From 25985ceb20a5149d1b93b4ee0fca3bcb2993a553 Mon Sep 17 00:00:00 2001
From: Maceo Thompson <maceothompson@google.com>
Date: Tue, 21 Nov 2023 14:08:37 -0500
Subject: [PATCH] internal/scan: disallow package input in mod level

Throws an error when the user attempts to input a package path when
running govulncheck with -scan=module.

Change-Id: I97c6dd32c027a42e1bd4b3edd8e1bea90b447888
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/544595
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 cmd/govulncheck/testdata/testfiles/failures/source_fail.ct | 5 +++++
 internal/scan/flags.go                                     | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/cmd/govulncheck/testdata/testfiles/failures/source_fail.ct b/cmd/govulncheck/testdata/testfiles/failures/source_fail.ct
index d4a345c..fded793 100644
--- a/cmd/govulncheck/testdata/testfiles/failures/source_fail.ct
+++ b/cmd/govulncheck/testdata/testfiles/failures/source_fail.ct
@@ -28,3 +28,8 @@ There are errors with the provided package patterns:
 -: package foo is not in GOROOT (/tmp/foo)
 
 For details on package patterns, see https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns.
+
+#####
+# Test of handing a package pattern to scan level module
+$ govulncheck -scan module -C ${moddir}/vuln pattern --> FAIL 2
+patterns are not accepted for module only scanning
diff --git a/internal/scan/flags.go b/internal/scan/flags.go
index 348c533..c59bdba 100644
--- a/internal/scan/flags.go
+++ b/internal/scan/flags.go
@@ -107,6 +107,9 @@ func validateConfig(cfg *config) error {
 		if len(cfg.patterns) == 1 && isFile(cfg.patterns[0]) {
 			return fmt.Errorf("%q is a file.\n\n%v", cfg.patterns[0], errNoBinaryFlag)
 		}
+		if cfg.ScanLevel == govulncheck.ScanLevelModule && len(cfg.patterns) != 0 {
+			return fmt.Errorf("patterns are not accepted for module only scanning")
+		}
 	case modeBinary:
 		if cfg.test {
 			return fmt.Errorf("the -test flag is not supported in binary mode")