Google Git
Sign in
go/vulndb/e098cf26c731^!/.
commit
e098cf26c731277fb2fa5807a98212ed686f1b21
[log]
author
Roland Shoemaker <roland@golang.org>
Tue Dec 09 09:05:00 2025 -0800
committer
Roland Shoemaker <roland@golang.org>
Tue Dec 09 09:20:47 2025 -0800
tree
30a4dcb4ae563719f687a787afbc69e6f690f021
parent
36762fc932b3bd0a1974f15ab0dc05ed7d4c4e75 [diff]
all: run lint tests in parallel

Also fix some spelling errors which were causing test failures.

Change-Id: I4f4ad5d2cba805dcba8908f09653710e19ace4ea
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/728720
Reviewed-by: Ethan Lee <ethanalee@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

diff --git a/all_test.go b/all_test.go
index 7e222c3..ee095d8 100644
--- a/all_test.go
+++ b/all_test.go

@@ -15,6 +15,7 @@
 	"runtime"
 	"sort"
 	"strings"
+	"sync"
 	"testing"
 	"time"
 
@@ -98,15 +99,17 @@
 	}
 
 	// Map from summaries to report paths, used to check for duplicate summaries.
-	summaries := make(map[string]string)
+	summaries := sync.Map{}
 	sort.Strings(reports)
 	for _, filename := range reports {
 		t.Run(filename, func(t *testing.T) {
-			r, err := report.Read(filename)
+			cFilename := filename // capture variable so we can run tests in parallel safely
+			t.Parallel()
+			r, err := report.Read(cFilename)
 			if err != nil {
 				t.Fatal(err)
 			}
-			if err := r.CheckFilename(filename); err != nil {
+			if err := r.CheckFilename(cFilename); err != nil {
 				t.Error(err)
 			}
 			lints := lint(r)
@@ -122,15 +125,14 @@
 				}
 			}
 			for r2, aliases := range duplicates {
-				t.Errorf("report %s shares duplicate alias(es) %s with report %s", filename, aliases, r2)
+				t.Errorf("report %s shares duplicate alias(es) %s with report %s", cFilename, aliases, r2)
 			}
 			// Ensure that each reviewed report has a unique summary.
 			if r.IsReviewed() {
 				if summary := r.Summary.String(); summary != "" {
-					if report, ok := summaries[summary]; ok {
-						t.Errorf("report %s shares duplicate summary %q with report %s", filename, summary, report)
-					} else {
-						summaries[summary] = filename
+					existingFile, loaded := summaries.LoadOrStore(summary, cFilename)
+					if loaded {
+						t.Errorf("report %s shares duplicate summary %q with report %s", cFilename, summary, existingFile)
 					}
 				}
 			}
@@ -141,7 +143,7 @@
 			if r.IsUnreviewed() && !r.IsExcluded() && !r.UnreviewedOK {
 				pr, _ := priority.AnalyzeReport(r, rc, modulesToImports)
 				if pr.Priority == priority.High {
-					t.Errorf("UNREVIEWED report %s is high priority (should be NEEDS_REVIEW or REVIEWED) - reason: %s", filename, pr.Reason)
+					t.Errorf("UNREVIEWED report %s is high priority (should be NEEDS_REVIEW or REVIEWED) - reason: %s", cFilename, pr.Reason)
 				}
 			}
 			// Check that a correct OSV file was generated for each YAML report.

diff --git a/data/cve/v5/GO-2025-4006.json b/data/cve/v5/GO-2025-4006.json
index a77bb0b..ca5b39d 100644
--- a/data/cve/v5/GO-2025-4006.json
+++ b/data/cve/v5/GO-2025-4006.json

@@ -13,7 +13,7 @@
       "descriptions": [
         {
           "lang": "en",
-          "value": "The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption."
+          "value": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption."
         }
       ],
       "affected": [

diff --git a/data/osv/GO-2025-4006.json b/data/osv/GO-2025-4006.json
index 4df4ef1..cbf365c 100644
--- a/data/osv/GO-2025-4006.json
+++ b/data/osv/GO-2025-4006.json

@@ -8,7 +8,7 @@
     "CVE-2025-61725"
   ],
   "summary": "Excessive CPU consumption in ParseAddress in net/mail",
-  "details": "The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.",
+  "details": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.",
   "affected": [
     {
       "package": {

diff --git a/data/osv/GO-2025-4177.json b/data/osv/GO-2025-4177.json
index e54a312..7ecba28 100644
--- a/data/osv/GO-2025-4177.json
+++ b/data/osv/GO-2025-4177.json

@@ -7,8 +7,8 @@
     "CVE-2025-64750",
     "GHSA-wwrx-w7c9-rf87"
   ],
-  "summary": "Singluarity ineffectively applies of selinux / apparmor LSM process labels in github.com/sylabs/singularity",
-  "details": "Singluarity ineffectively applies of selinux / apparmor LSM process labels in github.com/sylabs/singularity.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/sylabs/singularity/v4 before v4.1.11.",
+  "summary": "Singularity ineffectively applies of selinux / apparmor LSM process labels in github.com/sylabs/singularity",
+  "details": "Singularity ineffectively applies of selinux / apparmor LSM process labels in github.com/sylabs/singularity.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/sylabs/singularity/v4 before v4.1.11.",
   "affected": [
     {
       "package": {

diff --git a/data/reports/GO-2025-4006.yaml b/data/reports/GO-2025-4006.yaml
index dd7123b..2dedb60 100644
--- a/data/reports/GO-2025-4006.yaml
+++ b/data/reports/GO-2025-4006.yaml

@@ -18,7 +18,7 @@
             - ParseAddressList
 summary: Excessive CPU consumption in ParseAddress in net/mail
 description: |-
-    The ParseAddress function constructeds domain-literal address components
+    The ParseAddress function constructs domain-literal address components
     through repeated string concatenation. When parsing large domain-literal
     components, this can cause excessive CPU consumption.
 cves:

diff --git a/data/reports/GO-2025-4177.yaml b/data/reports/GO-2025-4177.yaml
index f3d9aff..55fd55e 100644
--- a/data/reports/GO-2025-4177.yaml
+++ b/data/reports/GO-2025-4177.yaml

@@ -8,7 +8,7 @@
       non_go_versions:
         - fixed: 4.1.11
       vulnerable_at: 4.3.5
-summary: Singluarity ineffectively applies of selinux / apparmor LSM process labels in github.com/sylabs/singularity
+summary: Singularity ineffectively applies of selinux / apparmor LSM process labels in github.com/sylabs/singularity
 cves:
     - CVE-2025-64750
 ghsas: