internal/report: fallback to package in GHSAToReport
If no module name is provided to GHSAToReport, use the name of the
package instead of adding a TODO.
Change-Id: I77c72391e4045de3e7f940bdc138351b562db4a3
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/459841
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
diff --git a/internal/report/ghsa.go b/internal/report/ghsa.go
index e784eef..fbf404e 100644
--- a/internal/report/ghsa.go
+++ b/internal/report/ghsa.go
@@ -27,10 +27,10 @@
}
r.CVEs = cves
r.GHSAs = ghsas
- if modulePath == "" {
- modulePath = "TODO"
- }
for _, v := range sa.Vulns {
+ if modulePath == "" {
+ modulePath = v.Package
+ }
m := &Module{
Module: modulePath,
Versions: versions(v.EarliestFixedVersion, v.VulnerableVersionRange),
diff --git a/internal/report/ghsa_test.go b/internal/report/ghsa_test.go
index cad4193..5d4c349 100644
--- a/internal/report/ghsa_test.go
+++ b/internal/report/ghsa_test.go
@@ -26,24 +26,55 @@
VulnerableVersionRange: "< 1.2.3",
}},
}
- got := GHSAToReport(sa, "aModule")
- want := &Report{
- Modules: []*Module{{
- Module: "aModule",
- Versions: []VersionRange{
- {Fixed: "1.2.3"},
+ for _, test := range []struct {
+ name string
+ module string
+ want *Report
+ }{
+ {
+ name: "module provided",
+ module: "aModule",
+ want: &Report{
+ Modules: []*Module{{
+ Module: "aModule",
+ Versions: []VersionRange{
+ {Fixed: "1.2.3"},
+ },
+ Packages: []*Package{{
+ Package: "aPackage",
+ }},
+ }},
+ Description: "a description",
+ GHSAs: []string{"G1"},
+ CVEs: []string{"C1"},
},
- Packages: []*Package{{
- Package: "aPackage",
- }},
- }},
- Description: "a description",
- GHSAs: []string{"G1"},
- CVEs: []string{"C1"},
- }
-
- if diff := cmp.Diff(*got, *want); diff != "" {
- t.Errorf("mismatch (-want, +got):\n%s", diff)
+ },
+ {
+ name: "empty module uses package",
+ module: "",
+ want: &Report{
+ Modules: []*Module{{
+ Module: "aPackage",
+ Versions: []VersionRange{
+ {Fixed: "1.2.3"},
+ },
+ Packages: []*Package{{
+ Package: "aPackage",
+ }},
+ }},
+ Description: "a description",
+ GHSAs: []string{"G1"},
+ CVEs: []string{"C1"},
+ },
+ },
+ } {
+ test := test
+ t.Run(test.name, func(t *testing.T) {
+ got := GHSAToReport(sa, test.module)
+ if diff := cmp.Diff(*got, *test.want); diff != "" {
+ t.Errorf("mismatch (-want, +got):\n%s", diff)
+ }
+ })
}
}
func TestParseVulnRange(t *testing.T) {
diff --git a/internal/worker/worker_test.go b/internal/worker/worker_test.go
index f099361..b928082 100644
--- a/internal/worker/worker_test.go
+++ b/internal/worker/worker_test.go
@@ -310,7 +310,7 @@
` + "```" + `
modules:
- - module: TODO
+ - module: aPackage
versions:
- fixed: 1.2.3
packages: