-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
gopls/internal/govulncheck: sync x/vuln@62b0186
VulnDB OSV schema was changed recently https://go-review.googlesource.com/c/vulndb/+/424895 to fix the misinterpretation of 'affected.package.name', and the database entries were repopulated with the new schema. We need to update the client library to pick up the change. We also need to update the fake vulndb entries used in tests. gopls/regtest/misc/testdata/vulndb was copied from golang.org/x/vuln/cmd/govulncheck/testdata/vulndb @ 62b0186 (the version updated in cl/424895) Also reverse golang.org/cl/425183 which includes the position information in the SummarizeCallStack result. Like in govulncheck -v, the position info is already available in the callstack, thus this is unnecessary for us. Since x/vuln is currently frozen until the preview release, revert it from gopls/internal/vulncheck. Ran go mod tidy -compat=1.16; otherwise, the transitive dependency on github.com/client9/misspell from golang.org/x/vuln breaks go1.16 build. Updated copy.sh script to copy x/vuln/internal/semver package (golang/go#54401) and add the build tags back to all go files. Gopls's builder builds&tests packages with old go versions, so we still need go1.18 build tag. Fixes golang/go#54818 Change-Id: I37770d698082378656a7988d3412a4ca2196ca7b Reviewed-on: https://go-review.googlesource.com/c/tools/+/427542 gopls-CI: kokoro <noreply+kokoro@google.com> Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com>
- Loading branch information
Showing
17 changed files
with
313 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
// Copyright 2022 The Go Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style | ||
// license that can be found in the LICENSE file. | ||
|
||
//go:build go1.18 | ||
// +build go1.18 | ||
|
||
package govulncheck | ||
|
||
import ( | ||
"path/filepath" | ||
"strings" | ||
) | ||
|
||
// AbsRelShorter takes path and returns its path relative | ||
// to the current directory, if shorter. Returns path | ||
// when path is an empty string or upon any error. | ||
func AbsRelShorter(path string) string { | ||
if path == "" { | ||
return "" | ||
} | ||
|
||
c, err := filepath.Abs(".") | ||
if err != nil { | ||
return path | ||
} | ||
r, err := filepath.Rel(c, path) | ||
if err != nil { | ||
return path | ||
} | ||
|
||
rSegments := strings.Split(r, string(filepath.Separator)) | ||
pathSegments := strings.Split(path, string(filepath.Separator)) | ||
if len(rSegments) < len(pathSegments) { | ||
return r | ||
} | ||
return path | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
// Copyright 2022 The Go Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style | ||
// license that can be found in the LICENSE file. | ||
|
||
//go:build go1.18 | ||
// +build go1.18 | ||
|
||
package govulncheck | ||
|
||
import ( | ||
"os" | ||
"path/filepath" | ||
"testing" | ||
) | ||
|
||
func TestAbsRelShorter(t *testing.T) { | ||
thisFile := "filepath_test.go" | ||
thisFileAbs, _ := filepath.Abs(thisFile) | ||
|
||
tf, err := os.CreateTemp("", "filepath_test.gp") | ||
if err != nil { | ||
t.Errorf("could not create temporary filepath_test.go file: %v", err) | ||
} | ||
tempFile := tf.Name() | ||
tempFileAbs, _ := filepath.Abs(tempFile) | ||
|
||
for _, test := range []struct { | ||
l string | ||
want string | ||
}{ | ||
{thisFile, "filepath_test.go"}, | ||
{thisFileAbs, "filepath_test.go"}, | ||
// Relative path to temp file from "." is longer as | ||
// it needs to go back the length of the absolute | ||
// path and then in addition go to os.TempDir. | ||
{tempFile, tempFileAbs}, | ||
} { | ||
if got := AbsRelShorter(test.l); got != test.want { | ||
t.Errorf("want %s; got %s", test.want, got) | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
// Copyright 2022 The Go Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style | ||
// license that can be found in the LICENSE file. | ||
|
||
//go:build go1.18 | ||
// +build go1.18 | ||
|
||
// Package semver provides shared utilities for manipulating | ||
// Go semantic versions. | ||
package semver | ||
|
||
import ( | ||
"regexp" | ||
"strings" | ||
) | ||
|
||
// addSemverPrefix adds a 'v' prefix to s if it isn't already prefixed | ||
// with 'v' or 'go'. This allows us to easily test go-style SEMVER | ||
// strings against normal SEMVER strings. | ||
func addSemverPrefix(s string) string { | ||
if !strings.HasPrefix(s, "v") && !strings.HasPrefix(s, "go") { | ||
return "v" + s | ||
} | ||
return s | ||
} | ||
|
||
// removeSemverPrefix removes the 'v' or 'go' prefixes from go-style | ||
// SEMVER strings, for usage in the public vulnerability format. | ||
func removeSemverPrefix(s string) string { | ||
s = strings.TrimPrefix(s, "v") | ||
s = strings.TrimPrefix(s, "go") | ||
return s | ||
} | ||
|
||
// CanonicalizeSemverPrefix turns a SEMVER string into the canonical | ||
// representation using the 'v' prefix, as used by the OSV format. | ||
// Input may be a bare SEMVER ("1.2.3"), Go prefixed SEMVER ("go1.2.3"), | ||
// or already canonical SEMVER ("v1.2.3"). | ||
func CanonicalizeSemverPrefix(s string) string { | ||
return addSemverPrefix(removeSemverPrefix(s)) | ||
} | ||
|
||
var ( | ||
// Regexp for matching go tags. The groups are: | ||
// 1 the major.minor version | ||
// 2 the patch version, or empty if none | ||
// 3 the entire prerelease, if present | ||
// 4 the prerelease type ("beta" or "rc") | ||
// 5 the prerelease number | ||
tagRegexp = regexp.MustCompile(`^go(\d+\.\d+)(\.\d+|)((beta|rc|-pre)(\d+))?$`) | ||
) | ||
|
||
// This is a modified copy of pkgsite/internal/stdlib:VersionForTag. | ||
func GoTagToSemver(tag string) string { | ||
if tag == "" { | ||
return "" | ||
} | ||
|
||
tag = strings.Fields(tag)[0] | ||
// Special cases for go1. | ||
if tag == "go1" { | ||
return "v1.0.0" | ||
} | ||
if tag == "go1.0" { | ||
return "" | ||
} | ||
m := tagRegexp.FindStringSubmatch(tag) | ||
if m == nil { | ||
return "" | ||
} | ||
version := "v" + m[1] | ||
if m[2] != "" { | ||
version += m[2] | ||
} else { | ||
version += ".0" | ||
} | ||
if m[3] != "" { | ||
if !strings.HasPrefix(m[4], "-") { | ||
version += "-" | ||
} | ||
version += m[4] + "." + m[5] | ||
} | ||
return version | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
// Copyright 2022 The Go Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style | ||
// license that can be found in the LICENSE file. | ||
|
||
//go:build go1.18 | ||
// +build go1.18 | ||
|
||
package semver | ||
|
||
import ( | ||
"testing" | ||
) | ||
|
||
func TestCanonicalize(t *testing.T) { | ||
for _, test := range []struct { | ||
v string | ||
want string | ||
}{ | ||
{"v1.2.3", "v1.2.3"}, | ||
{"1.2.3", "v1.2.3"}, | ||
{"go1.2.3", "v1.2.3"}, | ||
} { | ||
got := CanonicalizeSemverPrefix(test.v) | ||
if got != test.want { | ||
t.Errorf("want %s; got %s", test.want, got) | ||
} | ||
} | ||
} | ||
|
||
func TestGoTagToSemver(t *testing.T) { | ||
for _, test := range []struct { | ||
v string | ||
want string | ||
}{ | ||
{"go1.19", "v1.19.0"}, | ||
{"go1.20-pre4", "v1.20.0-pre.4"}, | ||
} { | ||
got := GoTagToSemver(test.v) | ||
if got != test.want { | ||
t.Errorf("want %s; got %s", test.want, got) | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.