diff options
| author | Tatiana Bradley <tatianabradley@google.com> | 2023-04-18 18:15:18 -0400 |
|---|---|---|
| committer | Tatiana Bradley <tatianabradley@google.com> | 2023-04-20 16:31:35 +0000 |
| commit | 327fd39a0ef669b500eb4ded2e1e777eddffedcd (patch) | |
| tree | eb178dd35baf0d0b139d6e150b957db51ba0f570 /internal/vuln | |
| parent | 49517b6bb954b88d29259f44de3a20cd58db0918 (diff) | |
| download | go-x-pkgsite-327fd39a0ef669b500eb4ded2e1e777eddffedcd.tar.xz | |
internal/{osv,vuln}: consolidate refs to special module paths
Change-Id: Ia3c4f84c5559adef42b9f8659231024a7fc062a9
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/486455
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: kokoro <noreply+kokoro@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Diffstat (limited to 'internal/vuln')
| -rw-r--r-- | internal/vuln/vulns.go | 34 |
1 files changed, 15 insertions, 19 deletions
diff --git a/internal/vuln/vulns.go b/internal/vuln/vulns.go index a7852882..6edf3720 100644 --- a/internal/vuln/vulns.go +++ b/internal/vuln/vulns.go @@ -17,14 +17,6 @@ import ( "golang.org/x/pkgsite/internal/version" ) -const ( - // The vulndb stores vulns in cmd/go under the modulepath toolchain. - vulnCmdGoModulePath = "toolchain" - // The vulndb stores vulns under the modulepath stdlib for all other packages - // in the standard library. - vulnStdlibModulePath = "stdlib" -) - // A Vuln contains information to display about a vulnerability. type Vuln struct { // The vulndb ID. @@ -51,17 +43,21 @@ func VulnsForPackage(ctx context.Context, modulePath, version, packagePath strin func vulnsForPackage(ctx context.Context, modulePath, vers, packagePath string, vc *Client) (_ []Vuln, err error) { defer derrors.Wrap(&err, "vulnsForPackage(%q, %q, %q)", modulePath, vers, packagePath) - // Stdlib pages requested at master will map to a pseudo version that puts - // all vulns in range. We can't really tell you're at master so version.IsPseudo - // is the best we can do. The result is vulns won't be reported for a pseudoversion - // that refers to a commit that is in a vulnerable range. - if modulePath == stdlib.ModulePath && version.IsPseudo(vers) { - return nil, nil - } - if modulePath == stdlib.ModulePath && strings.HasPrefix(packagePath, "cmd/go") { - modulePath = vulnCmdGoModulePath - } else if modulePath == stdlib.ModulePath { - modulePath = vulnStdlibModulePath + // Handle special module paths. + if modulePath == stdlib.ModulePath { + // Stdlib pages requested at master will map to a pseudo version + // that puts all vulns in range. + // We can't really tell you're at master so version.IsPseudo + // is the best we can do. The result is vulns won't be reported for a + // pseudoversion that refers to a commit that is in a vulnerable range. + switch { + case version.IsPseudo(vers): + return nil, nil + case strings.HasPrefix(packagePath, "cmd/"): + modulePath = osv.GoCmdModulePath + default: + modulePath = osv.GoStdModulePath + } } // Get all the vulns for this package/version. |