vulncheck: check for nil package
Cherry-picked: https://go-review.googlesource.com/c/exp/+/380434
Change-Id: I1b6069ca5347586496b036e083fc9647d227981a
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/395054
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
diff --git a/vulncheck/source.go b/vulncheck/source.go
index ad164af..df42586 100644
--- a/vulncheck/source.go
+++ b/vulncheck/source.go
@@ -6,6 +6,7 @@
import (
"context"
+ "fmt"
"runtime"
"golang.org/x/tools/go/callgraph"
@@ -34,7 +35,7 @@
}
vulnPkgModSlice(pkgs, modVulns, result)
-
+ fmt.Println("IMPORTS", result.Imports)
if cfg.ImportsOnly {
return result, nil
}
@@ -295,7 +296,10 @@
}
// Check if f has known vulnerabilities.
- vulns := modVulns.VulnsForSymbol(f.Package().Pkg.Path(), dbFuncName(f))
+ var vulns []*osv.Entry
+ if f.Package() != nil {
+ vulns = modVulns.VulnsForSymbol(f.Package().Pkg.Path(), dbFuncName(f))
+ }
var funNode *FuncNode
// If there are vulnerabilities for f, create node for f and
