internal/ghsa: remove Vulnerability.Severity from query
The GitHub API fails on the Severity field of a particular Security Advisory.
See https://support.github.com/ticket/personal/0/1599280 for details.
Until that is fixed, comment out the Severity field from the query.
That field is a string, so the result will be that some GHSAs in our DB
will have the empty string for their severity. We can always backfill
those later if necessary.
Updates golang/go#52550.
Change-Id: I7df0f8e5cd35a1962cc6ca43c8d9efe1348cc003
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/402134
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/internal/ghsa/ghsa.go b/internal/ghsa/ghsa.go
index 02ccd33..5af39b9 100644
--- a/internal/ghsa/ghsa.go
+++ b/internal/ghsa/ghsa.go
@@ -94,8 +94,11 @@
Name string
Ecosystem string
}
- FirstPatchedVersion struct{ Identifier string }
- Severity githubv4.SecurityAdvisorySeverity
+ FirstPatchedVersion struct{ Identifier string }
+ // TODO(https://go.dev/issue/52550): uncomment when
+ // https://support.github.com/ticket/personal/0/1599280
+ // is fixed.
+ //Severity githubv4.SecurityAdvisorySeverity
UpdatedAt time.Time
VulnerableVersionRange string
}
@@ -148,8 +151,11 @@
}
for _, v := range sa.Vulnerabilities.Nodes {
s.Vulns = append(s.Vulns, &Vuln{
- Package: v.Package.Name,
- Severity: v.Severity,
+ Package: v.Package.Name,
+ // TODO(https://go.dev/issue/52550): uncomment when
+ // https://support.github.com/ticket/personal/0/1599280
+ // is fixed.
+ //Severity: v.Severity,
EarliestFixedVersion: v.FirstPatchedVersion.Identifier,
VulnerableVersionRange: v.VulnerableVersionRange,
UpdatedAt: v.UpdatedAt,