Skip to content

Commit

Permalink
internal/report: refactor - make Summary its own type
Browse files Browse the repository at this point in the history
Convert Summary (previously a plain string) to a named type so that
methods can be defined on it. Move logic to lint summaries to a new
method, Summary.lint.

Change-Id: I97afb15369dec19a5ed9e2b1865da59d90bae940
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/542356
Reviewed-by: Damien Neil <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
  • Loading branch information
tatianab committed Nov 16, 2023
1 parent 6559b49 commit 79523f1
Show file tree
Hide file tree
Showing 10 changed files with 33 additions and 22 deletions.
2 changes: 1 addition & 1 deletion cmd/vulnreport/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -719,7 +719,7 @@ func hasUnaddressedTodos(r *report.Report) bool {
if any(r.CVEs) || any(r.GHSAs) {
return true
}
return is(r.Summary) || is(r.Description) || any(r.Credits)
return is(r.Summary.String()) || is(r.Description) || any(r.Credits)
}

// addReferenceTODOs adds a TODO for each important reference type not
Expand Down
2 changes: 1 addition & 1 deletion cmd/vulnreport/suggest.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ func suggest(_ context.Context, filename string) (err error) {
}
switch choice {
case "a":
r.Summary = s.Summary
r.Summary = report.Summary(s.Summary)
r.Description = s.Description
if err := r.Write(filename); err != nil {
errlog.Println(err)
Expand Down
2 changes: 1 addition & 1 deletion internal/genericosv/report.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ import (
func (osv *Entry) ToReport(goID string, pc *proxy.Client) *report.Report {
r := &report.Report{
ID: goID,
Summary: osv.Summary,
Summary: report.Summary(osv.Summary),
Description: osv.Details,
}
addAlias := func(alias string) {
Expand Down
2 changes: 1 addition & 1 deletion internal/palmapi/gen_examples/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ func toExamples(vs []*vuln) (palmapi.Examples, error) {
Description: v.ghsa.Details,
},
Suggestion: palmapi.Suggestion{
Summary: removeNewlines(v.r.Summary),
Summary: removeNewlines(v.r.Summary.String()),
Description: removeNewlines(v.r.Description),
},
}
Expand Down
2 changes: 1 addition & 1 deletion internal/report/cve5.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ func (r *Report) ToCVE5() (_ *cveschema5.CVERecord, err error) {
ProviderMetadata: cveschema5.ProviderMetadata{
OrgID: GoOrgUUID,
},
Title: removeNewlines(r.Summary),
Title: removeNewlines(r.Summary.String()),
Descriptions: []cveschema5.Description{
{
Lang: "en",
Expand Down
2 changes: 1 addition & 1 deletion internal/report/fix.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ func (r *Report) Fix(pc *proxy.Client) {
fixLines := func(sp *string) {
*sp = fixLineLength(*sp, maxLineLength)
}
fixLines(&r.Summary)
fixLines((*string)(&r.Summary))
fixLines(&r.Description)
if r.CVEMetadata != nil {
fixLines(&r.CVEMetadata.Description)
Expand Down
2 changes: 1 addition & 1 deletion internal/report/ghsa.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import (
// GHSAToReport creates a Report struct from a given GHSA SecurityAdvisory and modulePath.
func GHSAToReport(sa *ghsa.SecurityAdvisory, modulePath string, pc *proxy.Client) *Report {
r := &Report{
Summary: sa.Summary,
Summary: Summary(sa.Summary),
Description: sa.Description,
}
var cves, ghsas []string
Expand Down
29 changes: 17 additions & 12 deletions internal/report/lint.go
Original file line number Diff line number Diff line change
Expand Up @@ -294,6 +294,22 @@ func (r *Report) lintDescription(addIssue func(string)) {
}
}

func (s *Summary) lint(addIssue func(string)) {
summary := s.String()
if len(summary) == 0 {
addIssue("missing summary")
}
if strings.HasPrefix(summary, "TODO") {
addIssue("summary contains a TODO")
}
if l := len(summary); l > 100 {
addIssue(fmt.Sprintf("summary is too long: %d characters (max 100)", l))
}
if strings.HasSuffix(summary, ".") {
addIssue("summary should not end in a period (should be a phrase, not a sentence)")
}
}

func (r *Report) IsExcluded() bool {
return r.Excluded != ""
}
Expand Down Expand Up @@ -392,18 +408,7 @@ func (r *Report) lint(pc *proxy.Client) []string {
addIssue("no modules")
}
r.lintDescription(addIssue)
if r.Summary == "" {
addIssue("missing summary")
}
if strings.HasPrefix(r.Summary, "TODO") {
addIssue("summary contains a TODO")
}
if l := len(r.Summary); l > 100 {
addIssue(fmt.Sprintf("summary is too long: %d characters (max 100)", l))
}
if strings.HasSuffix(r.Summary, ".") {
addIssue("summary should not end in a period (should be a phrase, not a sentence)")
}
r.Summary.lint(addIssue)
}

isFirstParty := false
Expand Down
4 changes: 2 additions & 2 deletions internal/report/osv.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ func (r *Report) ToOSV(lastModified time.Time) osv.Entry {
// govulncheck can robustly display summaries in place of details.
details := r.Description
if details == "" {
details = r.Summary
details = r.Summary.String()
}

entry := osv.Entry{
Expand All @@ -59,7 +59,7 @@ func (r *Report) ToOSV(lastModified time.Time) osv.Entry {
Modified: osv.Time{Time: lastModified},
Withdrawn: withdrawn,
Related: r.Related,
Summary: toParagraphs(r.Summary),
Summary: toParagraphs(r.Summary.String()),
Details: toParagraphs(details),
Credits: credits,
SchemaVersion: SchemaVersion,
Expand Down
8 changes: 7 additions & 1 deletion internal/report/report.go
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@ type Report struct {
Modules []*Module `yaml:",omitempty"`

// Summary is a short phrase describing the vulnerability.
Summary string `yaml:",omitempty"`
Summary Summary `yaml:",omitempty"`

// Description is the CVE description from an existing CVE. If we are
// assigning a CVE ID ourselves, use CVEMetadata.Description instead.
Expand Down Expand Up @@ -223,6 +223,12 @@ type Report struct {
Notes []*Note `yaml:",omitempty"`
}

type Summary string

func (s *Summary) String() string {
return string(*s)
}

// GoCVE returns the CVE assigned to this report by the Go CNA,
// or the empty string if not applicable.
func (r *Report) GoCVE() string {
Expand Down

0 comments on commit 79523f1

Please sign in to comment.