gopls/internal/vulncheck: skip vuln entries without callstacks

Vulnerability entries that do not have call traces are considered false-positives by govulncheck. Change-Id: I50d7fc815723038e904805213cd039a05934a469 Reviewed-on: https://go-review.googlesource.com/c/tools/+/396434 Trust: Hyang-Ah Hana Kim <hyangah@gmail.com> Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com> gopls-CI: kokoro <noreply+kokoro@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Jamal Carvalho <jamal@golang.org>
2022-03-29 11:47:39 -04:00 · 2022-03-29 11:47:39 -04:00 · e342718dfc
parent b22bc85c18
commit e342718dfc
1 changed files with 3 additions and 0 deletions
--- a/gopls/internal/vulncheck/command.go
+++ b/gopls/internal/vulncheck/command.go
@ -121,6 +121,9 @@ func toVulns(pkgs []*packages.Package, callstacks map[*vulncheck.Vuln][]vulnchec

 	var vulns []Vuln
 	for v, trace := range callstacks {
+		if len(trace) == 0 {
+			continue
+		}
 		vuln := Vuln{
 			ID:             v.OSV.ID,
 			Details:        v.OSV.Details,