Google Git
Sign in
go / vulndb / e7af2ad9fbaa33cda6d14a3e1d8bf65a425b453d^! / .
commite7af2ad9fbaa33cda6d14a3e1d8bf65a425b453d[log] [tgz]
authorTatiana Bradley <tatianabradley@google.com>Thu Dec 29 16:00:07 2022 -0500
committerTatiana Bradley <tatiana@golang.org>Mon Jan 09 18:25:50 2023 +0000
tree15b4aab6c52ce1a9ea11e14acd84100991d92bea
parente08ca344b1609cb4adeaa072c8af12b3074488d5 [diff]
internal/report: fallback to package in GHSAToReport

If no module name is provided to GHSAToReport, use the name of the
package instead of adding a TODO.

Change-Id: I77c72391e4045de3e7f940bdc138351b562db4a3
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/459841
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>

diff --git a/internal/report/ghsa.go b/internal/report/ghsa.go
index e784eef..fbf404e 100644
--- a/internal/report/ghsa.go
+++ b/internal/report/ghsa.go

@@ -27,10 +27,10 @@
 	}
 	r.CVEs = cves
 	r.GHSAs = ghsas
-	if modulePath == "" {
-		modulePath = "TODO"
-	}
 	for _, v := range sa.Vulns {
+		if modulePath == "" {
+			modulePath = v.Package
+		}
 		m := &Module{
 			Module:   modulePath,
 			Versions: versions(v.EarliestFixedVersion, v.VulnerableVersionRange),

diff --git a/internal/report/ghsa_test.go b/internal/report/ghsa_test.go
index cad4193..5d4c349 100644
--- a/internal/report/ghsa_test.go
+++ b/internal/report/ghsa_test.go

@@ -26,24 +26,55 @@
 			VulnerableVersionRange: "< 1.2.3",
 		}},
 	}
-	got := GHSAToReport(sa, "aModule")
-	want := &Report{
-		Modules: []*Module{{
-			Module: "aModule",
-			Versions: []VersionRange{
-				{Fixed: "1.2.3"},
+	for _, test := range []struct {
+		name   string
+		module string
+		want   *Report
+	}{
+		{
+			name:   "module provided",
+			module: "aModule",
+			want: &Report{
+				Modules: []*Module{{
+					Module: "aModule",
+					Versions: []VersionRange{
+						{Fixed: "1.2.3"},
+					},
+					Packages: []*Package{{
+						Package: "aPackage",
+					}},
+				}},
+				Description: "a description",
+				GHSAs:       []string{"G1"},
+				CVEs:        []string{"C1"},
 			},
-			Packages: []*Package{{
-				Package: "aPackage",
-			}},
-		}},
-		Description: "a description",
-		GHSAs:       []string{"G1"},
-		CVEs:        []string{"C1"},
-	}
-
-	if diff := cmp.Diff(*got, *want); diff != "" {
-		t.Errorf("mismatch (-want, +got):\n%s", diff)
+		},
+		{
+			name:   "empty module uses package",
+			module: "",
+			want: &Report{
+				Modules: []*Module{{
+					Module: "aPackage",
+					Versions: []VersionRange{
+						{Fixed: "1.2.3"},
+					},
+					Packages: []*Package{{
+						Package: "aPackage",
+					}},
+				}},
+				Description: "a description",
+				GHSAs:       []string{"G1"},
+				CVEs:        []string{"C1"},
+			},
+		},
+	} {
+		test := test
+		t.Run(test.name, func(t *testing.T) {
+			got := GHSAToReport(sa, test.module)
+			if diff := cmp.Diff(*got, *test.want); diff != "" {
+				t.Errorf("mismatch (-want, +got):\n%s", diff)
+			}
+		})
 	}
 }
 func TestParseVulnRange(t *testing.T) {

diff --git a/internal/worker/worker_test.go b/internal/worker/worker_test.go
index f099361..b928082 100644
--- a/internal/worker/worker_test.go
+++ b/internal/worker/worker_test.go

@@ -310,7 +310,7 @@
 
 ` + "```" + `
 modules:
-  - module: TODO
+  - module: aPackage
     versions:
       - fixed: 1.2.3
     packages: