internal/worker: check for nil CVE earlier
CreateIssues is seeing CVEs that have triage state NeedsIssue but a
nil CVE. That shouldn't be possible. Validate that condition earlier,
when we update the CVE record.
Change-Id: I49fc9dafb77a74329c37cd4273724b2cb0870379
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/382815
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
diff --git a/internal/worker/update.go b/internal/worker/update.go
index d6472b3..4354f64 100644
--- a/internal/worker/update.go
+++ b/internal/worker/update.go
@@ -6,6 +6,7 @@
import (
"context"
+ "errors"
"fmt"
"path"
"strings"
@@ -338,6 +339,9 @@
if err := tx.SetCVERecord(&mod); err != nil {
return false, err
}
+ if mod.TriageState == store.TriageStateNeedsIssue && mod.CVE == nil {
+ return false, errors.New("needs issue but CVE is nil")
+ }
return false, nil
}