Google Git
Sign in
go / vuln / f79b16e3b7a1c577c28af6d586f4f90228171d85^! / .
commitf79b16e3b7a1c577c28af6d586f4f90228171d85[log] [tgz]
authorZvonimir Pavlinovic <zpavlinovic@google.com>Wed May 18 11:41:03 2022 -0700
committerZvonimir Pavlinovic <zpavlinovic@google.com>Wed May 18 21:02:32 2022 +0000
treed4b4d8878ca23af2c854f155e18839bb1203783c
parent98cf4ba478a62f7ef16975505f0b2d4c05934e1b [diff]
cmd/govulncheck/integration/k8s: count only called vulnerabilities

Due to a bug recently addressed, govulncheck was reporting all detected
symbols, not just the called ones. This resulted in wrong expectations
that got broken after the fix was introduced.

Change-Id: I36a60b529c9ea12bb42f055ee0830554183ca11b
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/407054
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>

diff --git a/cmd/govulncheck/integration/k8s/k8s.go b/cmd/govulncheck/integration/k8s/k8s.go
index 6f36ee1..2f4c1d2 100644
--- a/cmd/govulncheck/integration/k8s/k8s.go
+++ b/cmd/govulncheck/integration/k8s/k8s.go

@@ -35,8 +35,8 @@
 		log.Fatal("Failed to load json into vulncheck.Result:", err)
 	}
 
-	if len(r.Vulns) != 326 {
-		log.Fatal("want 326 vulns; got", len(r.Vulns))
+	if len(r.Vulns) != 19 {
+		log.Fatal("want 19 vulns; got", len(r.Vulns))
 	}
 
 	type vuln struct {
@@ -45,9 +45,7 @@
 	}
 	calledVulns := make(map[vuln]bool)
 	for _, v := range r.Vulns {
-		if v.CallSink != 0 {
-			calledVulns[vuln{v.PkgPath, v.Symbol}] = true
-		}
+		calledVulns[vuln{v.PkgPath, v.Symbol}] = true
 	}
 
 	want := map[vuln]bool{
@@ -73,6 +71,6 @@
 	}
 
 	if !cmp.Equal(calledVulns, want) {
-		log.Fatalf("want %v called symbols;\ngot%v\n", want, calledVulns)
+		log.Fatalf("want %v called symbols;\ngot %v\n", want, calledVulns)
 	}
 }