mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

gopls: include informational vulnerability diagnostics 

Unaffecting vulnerabilities that appear should be shown as
informational diagnostics. These do not have current version.

Change-Id: I5dc8d111fd9de8388195627c8f050a2660426abb
Reviewed-on: https://go-review.googlesource.com/c/tools/+/441875
Reviewed-by: Hyang-Ah Hana Kim <hyangah@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
gopls-CI: kokoro <noreply+kokoro@google.com>
Run-TryBot: Suzy Mueller <suzmue@golang.org>
This commit is contained in:
Suzy Mueller 2022-10-10 11:59:30 -04:00
parent 89b4335324
commit fa6bd3b49c
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
gopls/internal/lsp/mod/diagnostics.go
View File

@ -190,7 +190,7 @@ func ModVulnerabilityDiagnostics(ctx context.Context, snapshot source.Snapshot,
for _, v := range vulnList {
// Only show the diagnostic if the vulnerability was calculated
// for the module at the current version.
if semver.Compare(req.Mod.Version, v.CurrentVersion) != 0 {
if semver.IsValid(v.CurrentVersion) && semver.Compare(req.Mod.Version, v.CurrentVersion) != 0 {
continue
}

10
gopls/internal/regtest/misc/vuln_test.go
View File

@ -9,6 +9,7 @@ package misc
import (
"context"
"strings"
"testing"
"golang.org/x/tools/gopls/internal/lsp/command"
@ -321,12 +322,19 @@ func TestRunVulncheckExp(t *testing.T) {
ShownMessage("Found"),
OnceMet(
env.DiagnosticAtRegexpWithMessage("go.mod", `golang.org/amod`, "golang.org/amod has a known vulnerability: vuln in amod"),
env.DiagnosticAtRegexpWithMessage("go.mod", `golang.org/amod`, "golang.org/amod has a known vulnerability: unaffecting vulnerability"),
env.DiagnosticAtRegexpWithMessage("go.mod", `golang.org/bmod`, "golang.org/bmod has a known vulnerability: vuln in bmod\n\nThis is a long description of this vulnerability."),
ReadDiagnostics("go.mod", d),
),
)
env.ApplyQuickFixes("go.mod", d.Diagnostics)
var toFix []protocol.Diagnostic
for _, diag := range d.Diagnostics {
if strings.Contains(diag.Message, "vuln in ") {
toFix = append(toFix, diag)
}
}
env.ApplyQuickFixes("go.mod", toFix)
env.Await(env.DoneWithChangeWatchedFiles())
wantGoMod := `module golang.org/entry