Google Git
Sign in
go / vulndb / 965c77c4a2afddceced7ee04232e2c52ae226daf^! / .
commit965c77c4a2afddceced7ee04232e2c52ae226daf[log] [tgz]
authorJulie Qiu <julie@golang.org>Mon Mar 14 15:10:28 2022 -0400
committerJulie Qiu <julie@golang.org>Mon Mar 14 20:24:12 2022 +0000
tree12ec05a3408cfea8f43104a5f6a566e9732d522d
parent9662e42c1abf35fea3832d747c416c3f851a83ce [diff]
internal/worker: add year label

Add a label to easier identify the year a CVE is published.

Fixes golang/go#50609

Change-Id: I907334fa474d5ca71c742b0127726ef144d75991
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/392655
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Damien Neil <dneil@google.com>

diff --git a/internal/worker/worker.go b/internal/worker/worker.go
index 9c23ed0..30c89b1 100644
--- a/internal/worker/worker.go
+++ b/internal/worker/worker.go

@@ -10,6 +10,7 @@
 import (
 	"context"
 	"fmt"
+	"strconv"
 	"strings"
 	"sync"
 	"text/template"
@@ -381,10 +382,16 @@
 		log.With("ID", id).Errorf(ctx, "%s: triage state is NeedsIssue but could not generate body; skipping: %v", id, err)
 		return "", nil
 	}
+	var labels []string
+	label := yearLabel(r.GetPrettyID())
+	if label != "" {
+		labels = append(labels, label)
+	}
 	// Create the issue.
 	iss := &issues.Issue{
-		Title: fmt.Sprintf("x/vulndb: potential Go vuln in %s: %s", r.GetUnit(), r.GetPrettyID()),
-		Body:  body,
+		Title:  fmt.Sprintf("x/vulndb: potential Go vuln in %s: %s", r.GetUnit(), r.GetPrettyID()),
+		Body:   body,
+		Labels: labels,
 	}
 	if err := issueRateLimiter.Wait(ctx); err != nil {
 		return "", err
@@ -402,6 +409,24 @@
 	return ref, nil
 }
 
+func yearLabel(cve string) string {
+	if !strings.HasPrefix(cve, "CVE-") {
+		return ""
+	}
+	parts := strings.Split(cve, "-")
+	if len(parts) != 3 {
+		return ""
+	}
+	year, err := strconv.Atoi(parts[1])
+	if err != nil {
+		return ""
+	}
+	if year > 2019 {
+		return fmt.Sprintf("cve-year-%s", parts[1])
+	}
+	return "cve-year-2019-and-earlier"
+}
+
 type issueTemplateData struct {
 	Intro  string
 	Report string

diff --git a/internal/worker/worker_test.go b/internal/worker/worker_test.go
index 895eb89..15fe99e 100644
--- a/internal/worker/worker_test.go
+++ b/internal/worker/worker_test.go

@@ -381,3 +381,19 @@
 		return rs, nil
 	}
 }
+
+func TestYearLabel(t *testing.T) {
+	for _, test := range []struct {
+		input, want string
+	}{
+		{"CVE-2022-24726", "cve-year-2022"},
+		{"CVE-2021-24726", "cve-year-2021"},
+		{"CVE-2020-24726", "cve-year-2020"},
+		{"CVE-2019-9741", "cve-year-2019-and-earlier"},
+		{"GHSA-p93v-m2r2-4387", ""},
+	} {
+		if got := yearLabel(test.input); got != test.want {
+			t.Errorf("yearLabel(%q): %q; want = %q", test.input, got, test.want)
+		}
+	}
+}