From e342718dfc0e2ec7d4bdb8371cd0a0b1fbd07f8b Mon Sep 17 00:00:00 2001
From: Hana <hyangah@gmail.com>
Date: Tue, 29 Mar 2022 11:47:39 -0400
Subject: [PATCH] gopls/internal/vulncheck: skip vuln entries without
 callstacks

Vulnerability entries that do not have call traces are
considered false-positives by govulncheck.

Change-Id: I50d7fc815723038e904805213cd039a05934a469
Reviewed-on: https://go-review.googlesource.com/c/tools/+/396434
Trust: Hyang-Ah Hana Kim <hyangah@gmail.com>
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
gopls-CI: kokoro <noreply+kokoro@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jamal Carvalho <jamal@golang.org>
---
 gopls/internal/vulncheck/command.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gopls/internal/vulncheck/command.go b/gopls/internal/vulncheck/command.go
index 32b98ae248..1cd56b48ce 100644
--- a/gopls/internal/vulncheck/command.go
+++ b/gopls/internal/vulncheck/command.go
@@ -121,6 +121,9 @@ func toVulns(pkgs []*packages.Package, callstacks map[*vulncheck.Vuln][]vulnchec
 
 	var vulns []Vuln
 	for v, trace := range callstacks {
+		if len(trace) == 0 {
+			continue
+		}
 		vuln := Vuln{
 			ID:             v.OSV.ID,
 			Details:        v.OSV.Details,