cmd/vulnreport: better error when running symbol checks with a devel go Change-Id: I061f9c45798355f2f34390722423704e7be8aaa0 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/662716 Reviewed-by: Neal Patel <nealpatel@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

commit: 9f73181f175659cc6755d6b0c80f3dcd0f9e593f [log] [tgz]
author: Damien Neil <dneil@google.com> Thu Apr 03 10:25:21 2025 -0700
committer: Damien Neil <dneil@google.com> Thu Apr 03 12:31:42 2025 -0700
tree: 4f9e3a1acfd568619cc3c34e96953af68fd91729
parent: 8cd6cf1b9b56423e908d28fa6001350b3f8d9a9e [diff]
diff --git a/cmd/vulnreport/fix.go b/cmd/vulnreport/fix.go
index 1b3677c..6eb75c1 100644
--- a/cmd/vulnreport/fix.go
+++ b/cmd/vulnreport/fix.go

@@ -199,6 +199,10 @@
 		if m.IsFirstParty() {
 			gover := runtime.Version()
 			ver := semverForGoVersion(gover)
+			if ver == "" {
+				log.Warnf("%s: current Go version %q is not a release version, skipping symbol checks for module %s", r.ID, gover, m.Module)
+				continue
+			}
 			// If some symbol is in the std library at a different version,
 			// we may derive the wrong symbols for this package and other.
 			// In this case, skip updating DerivedSymbols.
@@ -210,7 +214,7 @@
 			if err != nil {
 				return err
 			}
-			if ver == "" || !affected {
+			if !affected {
 				log.Warnf("%s: current Go version %q is not in a vulnerable range, skipping symbol checks for module %s", r.ID, gover, m.Module)
 				continue
 			}
commit	9f73181f175659cc6755d6b0c80f3dcd0f9e593f	[log] [tgz]
author	Damien Neil <dneil@google.com>	Thu Apr 03 10:25:21 2025 -0700
committer	Damien Neil <dneil@google.com>	Thu Apr 03 12:31:42 2025 -0700
tree	4f9e3a1acfd568619cc3c34e96953af68fd91729
parent	8cd6cf1b9b56423e908d28fa6001350b3f8d9a9e [diff]