internal/govulncheck: add GoVersion in Config
This helps testing that involves stdlib vulnerabilities easier.
And, potentially provide an analysis mode like `govulncheck -go=go1.19`
(assuming the vulnerable code in stdlib didn't change much :-()
Change-Id: Ic5cc52086799ccf3a4feed190407586370ae7656
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/440218
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/internal/govulncheck/config.go b/internal/govulncheck/config.go
index e634638..709b396 100644
--- a/internal/govulncheck/config.go
+++ b/internal/govulncheck/config.go
@@ -51,4 +51,8 @@
// SourceLoadConfig specifies the package loading configuration.
SourceLoadConfig *packages.Config
+
+ // GoVersion specifies the go version used when analyzing source code.
+ // The default is the version of the go command found from the PATH (Path).
+ GoVersion string
}
diff --git a/internal/govulncheck/run.go b/internal/govulncheck/run.go
index 49a95bc..813a210 100644
--- a/internal/govulncheck/run.go
+++ b/internal/govulncheck/run.go
@@ -32,7 +32,7 @@
if err != nil {
return nil, err
}
- vcfg := &vulncheck.Config{Client: dbClient, SourceGoVersion: internal.GoVersion()}
+ vcfg := &vulncheck.Config{Client: dbClient, SourceGoVersion: cfg.GoVersion}
format := cfg.OutputType
if format == OutputTypeText || format == OutputTypeVerbose {
