diff --git a/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_vex.ct b/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_vex.ct index 2eb1838..ecea760 100644 --- a/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_vex.ct +++ b/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_vex.ct @@ -3,7 +3,7 @@ $ govulncheck -format openvex -mode binary ${common_vuln_binary} { "@context": "https://openvex.dev/ns/v0.2.0", - "@id": "govulncheck/vex:b2e8274f24820051d79285827c4fe6e1912c99143a4693804b9a5c366ec5fb8d", + "@id": "govulncheck/vex:12f16e1541f93ab0d46d78966849d71bc20932795108f69d0df5a415a2c3a5e6", "author": "Unknown Author", "timestamp": "2024-01-01T00:00:00", "version": 1, @@ -45,25 +45,6 @@ $ govulncheck -format openvex -mode binary ${common_vuln_binary} ], "status": "affected" }, - { - "vulnerability": { - "@id": "https://pkg.go.dev/vuln/GO-2021-0059", - "name": "GO-2021-0059", - "description": "Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.", - "aliases": [ - "CVE-2020-35380", - "GHSA-w942-gw6m-p62c" - ] - }, - "products": [ - { - "@id": "Unknown Product" - } - ], - "status": "not_affected", - "justification": "vulnerable_code_not_present", - "impact_statement": "Govulncheck determined that the vulnerable code isn't called" - }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0113", diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_vex.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_vex.ct index 5bd871e..a631bca 100644 --- a/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_vex.ct +++ b/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_vex.ct @@ -3,7 +3,7 @@ $ govulncheck -C ${moddir}/vuln -format openvex ./... { "@context": "https://openvex.dev/ns/v0.2.0", - "@id": "govulncheck/vex:b2e8274f24820051d79285827c4fe6e1912c99143a4693804b9a5c366ec5fb8d", + "@id": "govulncheck/vex:12f16e1541f93ab0d46d78966849d71bc20932795108f69d0df5a415a2c3a5e6", "author": "Unknown Author", "timestamp": "2024-01-01T00:00:00", "version": 1, @@ -45,25 +45,6 @@ $ govulncheck -C ${moddir}/vuln -format openvex ./... ], "status": "affected" }, - { - "vulnerability": { - "@id": "https://pkg.go.dev/vuln/GO-2021-0059", - "name": "GO-2021-0059", - "description": "Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.", - "aliases": [ - "CVE-2020-35380", - "GHSA-w942-gw6m-p62c" - ] - }, - "products": [ - { - "@id": "Unknown Product" - } - ], - "status": "not_affected", - "justification": "vulnerable_code_not_present", - "impact_statement": "Govulncheck determined that the vulnerable code isn't called" - }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0113", diff --git a/internal/openvex/handler.go b/internal/openvex/handler.go index 5087eb7..b5e43aa 100644 --- a/internal/openvex/handler.go +++ b/internal/openvex/handler.go @@ -118,6 +118,9 @@ func statements(h *handler) []Statement { var statements []Statement for id, osv := range h.osvs { + if _, found := h.levels[id]; !found { + continue + } description := osv.Summary if description == "" { description = osv.Details