internal/osvutils: allow reports with no packages An empty list of packages indicates a vulnerability affecting all packages in a module. Change-Id: Ibcea3e2a6558b8f858f9c833a3c2f76069e2af07 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/528597 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
diff --git a/internal/osvutils/validate.go b/internal/osvutils/validate.go index 4aa3247..42b7353 100644 --- a/internal/osvutils/validate.go +++ b/internal/osvutils/validate.go
@@ -57,7 +57,6 @@ errNotGoEcosystem = errors.New("affected ecosystem is not Go") errNoRanges = errors.New("affected field contains no ranges") errNoEcosystemSpecific = errors.New("affected field contains no ecosystem_specific field") - errNoPackages = errors.New("affected.ecosystem_specific field has no packages") errNoPackagePath = errors.New("affected.ecosystem_specific.imports field has no package path") // Errors for invalid fields. @@ -235,10 +234,6 @@ return errNoEcosystemSpecific } - if len(es.Packages) == 0 { - return errNoPackages - } - for _, pkg := range es.Packages { if pkg.Path == "" { return errNoPackagePath
diff --git a/internal/osvutils/validate_test.go b/internal/osvutils/validate_test.go index b1551cb..605fb90 100644 --- a/internal/osvutils/validate_test.go +++ b/internal/osvutils/validate_test.go
@@ -212,13 +212,6 @@ wantErr: errNoEcosystemSpecific, }, { - name: "no packages", - entry: testEntry(func(e *osv.Entry) { - e.Affected[0].EcosystemSpecific.Packages = nil - }), - wantErr: errNoPackages, - }, - { name: "no package path", entry: testEntry(func(e *osv.Entry) { e.Affected[0].EcosystemSpecific.Packages[0].Path = ""