mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
go/gopls/internal/govulncheck
History
Hana (Hyang-Ah) Kim eb8352e307 gopls/internal/govulncheck: sync x/vuln@62b0186 
VulnDB OSV schema was changed recently
  https://go-review.googlesource.com/c/vulndb/+/424895
to fix the misinterpretation of 'affected.package.name',
and the database entries were repopulated with the new schema.
We need to update the client library to pick up the change.
We also need to update the fake vulndb entries used in tests.

gopls/regtest/misc/testdata/vulndb was copied from
  golang.org/x/vuln/cmd/govulncheck/testdata/vulndb @ 62b0186
(the version updated in cl/424895)

Also reverse golang.org/cl/425183 which includes the position
information in the SummarizeCallStack result. Like in govulncheck -v,
the position info is already available in the callstack, thus
this is unnecessary for us. Since x/vuln is currently frozen
until the preview release, revert it from gopls/internal/vulncheck.

Ran go mod tidy -compat=1.16; otherwise, the transitive dependency
on github.com/client9/misspell from golang.org/x/vuln breaks go1.16
build.

Updated copy.sh script to copy x/vuln/internal/semver package
(golang/go#54401) and add the build tags back to all go files.
Gopls's builder builds&tests packages with old go versions,
so we still need go1.18 build tag.

Fixes golang/go#54818

Change-Id: I37770d698082378656a7988d3412a4ca2196ca7b
Reviewed-on: https://go-review.googlesource.com/c/tools/+/427542
gopls-CI: kokoro <noreply+kokoro@google.com>
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
 		2022-09-02 15:10:33 +00:00
..
semver gopls/internal/govulncheck: sync x/vuln@62b0186 2022-09-02 15:10:33 +00:00
README.md gopls/internal/govulncheck: sync x/vuln@b9a3ad9 2022-07-22 16:51:01 +00:00
cache.go gopls/internal/govulncheck: sync x/vuln@62b0186 2022-09-02 15:10:33 +00:00
cache_test.go gopls/internal/govulncheck: sync x/vuln@62b0186 2022-09-02 15:10:33 +00:00
copy.sh gopls/internal/govulncheck: sync x/vuln@62b0186 2022-09-02 15:10:33 +00:00
filepath.go gopls/internal/govulncheck: sync x/vuln@62b0186 2022-09-02 15:10:33 +00:00
filepath_test.go gopls/internal/govulncheck: sync x/vuln@62b0186 2022-09-02 15:10:33 +00:00
source.go gopls/internal/govulncheck: sync x/vuln@62b0186 2022-09-02 15:10:33 +00:00
util.go gopls/internal/govulncheck: sync x/vuln@62b0186 2022-09-02 15:10:33 +00:00
util_test.go gopls/internal/vulncheck: use internal/govulncheck 2022-05-31 21:46:24 +00:00

README.md

internal/govulncheck package

This package is a literal copy of the cmd/govulncheck/internal/govulncheck package in the vuln repo (https://go.googlesource.com/vuln).

The copy.sh does the copying, after removing all .go files here. To use it:

  1. Clone the vuln repo to a directory next to the directory holding this repo (tools). After doing that your directory structure should look something like

    ~/repos/x/tools/gopls/...
~/repos/x/vuln/...

  2. cd to this directory.

  3. Run copy.sh.

  4. Re-add build tags for go1.18