Skip to content

Commit

Permalink
gopls/internal/govulncheck: sync x/vuln@4eb5ba4
Browse files Browse the repository at this point in the history 
Change-Id: Idf2147684626368116a5330fefb0a63d8c82f7a9
Reviewed-on: https://go-review.googlesource.com/c/tools/+/412456
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
gopls-CI: kokoro <noreply+kokoro@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
  • Loading branch information
@hyangah
hyangah committed Jun 16, 2022
1 parent 654a14b commit e8b9ff1
Showing 1 changed file with 14 additions and 5 deletions.
19 changes: 14 additions & 5 deletions gopls/internal/govulncheck/source.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ func LoadPackages(cfg *packages.Config, patterns ...string) ([]*vulncheck.Packag

// Source calls vulncheck.Source on the Go source in pkgs. It returns the result
// with Vulns trimmed to those that are actually called.
//
// This function is being used by the Go IDE team.
func Source(ctx context.Context, pkgs []*vulncheck.Package, c client.Client) (*vulncheck.Result, error) {
r, err := vulncheck.Source(ctx, pkgs, &vulncheck.Config{Client: c})
if err != nil {
Expand All @@ -77,14 +79,21 @@ func Source(ctx context.Context, pkgs []*vulncheck.Package, c client.Client) (*v

// CallInfo is information about calls to vulnerable functions.
type CallInfo struct {
CallStacks map[*vulncheck.Vuln][]vulncheck.CallStack // all call stacks
VulnGroups [][]*vulncheck.Vuln // vulns grouped by ID and package
ModuleVersions map[string]string // map from module paths to versions
TopPackages map[string]bool // top-level packages
// CallStacks contains all call stacks to vulnerable functions.
CallStacks map[*vulncheck.Vuln][]vulncheck.CallStack

// VulnGroups contains vulnerabilities grouped by ID and package.
VulnGroups [][]*vulncheck.Vuln

// ModuleVersions is a map of module paths to versions.
ModuleVersions map[string]string

// TopPackages contains the top-level packages in the call info.
TopPackages map[string]bool
}

// GetCallInfo computes call stacks and related information from a vulncheck.Result.
// I also makes a set of top-level packages from pkgs.
// It also makes a set of top-level packages from pkgs.
func GetCallInfo(r *vulncheck.Result, pkgs []*vulncheck.Package) *CallInfo {
pset := map[string]bool{}
for _, p := range pkgs {
Expand Down

0 comments on commit e8b9ff1

Please sign in to comment.