internal/worker: add standard library keywords
Add keywords in the reference data that would identify a CVE as a Go
vulnerability data are added.
Change-Id: I5e237486dd7e2a56acb41706b523d3f036cbe53e
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/362240
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
diff --git a/internal/worker/cve.go b/internal/worker/cve.go
index 1272070..0940d21 100644
--- a/internal/worker/cve.go
+++ b/internal/worker/cve.go
@@ -46,8 +46,6 @@
}
}
-const goGitHubRepo = "github.com/golang/go"
-
// createCVE creates a cve record state from the data provided.
func createCVE(c *cveschema.CVE, state string, mp string, isGoVuln bool) *cve {
r := &cve{
@@ -59,9 +57,6 @@
description: description(c),
isGoVuln: isGoVuln,
}
- if mp == goGitHubRepo {
- r.modulePath = "Standard Library"
- }
return r
}
@@ -80,6 +75,13 @@
"golang.org": true,
}
+var stdlibKeywords = map[string]bool{
+ "github.com/golang": true,
+ "golang-announce": true,
+ "golang-nuts": true,
+ "golang.org": true,
+}
+
// cveModulePath returns a Go module path for a CVE, if we can determine what
// it is.
func cveModulePath(c *cveschema.CVE) (_ string, err error) {
@@ -88,6 +90,11 @@
if r.URL == "" {
continue
}
+ for k := range stdlibKeywords {
+ if strings.Contains(r.URL, k) {
+ return "Go Standard Library", nil
+ }
+ }
for host := range vcsHostsWithThreeElementRepoName {
if !strings.Contains(r.URL, host) {
continue