diff --git a/all_test.go b/all_test.go index e2df55ac..83fa59a5 100644 --- a/all_test.go +++ b/all_test.go @@ -113,7 +113,7 @@ func TestLintReports(t *testing.T) { } lints := lint(r) if len(lints) > 0 { - t.Errorf(strings.Join(lints, "\n")) + t.Error(strings.Join(lints, "\n")) } duplicates := make(map[string][]string) for _, alias := range r.Aliases() { diff --git a/internal/cve5/cveclient.go b/internal/cve5/cveclient.go index 977ad140..ec6e6ec6 100644 --- a/internal/cve5/cveclient.go +++ b/internal/cve5/cveclient.go @@ -7,6 +7,7 @@ package cve5 import ( "bytes" "encoding/json" + "errors" "fmt" "io" "net/http" @@ -496,5 +497,5 @@ func extractError(resp *http.Response) error { errMsg = fmt.Sprintf("%s\n %s: %s", errMsg, detail.InstancePath, detail.Message) } - return fmt.Errorf(errMsg) + return errors.New(errMsg) } diff --git a/internal/cve5/testdata/cve/TestToReport/CVE-2021-27919.txtar b/internal/cve5/testdata/cve/TestToReport/CVE-2021-27919.txtar index ff459a97..c9076d48 100644 --- a/internal/cve5/testdata/cve/TestToReport/CVE-2021-27919.txtar +++ b/internal/cve5/testdata/cve/TestToReport/CVE-2021-27919.txtar @@ -24,8 +24,8 @@ notes: - lint: 'modules[0] "std": packages[0] "archive/zip": at least one of vulnerable_at and skip_fix must be set' - lint: 'references: must contain at least one fix' - lint: 'references: must contain at least one report' - - lint: 'references[0] "https://lists.fedoraproject.org/archives/list/package-announce%!l(MISSING)ists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/": "https://lists.fedoraproject.org/archives/list/package-announce%!l(MISSING)ists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/": advisory reference must not be set for first-party issues' - - lint: 'references[1] "https://lists.fedoraproject.org/archives/list/package-announce%!l(MISSING)ists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/": "https://lists.fedoraproject.org/archives/list/package-announce%!l(MISSING)ists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/": advisory reference must not be set for first-party issues' + - lint: 'references[0] "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/": advisory reference must not be set for first-party issues' + - lint: 'references[1] "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/": advisory reference must not be set for first-party issues' - lint: 'references[2] "https://nvd.nist.gov/vuln/detail/CVE-2021-27919": "https://nvd.nist.gov/vuln/detail/CVE-2021-27919": advisory reference must not be set for first-party issues' - lint: 'references[3] "https://security.gentoo.org/glsa/202208-02": "https://security.gentoo.org/glsa/202208-02": advisory reference must not be set for first-party issues' source: diff --git a/internal/cve5/testdata/cve/TestToReport/CVE-2021-3115.txtar b/internal/cve5/testdata/cve/TestToReport/CVE-2021-3115.txtar index e7508caa..ccdad763 100644 --- a/internal/cve5/testdata/cve/TestToReport/CVE-2021-3115.txtar +++ b/internal/cve5/testdata/cve/TestToReport/CVE-2021-3115.txtar @@ -25,7 +25,7 @@ notes: - lint: 'modules[0] "cmd": packages[0] "cmd/go": at least one of vulnerable_at and skip_fix must be set' - lint: 'references: must contain at least one fix' - lint: 'references: must contain at least one report' - - lint: 'references[0] "https://lists.fedoraproject.org/archives/list/package-announce%!l(MISSING)ists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/": "https://lists.fedoraproject.org/archives/list/package-announce%!l(MISSING)ists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/": advisory reference must not be set for first-party issues' + - lint: 'references[0] "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/": advisory reference must not be set for first-party issues' - lint: 'references[1] "https://nvd.nist.gov/vuln/detail/CVE-2021-3115": "https://nvd.nist.gov/vuln/detail/CVE-2021-3115": advisory reference must not be set for first-party issues' - lint: 'references[2] "https://security.gentoo.org/glsa/202208-02": "https://security.gentoo.org/glsa/202208-02": advisory reference must not be set for first-party issues' - lint: 'references[3] "https://blog.go.dev/path-security": "https://blog.go.dev/path-security": web reference must match regex "https://groups.google.com/g/golang-(announce|dev|nuts)/c/([^/]+)"' diff --git a/internal/report/lint.go b/internal/report/lint.go index 924e081a..260041b7 100644 --- a/internal/report/lint.go +++ b/internal/report/lint.go @@ -481,7 +481,7 @@ func (r *Report) LintAsNotes(pc *proxy.Client) bool { if lints := r.Lint(pc); len(lints) > 0 { slices.Sort(lints) for _, lint := range lints { - r.AddNote(NoteTypeLint, lint) + r.AddNote(NoteTypeLint, "%s", lint) } return true } diff --git a/internal/worker/server.go b/internal/worker/server.go index f78c392c..f03cc96f 100644 --- a/internal/worker/server.go +++ b/internal/worker/server.go @@ -153,7 +153,7 @@ func (s *Server) serveError(ctx context.Context, w http.ResponseWriter, _ *http. serr = &serverError{status: http.StatusInternalServerError, err: err} } if serr.status == http.StatusInternalServerError { - log.Errorf(ctx, serr.err.Error()) + log.Errorf(ctx, "%s", serr.err.Error()) } else { log.Errorf(ctx, "returning %d (%s) for error %v", serr.status, http.StatusText(serr.status), err) }