commit b34cc0e3961603a179f843751737a9386b2c0f1d
author Jonathan Amsterdam <jba@google.com> Thu Feb 03 17:09:14 2022 -0500
committer Jonathan Amsterdam <jba@google.com> Mon Feb 07 20:25:08 2022 +0000
tree 72b6a0b7340b0952228675ad3600f5a40a6bbfae
parent 783024a2bc37751ca071631efc65e327fdb666fa

internal/worker: check for nil CVE earlier

CreateIssues is seeing CVEs that have triage state NeedsIssue but a
nil CVE. That shouldn't be possible. Validate that condition earlier,
when we update the CVE record.

Change-Id: I49fc9dafb77a74329c37cd4273724b2cb0870379
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/382815
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>

internal/worker/update.go

diff --git a/internal/worker/update.go b/internal/worker/update.go
index d6472b3..4354f64 100644
--- a/internal/worker/update.go
+++ b/internal/worker/update.go
@@ -6,6 +6,7 @@
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"path"
 	"strings"
@@ -338,6 +339,9 @@
 	if err := tx.SetCVERecord(&mod); err != nil {
 		return false, err
 	}
+	if mod.TriageState == store.TriageStateNeedsIssue && mod.CVE == nil {
+		return false, errors.New("needs issue but CVE is nil")
+	}
 	return false, nil
 }