зеркало из https://github.com/golang/vulndb.git
cmd/vulnreport: allow no CVE/GHSA in issue title
In vulnreport create, allow creation of a basic report if no CVE/GHSA is provided. As an unrelated small fix, don't print an empty log message if there are no xrefs for a created report. Change-Id: I10df39118f245f1cf898ecf4b8f6bbd4585497be Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/557075 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This commit is contained in:
Tatiana Bradley
Родитель
88531e0958
Коммит
a720662e13
|
|
@ -319,8 +319,14 @@ func createReport(ctx context.Context, cfg *createCfg, iss *issues.Issue) (r *re
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
infolog.Printf("no alias found, creating empty report %s", parsed.id)
|
infolog.Printf("no alias found, creating basic report for %s", parsed.id)
|
||||||
r = &report.Report{ID: parsed.id}
|
r = &report.Report{
|
||||||
|
ID: parsed.id,
|
||||||
|
Modules: []*report.Module{
|
||||||
|
{
|
||||||
|
Module: parsed.modulePath,
|
||||||
|
},
|
||||||
|
}}
|
||||||
}
|
}
|
||||||
|
|
||||||
if parsed.excluded != "" {
|
if parsed.excluded != "" {
|
||||||
|
|
@ -366,7 +372,12 @@ func create(ctx context.Context, issueNumber int, cfg *createCfg) (err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
outlog.Println(filename)
|
outlog.Println(filename)
|
||||||
infolog.Print(xref(filename, r, cfg.existingByFile))
|
|
||||||
|
xrefs := xref(filename, r, cfg.existingByFile)
|
||||||
|
if len(xrefs) != 0 {
|
||||||
|
infolog.Printf("found cross-references:\n%s", xrefs)
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -569,20 +580,20 @@ func parseGithubIssue(iss *issues.Issue, pc *proxy.Client, allowClosed bool) (*p
|
||||||
switch {
|
switch {
|
||||||
case p == "x/vulndb:":
|
case p == "x/vulndb:":
|
||||||
continue
|
continue
|
||||||
case strings.HasSuffix(p, ":"):
|
case cveschema5.IsCVE(p) || ghsa.IsGHSA(p):
|
||||||
|
parsed.aliases = append(parsed.aliases, strings.TrimSuffix(p, ","))
|
||||||
|
case strings.HasSuffix(p, ":") || strings.Contains(p, "/"):
|
||||||
// Remove backslashes.
|
// Remove backslashes.
|
||||||
parsed.modulePath = strings.ReplaceAll(strings.TrimSuffix(p, ":"), "\"", "")
|
parsed.modulePath = strings.ReplaceAll(strings.TrimSuffix(p, ":"), "\"", "")
|
||||||
// Find the underlying module if this is a package path.
|
// Find the underlying module if this is a package path.
|
||||||
if module, err := pc.FindModule(parsed.modulePath); err == nil { // no error
|
if module, err := pc.FindModule(parsed.modulePath); err == nil { // no error
|
||||||
parsed.modulePath = module
|
parsed.modulePath = module
|
||||||
}
|
}
|
||||||
case cveschema5.IsCVE(p) || ghsa.IsGHSA(p):
|
|
||||||
parsed.aliases = append(parsed.aliases, strings.TrimSuffix(p, ","))
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(parsed.aliases) == 0 {
|
if len(parsed.aliases) == 0 {
|
||||||
return nil, fmt.Errorf("%q has no CVE or GHSA IDs", iss.Title)
|
infolog.Printf("%q has no CVE or GHSA IDs\n", iss.Title)
|
||||||
}
|
}
|
||||||
|
|
||||||
return parsed, nil
|
return parsed, nil
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче