+// be the prefix for that.
+const dbURL = "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/"
 
 func matchesCurrent(path string, new []osv.Entry) bool {
 	var current []osv.Entry
 	content, err := ioutil.ReadFile(path + ".json")
 	if err != nil {
-		fmt.Println("bad", err)
 		return false
 	}
 	if err = json.Unmarshal(content, &current); err != nil {
@@ -70,7 +70,10 @@
 
 		name := strings.TrimSuffix(filepath.Base(f.Name()), filepath.Ext(f.Name()))
 
-		for _, e := range osv.Generate(name, fmt.Sprintf("%s%s.toml", dbURL, name), vuln) {
+		// TODO(rolandshoemaker): once the HTML representation is ready this should be
+		// the link to the HTML page.
+		linkName := fmt.Sprintf("%s%s.yaml", dbURL, name)
+		for _, e := range osv.Generate(name, linkName, vuln) {
 			jsonVulns[e.Package.Name] = append(jsonVulns[e.Package.Name], e)
 		}
 	}

diff --git a/osv/json.go b/osv/json.go
index 1ee0867..660cda7 100644
--- a/osv/json.go
+++ b/osv/json.go

@@ -3,7 +3,8 @@
 // license that can be found in the LICENSE file.
 
 // Package osv implements the <name-pending> shared vulnerability
-// format, with the Go specific extensions.
+// format, with the Go specific extensions, as defined by
+// https://tinyurl.com/vuln-json.
 //
 // As this package is intended for use with the Go vulnerability
 // database, only the subset of features which are used by that
@@ -67,7 +68,7 @@
 }
 
 type Affects struct {
-	Ranges []AffectsRange `json:",omitempty"`
+	Ranges []AffectsRange `json:"ranges,omitempty"`
 }
 
 func generateAffects(versions []report.VersionRange) Affects {
@@ -105,9 +106,9 @@
 }
 
 type GoSpecific struct {
-	Symbols []string `json:",omitempty"`
-	GOOS    []string `json:",omitempty"`
-	GOARCH  []string `json:",omitempty"`
+	Symbols []string `json:"symbols,omitempty"`
+	GOOS    []string `json:"goos,omitempty"`
+	GOARCH  []string `json:"goarch,omitempty"`
 	URL     string   `json:"url"`
 }