Google Git
Sign in
go / vulndb / 3556773b1379b813d4c61592a365f6279d0570bf^! / .
commit3556773b1379b813d4c61592a365f6279d0570bf[log] [tgz]
authorDamien Neil <dneil@google.com>Thu Sep 14 12:49:31 2023 -0700
committerTatiana Bradley <tatianabradley@google.com>Mon Sep 18 18:24:19 2023 +0000
tree55bf2cfdc11d1998bfb7dad7a88eeafb7fc81324
parentb28b09994cab73e57a4172ca0697117456585ecb [diff]
internal/osvutils: allow reports with no packages

An empty list of packages indicates a vulnerability affecting all
packages in a module.

Change-Id: Ibcea3e2a6558b8f858f9c833a3c2f76069e2af07
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/528597
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>

diff --git a/internal/osvutils/validate.go b/internal/osvutils/validate.go
index 4aa3247..42b7353 100644
--- a/internal/osvutils/validate.go
+++ b/internal/osvutils/validate.go

@@ -57,7 +57,6 @@
 	errNotGoEcosystem      = errors.New("affected ecosystem is not Go")
 	errNoRanges            = errors.New("affected field contains no ranges")
 	errNoEcosystemSpecific = errors.New("affected field contains no ecosystem_specific field")
-	errNoPackages          = errors.New("affected.ecosystem_specific field has no packages")
 	errNoPackagePath       = errors.New("affected.ecosystem_specific.imports field has no package path")
 
 	// Errors for invalid fields.
@@ -235,10 +234,6 @@
 		return errNoEcosystemSpecific
 	}
 
-	if len(es.Packages) == 0 {
-		return errNoPackages
-	}
-
 	for _, pkg := range es.Packages {
 		if pkg.Path == "" {
 			return errNoPackagePath

diff --git a/internal/osvutils/validate_test.go b/internal/osvutils/validate_test.go
index b1551cb..605fb90 100644
--- a/internal/osvutils/validate_test.go
+++ b/internal/osvutils/validate_test.go

@@ -212,13 +212,6 @@
 				wantErr: errNoEcosystemSpecific,
 			},
 			{
-				name: "no packages",
-				entry: testEntry(func(e *osv.Entry) {
-					e.Affected[0].EcosystemSpecific.Packages = nil
-				}),
-				wantErr: errNoPackages,
-			},
-			{
 				name: "no package path",
 				entry: testEntry(func(e *osv.Entry) {
 					e.Affected[0].EcosystemSpecific.Packages[0].Path = ""