internal/report: refine lint checks for stdlib links

Permit the commit link for a standard library report to reference
any go.googlesource.com repo, allowing us to record a link to the
original fix for packages vendored into the stdlib.

Make the commit field optional. The pr and commit fields are
for informational purposes. It's sufficient to link to the
Gerrit CL; anyone who wants the specific commit can easily
get to it from there.

Improve fix while I'm in here to drop the redundant package
when package==module. (Lint checks for it, fix can fix it.)

Change-Id: I68473c674b82535da52a793b57343bd48fd5acf4
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/415535
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/internal/report/lint.go b/internal/report/lint.go
index f56afaf..ef38acf 100644
--- a/internal/report/lint.go
+++ b/internal/report/lint.go
@@ -239,7 +239,7 @@
 // Regex patterns for standard library links.
 var (
 	prRegex       = regexp.MustCompile(`https://go.dev/cl/\d+`)
-	commitRegex   = regexp.MustCompile(`https://go.googlesource.com/go/\+/([^/]+)`)
+	commitRegex   = regexp.MustCompile(`https://go.googlesource.com/[^/]+/\+/([^/]+)`)
 	issueRegex    = regexp.MustCompile(`https://go.dev/issue/\d+`)
 	announceRegex = regexp.MustCompile(`https://groups.google.com/g/golang-(announce|dev|nuts)/c/([^/]+)`)
 )
@@ -254,8 +254,8 @@
 	if !prRegex.MatchString(r.Links.PR) {
 		addIssue(fmt.Sprintf("links.pr should contain a PR link matching %q", prRegex))
 	}
-	if !commitRegex.MatchString(r.Links.Commit) {
-		addIssue(fmt.Sprintf("links.commit should contain a commit link matching %q", commitRegex))
+	if r.Links.Commit != "" && !commitRegex.MatchString(r.Links.Commit) {
+		addIssue(fmt.Sprintf("links.commit commit link should match %q", commitRegex))
 	}
 	hasIssueLink := false
 	hasAnnounceLink := false
@@ -365,6 +365,9 @@
 		*vp = v
 	}
 	for i, p := range r.Packages {
+		if p.Package == p.Module {
+			p.Package = ""
+		}
 		for j := range p.Versions {
 			fixVersion(&r.Packages[i].Versions[j].Introduced)
 			fixVersion(&r.Packages[i].Versions[j].Fixed)
diff --git a/internal/report/lint_test.go b/internal/report/lint_test.go
index 5437b75..4d35595 100644
--- a/internal/report/lint_test.go
+++ b/internal/report/lint_test.go
@@ -272,7 +272,7 @@
 			want: []string{
 				// Standard library specific errors.
 				"links.pr should contain a PR link",
-				"links.commit should contain a commit link",
+				"links.commit commit link should match",
 				"links.context should contain an issue link",
 				"links.context should contain an announcement link",
 				"links.context should contain only PR, commit, issue and announcement links",