internal/worker: rewrite description
Rewrite description to make it easier to find relevant information for
triage.
Change-Id: Ie65d1b51efb56de71a6364ed6beb1876da3eba26
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/392540
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/internal/worker/worker.go b/internal/worker/worker.go
index 2e1d6e2..e3c0b63 100644
--- a/internal/worker/worker.go
+++ b/internal/worker/worker.go
@@ -279,8 +279,19 @@
var intro strings.Builder
fmt.Fprintf(&intro,
- "In [%s](%s/tree/%s/%s) [NIST](https://nvd.nist.gov/vuln/detail/%s), the reference URL [%s](%s) (and possibly others) refers to something in Go.",
- cr.ID, cvelistrepo.URL, cr.CommitHash, cr.Path, cr.ID, cr.Module, "https://"+cr.Module)
+ "%s references [%s](https://%s), which may be a Go module.\n\n",
+ cr.ID, cr.Module, cr.Module)
+
+ description := "N/A"
+ if len(cr.CVE.Description.Data) > 0 {
+ description = cr.CVE.Description.Data[0].Value
+ }
+ fmt.Fprintf(&intro, "Description:\n%s\n\n", description)
+
+ fmt.Fprintf(&intro, `Links:
+- NIST: https://nvd.nist.gov/vuln/detail/%s
+- JSON: %s/tree/%s/%s`, cr.ID, cvelistrepo.URL, cr.CommitHash, cr.Path)
+
if r.Links.Commit != "" {
fmt.Fprintf(&intro, "\n- Commit: %s", r.Links.Commit)
}
@@ -290,16 +301,10 @@
for _, l := range r.Links.Context {
fmt.Fprintf(&intro, "\n- %s", l)
}
-
- var description string
- if len(cr.CVE.Description.Data) > 0 {
- description = "Description:\n" + cr.CVE.Description.Data[0].Value
- }
if err := issueTemplate.Execute(&b, issueTemplateData{
- Intro: intro.String(),
- Report: out,
- Description: description,
- Pre: "```",
+ Intro: intro.String(),
+ Report: out,
+ Pre: "```",
}); err != nil {
return "", err
}
@@ -449,18 +454,15 @@
}
type issueTemplateData struct {
- Intro string
- Report string
- Description string
- Pre string // markdown string for a <pre> block
+ Intro string
+ Report string
+ Pre string // markdown string for a <pre> block
*store.CVERecord
}
var issueTemplate = template.Must(template.New("issue").Parse(`
{{- .Intro}}
-{{.Description}}
-
See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.
{{if (and .Pre .Report) -}}
diff --git a/internal/worker/worker_test.go b/internal/worker/worker_test.go
index a9e952a..4391c95 100644
--- a/internal/worker/worker_test.go
+++ b/internal/worker/worker_test.go
@@ -219,11 +219,15 @@
if err != nil {
t.Fatal(err)
}
- want := `In [ID1](https://github.com/CVEProject/cvelist/tree//) [NIST](https://nvd.nist.gov/vuln/detail/ID1), the reference URL [a.Module](https://a.Module) (and possibly others) refers to something in Go.
+ want := `ID1 references [a.Module](https://a.Module), which may be a Go module.
Description:
a description
+Links:
+- NIST: https://nvd.nist.gov/vuln/detail/ID1
+- JSON: https://github.com/CVEProject/cvelist/tree//
+
See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.
` + "```" + `
@@ -263,8 +267,6 @@
| - | - | - |
| [aPackage](https://pkg.go.dev/aPackage) | 1.2.3 | < 1.2.3 |
-
-
See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.
`
