internal/worker: link to vuln package in GHSA issue
When creating an issue for a GitHub security advisory,
add a link for the vulnerable package or module, pointing
to pkg.go.dev.
Change-Id: Ic03974f3f56b555a337e5afe9485ff3cf48096ce
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/388856
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/internal/worker/worker.go b/internal/worker/worker.go
index a1049d8..9c23ed0 100644
--- a/internal/worker/worker.go
+++ b/internal/worker/worker.go
@@ -344,9 +344,10 @@
sa := sr.(*store.GHSARecord).GHSA
var b strings.Builder
+ pkg := sa.Vulns[0].Package
intro := fmt.Sprintf(
- "In GitHub Security Advisory [%s](%s), there is a vulnerability in the Go package or module %s.",
- sr.GetPrettyID(), sa.Permalink, sa.Vulns[0].Package)
+ "In GitHub Security Advisory [%s](%s), there is a vulnerability in the Go package or module [%s](https://pkg.go.dev/%s).",
+ sr.GetPrettyID(), sa.Permalink, pkg, pkg)
if err := issueTemplate.Execute(&b, issueTemplateData{
Intro: intro,
}); err != nil {
diff --git a/internal/worker/worker_test.go b/internal/worker/worker_test.go
index 5ed3cd8..895eb89 100644
--- a/internal/worker/worker_test.go
+++ b/internal/worker/worker_test.go
@@ -251,7 +251,7 @@
if err != nil {
t.Fatal(err)
}
- want := `In GitHub Security Advisory [G1](https://github.com/permalink/to/G1), there is a vulnerability in the Go package or module aPackage.
+ want := `In GitHub Security Advisory [G1](https://github.com/permalink/to/G1), there is a vulnerability in the Go package or module [aPackage](https://pkg.go.dev/aPackage).
