internal/{osvutils,version}: move AffectsSemver and rename semver package Moves AffectsSemver function to the internal/osvutils package, and renames the internal semver package to "version" to avoid collision with the x/mod/semver package. Change-Id: I49e8875c18ec92578f5ab8300a54d1082b4f6c6d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/495980 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>

commit: bc8850eb3ee05e6f40efba2909c7ce8d66e73ee6 [log] [tgz]
author: Tatiana Bradley <tatianabradley@google.com> Thu May 18 16:40:26 2023 -0400
committer: Tatiana Bradley <tatianabradley@google.com> Mon May 22 21:21:26 2023 +0000
tree: ed20cf3e1a355a0db284a3c8d91e4fd80a37273b
parent: 0cbf4ffdb4e70fce663ec8d59198745b04e7801b [diff]
diff --git a/cmd/vulnreport/exported_functions.go b/cmd/vulnreport/exported_functions.go
index 439a296..b100833 100644
--- a/cmd/vulnreport/exported_functions.go
+++ b/cmd/vulnreport/exported_functions.go

@@ -14,8 +14,8 @@
 	"golang.org/x/tools/go/ssa"
 	"golang.org/x/vulndb/cmd/vulnreport/internal/vulnentries"
 	"golang.org/x/vulndb/internal/derrors"
+	"golang.org/x/vulndb/internal/osvutils"
 	"golang.org/x/vulndb/internal/report"
-	"golang.org/x/vulndb/internal/semver"
 )
 
 // exportedFunctions returns a set of vulnerable functions exported by a set of packages
@@ -79,7 +79,7 @@
 	// can check semver ranges.
 	o := r.GenerateOSVEntry("", time.Now())
 	for _, a := range o.Affected {
-		if semver.AffectsSemver(a.Ranges, version) {
+		if osvutils.AffectsSemver(a.Ranges, version) {
 			return true
 		}
 	}

diff --git a/cmd/vulnreport/main.go b/cmd/vulnreport/main.go
index 8104c14..ae2ddbe 100644
--- a/cmd/vulnreport/main.go
+++ b/cmd/vulnreport/main.go

@@ -39,9 +39,9 @@
 	"golang.org/x/vulndb/internal/gitrepo"
 	"golang.org/x/vulndb/internal/issues"
 	"golang.org/x/vulndb/internal/osv"
+	"golang.org/x/vulndb/internal/osvutils"
 	"golang.org/x/vulndb/internal/proxy"
 	"golang.org/x/vulndb/internal/report"
-	isem "golang.org/x/vulndb/internal/semver"
 )
 
 var (
@@ -723,7 +723,7 @@
 			// If some symbol is in the std library at a different version,
 			// we may derive the wrong symbols for this package and other.
 			// In this case, skip updating DerivedSymbols.
-			affected := isem.AffectsSemver(report.AffectedRanges(m.Versions), ver.V())
+			affected := osvutils.AffectsSemver(report.AffectedRanges(m.Versions), ver.V())
 			if ver == "" || !affected {
 				fmt.Fprintf(os.Stderr, "Current Go version %q is not in a vulnerable range, skipping symbol checks.\n", gover)
 				continue

diff --git a/internal/semver/affects.go b/internal/osvutils/affects.go
similarity index 83%
rename from internal/semver/affects.go
rename to internal/osvutils/affects.go
index 495044c..07cb2ae 100644
--- a/internal/semver/affects.go
+++ b/internal/osvutils/affects.go

@@ -2,13 +2,14 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package semver
+package osvutils
 
 import (
 	"sort"
 
 	"golang.org/x/mod/semver"
 	"golang.org/x/vulndb/internal/osv"
+	"golang.org/x/vulndb/internal/version"
 )
 
 func AffectsSemver(ranges []osv.Range, v string) bool {
@@ -52,7 +53,7 @@
 	}
 	// Strip and then add the semver prefix so we can support bare versions,
 	// versions prefixed with 'v', and versions prefixed with 'go'.
-	v = CanonicalizeSemverPrefix(v)
+	v = version.CanonicalizeSemverPrefix(v)
 	// Sort events by semver versions. Event for beginning
 	// of time, if present, always comes first.
 	sort.SliceStable(ar.Events, func(i, j int) bool {
@@ -74,14 +75,14 @@
 		if e2.Fixed != "" {
 			v2 = e2.Fixed
 		}
-		return semver.Compare(CanonicalizeSemverPrefix(v1), CanonicalizeSemverPrefix(v2)) < 0
+		return semver.Compare(version.CanonicalizeSemverPrefix(v1), version.CanonicalizeSemverPrefix(v2)) < 0
 	})
 	var affected bool
 	for _, e := range ar.Events {
 		if !affected && e.Introduced != "" {
-			affected = e.Introduced == "0" || semver.Compare(v, CanonicalizeSemverPrefix(e.Introduced)) >= 0
+			affected = e.Introduced == "0" || semver.Compare(v, version.CanonicalizeSemverPrefix(e.Introduced)) >= 0
 		} else if affected && e.Fixed != "" {
-			affected = semver.Compare(v, CanonicalizeSemverPrefix(e.Fixed)) < 0
+			affected = semver.Compare(v, version.CanonicalizeSemverPrefix(e.Fixed)) < 0
 		}
 	}
 	return affected

diff --git a/internal/semver/affects_test.go b/internal/osvutils/affects_test.go
similarity index 99%
rename from internal/semver/affects_test.go
rename to internal/osvutils/affects_test.go
index f7694f9..4522693 100644
--- a/internal/semver/affects_test.go
+++ b/internal/osvutils/affects_test.go

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package semver
+package osvutils
 
 import (
 	"testing"

diff --git a/internal/osvutils/validate.go b/internal/osvutils/validate.go
index e3ebba5..09a56a5 100644
--- a/internal/osvutils/validate.go
+++ b/internal/osvutils/validate.go

@@ -187,12 +187,12 @@
 	return semver.Compare("v"+v, "v"+w) < 0
 }
 
-type version struct {
+type event struct {
 	v          string
 	introduced bool
 }
 
-func parseRangeEvent(e *osv.RangeEvent) (*version, error) {
+func parseRangeEvent(e *osv.RangeEvent) (*event, error) {
 	introduced, fixed := e.Introduced, e.Fixed
 
 	var v string
@@ -203,7 +203,7 @@
 	case introduced != "" && fixed != "":
 		return nil, errBothIntroducedAndFixed
 	case introduced == "0":
-		return &version{v: "0", introduced: true}, nil
+		return &event{v: "0", introduced: true}, nil
 	case introduced != "":
 		v = introduced
 		isIntroduced = true
@@ -216,7 +216,7 @@
 		return nil, fmt.Errorf("%w (found %s)", errInvalidSemver, v)
 	}
 
-	return &version{v: v, introduced: isIntroduced}, nil
+	return &event{v: v, introduced: isIntroduced}, nil
 }
 
 func validateEcosystemSpecific(es *osv.EcosystemSpecific, module string) error {

diff --git a/internal/semver/semver.go b/internal/version/semver.go
similarity index 95%
rename from internal/semver/semver.go
rename to internal/version/semver.go
index 890ecd9..0c28935 100644
--- a/internal/semver/semver.go
+++ b/internal/version/semver.go

@@ -2,9 +2,9 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package semver provides shared utilities for manipulating
+// Package version provides shared utilities for manipulating
 // Go semantic versions.
-package semver
+package version
 
 import (
 	"regexp"

diff --git a/internal/semver/semver_test.go b/internal/version/semver_test.go
similarity index 96%
rename from internal/semver/semver_test.go
rename to internal/version/semver_test.go
index 8a46228..236c547 100644
--- a/internal/semver/semver_test.go
+++ b/internal/version/semver_test.go

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package semver
+package version
 
 import (
 	"testing"
commit	bc8850eb3ee05e6f40efba2909c7ce8d66e73ee6	[log] [tgz]
author	Tatiana Bradley <tatianabradley@google.com>	Thu May 18 16:40:26 2023 -0400
committer	Tatiana Bradley <tatianabradley@google.com>	Mon May 22 21:21:26 2023 +0000
tree	ed20cf3e1a355a0db284a3c8d91e4fd80a37273b
parent	0cbf4ffdb4e70fce663ec8d59198745b04e7801b [diff]