cmd/vulnreport: remove option to pull GHSAs from the GraphQL api

This was a backup option in case osv.dev did not have the GHSA yet; this is no longer needed now that we're pulling directly from Github. Change-Id: Ib5a1b9752eac1efe2a91ef0403771d5575180402 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/597755 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
golang · Jul 15, 2024 · ce4433b · ce4433b
1 parent 4789343
commit ce4433b
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 7 deletions.
diff --git a/cmd/vulnreport/create.go b/cmd/vulnreport/create.go
@@ -13,7 +13,6 @@ import (
 
 var (
 	preferCVE       = flag.Bool("cve", false, "for create, prefer CVEs over GHSAs as canonical source")
-	graphQL         = flag.Bool("graphql", false, "for create, fetch GHSAs from the Github GraphQL API instead of the OSV database")
 	useAI           = flag.Bool("ai", false, "for create, use AI to write draft summary and description when creating report")
 	populateSymbols = flag.Bool("symbols", false, "for create, attempt to auto-populate symbols")
 	user            = flag.String("user", "", "for create & create-excluded, only consider issues assigned to the given user")

diff --git a/cmd/vulnreport/find_aliases.go b/cmd/vulnreport/find_aliases.go
@@ -155,12 +155,7 @@ func (a *aliasFinder) fetch(ctx context.Context, alias string) (report.Source, e
 	var f report.Fetcher
 	switch {
 	case idstr.IsGHSA(alias):
-		if *graphQL {
-			// Doesn't work for test environment yet.
-			f = a.gc.(*ghsa.Client)
-		} else {
-			f = genericosv.NewGHSAFetcher()
-		}
+		f = genericosv.NewGHSAFetcher()
 	case idstr.IsCVE(alias):
 		f = cve5.NewFetcher()
 	default: