internal/osvutils: don't require references in OSV
Individual lint checks cover the cases in which certain references
are required, so the check for having references is not needed.
(For example, standard library reports have certain requirements,
and reports with no description must list an advisory).
In some limited cases, such as when a report is the first
public reference to a vulnerability, it can be appropriate to
have no references at all.
Change-Id: Ide58fd1422c06eb44b83ae6c3f74b49e3fdf5b48
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/602136
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
diff --git a/internal/osvutils/validate.go b/internal/osvutils/validate.go
index 169d3a0..be9297c 100644
--- a/internal/osvutils/validate.go
+++ b/internal/osvutils/validate.go
@@ -49,7 +49,6 @@
errNoSummary = errors.New("summary field is empty")
errNoDetails = errors.New("details field is empty")
errNoAffected = errors.New("affected field is empty")
- errNoReferences = errors.New("references field is empty")
errNoDatabaseSpecific = errors.New("database_specific field is empty")
errNoModule = errors.New("affected field missing module path")
errNotGoEcosystem = errors.New("affected ecosystem is not Go")
@@ -95,8 +94,6 @@
return errNoDetails
case len(e.Affected) == 0:
return errNoAffected
- case len(e.References) == 0:
- return errNoReferences
case e.DatabaseSpecific == nil:
return errNoDatabaseSpecific
}
diff --git a/internal/osvutils/validate_test.go b/internal/osvutils/validate_test.go
index 605fb90..922a5dc 100644
--- a/internal/osvutils/validate_test.go
+++ b/internal/osvutils/validate_test.go
@@ -170,13 +170,6 @@
wantErr: errNoAffected,
},
{
- name: "no references",
- entry: testEntry(func(e *osv.Entry) {
- e.References = nil
- }),
- wantErr: errNoReferences,
- },
- {
name: "no database specific",
entry: testEntry(func(e *osv.Entry) {
e.DatabaseSpecific = nil