cmd/vulnreport: don't add aliases in the related section
In vulnreport fix, don't automatically add an identifier to the
alias section if it is already in the "related" section.
Change-Id: Ia564e2ac06b01ebfe4e3b54ec440e7dadd8d65d1
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/551737
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
diff --git a/cmd/vulnreport/find_aliases.go b/cmd/vulnreport/find_aliases.go
index 001106a..5dce781 100644
--- a/cmd/vulnreport/find_aliases.go
+++ b/cmd/vulnreport/find_aliases.go
@@ -17,7 +17,21 @@
// addMissingAliases uses the existing aliases in a report to find
// any missing aliases, and adds them to the report.
func addMissingAliases(ctx context.Context, r *report.Report, gc *ghsa.Client) (added int) {
- return r.AddAliases(allAliases(ctx, r.Aliases(), gc))
+ all := allAliases(ctx, r.Aliases(), gc)
+ // If we have manually marked an identifier as "related", but
+ // not actually an alias, don't override this decision.
+ if len(r.Related) > 0 {
+ all = removeRelated(all, r.Related)
+ }
+ return r.AddAliases(all)
+}
+
+func removeRelated(all, related []string) []string {
+ // This is an uncommon operation, operating on short string slices,
+ // so it doesn't need to be optimized.
+ return slices.DeleteFunc(all, func(s string) bool {
+ return slices.Contains(related, s)
+ })
}
// allAliases returns a list of all aliases associated with the given knownAliases,