internal/scan: disallow package input in mod level

Throws an error when the user attempts to input a package path when running govulncheck with -scan=module. Change-Id: I97c6dd32c027a42e1bd4b3edd8e1bea90b447888 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/544595 Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2023-11-21 14:08:37 -05:00 · 2023-11-21 14:08:37 -05:00 · 25985ceb20
--- a/cmd/govulncheck/testdata/testfiles/failures/source_fail.ct
+++ b/cmd/govulncheck/testdata/testfiles/failures/source_fail.ct
@ -28,3 +28,8 @@ There are errors with the provided package patterns:
 -: package foo is not in GOROOT (/tmp/foo)

 For details on package patterns, see https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns.
+
+#####
+# Test of handing a package pattern to scan level module
+$ govulncheck -scan module -C ${moddir}/vuln pattern --> FAIL 2
+patterns are not accepted for module only scanning
--- a/internal/scan/flags.go
+++ b/internal/scan/flags.go
@ -107,6 +107,9 @@ func validateConfig(cfg *config) error {
 		if len(cfg.patterns) == 1 && isFile(cfg.patterns[0]) {
 			return fmt.Errorf("%q is a file.\n\n%v", cfg.patterns[0], errNoBinaryFlag)
 		}
+		if cfg.ScanLevel == govulncheck.ScanLevelModule && len(cfg.patterns) != 0 {
+			return fmt.Errorf("patterns are not accepted for module only scanning")
+		}
 	case modeBinary:
 		if cfg.test {
 			return fmt.Errorf("the -test flag is not supported in binary mode")