internal/worker: add year label
Add a label to easier identify the year a CVE is published.
Fixes golang/go#50609
Change-Id: I907334fa474d5ca71c742b0127726ef144d75991
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/392655
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/internal/worker/worker.go b/internal/worker/worker.go
index 9c23ed0..30c89b1 100644
--- a/internal/worker/worker.go
+++ b/internal/worker/worker.go
@@ -10,6 +10,7 @@
import (
"context"
"fmt"
+ "strconv"
"strings"
"sync"
"text/template"
@@ -381,10 +382,16 @@
log.With("ID", id).Errorf(ctx, "%s: triage state is NeedsIssue but could not generate body; skipping: %v", id, err)
return "", nil
}
+ var labels []string
+ label := yearLabel(r.GetPrettyID())
+ if label != "" {
+ labels = append(labels, label)
+ }
// Create the issue.
iss := &issues.Issue{
- Title: fmt.Sprintf("x/vulndb: potential Go vuln in %s: %s", r.GetUnit(), r.GetPrettyID()),
- Body: body,
+ Title: fmt.Sprintf("x/vulndb: potential Go vuln in %s: %s", r.GetUnit(), r.GetPrettyID()),
+ Body: body,
+ Labels: labels,
}
if err := issueRateLimiter.Wait(ctx); err != nil {
return "", err
@@ -402,6 +409,24 @@
return ref, nil
}
+func yearLabel(cve string) string {
+ if !strings.HasPrefix(cve, "CVE-") {
+ return ""
+ }
+ parts := strings.Split(cve, "-")
+ if len(parts) != 3 {
+ return ""
+ }
+ year, err := strconv.Atoi(parts[1])
+ if err != nil {
+ return ""
+ }
+ if year > 2019 {
+ return fmt.Sprintf("cve-year-%s", parts[1])
+ }
+ return "cve-year-2019-and-earlier"
+}
+
type issueTemplateData struct {
Intro string
Report string
diff --git a/internal/worker/worker_test.go b/internal/worker/worker_test.go
index 895eb89..15fe99e 100644
--- a/internal/worker/worker_test.go
+++ b/internal/worker/worker_test.go
@@ -381,3 +381,19 @@
return rs, nil
}
}
+
+func TestYearLabel(t *testing.T) {
+ for _, test := range []struct {
+ input, want string
+ }{
+ {"CVE-2022-24726", "cve-year-2022"},
+ {"CVE-2021-24726", "cve-year-2021"},
+ {"CVE-2020-24726", "cve-year-2020"},
+ {"CVE-2019-9741", "cve-year-2019-and-earlier"},
+ {"GHSA-p93v-m2r2-4387", ""},
+ } {
+ if got := yearLabel(test.input); got != test.want {
+ t.Errorf("yearLabel(%q): %q; want = %q", test.input, got, test.want)
+ }
+ }
+}