internal/report: refactor CVEToReport

Add Go ID as input to CVEToReport and refactor so that the function calls an internal function, cveToReport, which does not depend on the proxy. This will ease testing in an upcoming change. Change-Id: I3560c32f84e591254d03ff26605b90357fed8a89 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/547075 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]>
golang · Dec 6, 2023 · 8ee0209 · 8ee0209
1 parent 7a77555
commit 8ee0209
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 4 deletions.
diff --git a/cmd/vulnreport/main.go b/cmd/vulnreport/main.go
@@ -537,7 +537,7 @@ func reportFromAlias(ctx context.Context, id, modulePath, alias string, cfg *cre
 		if err := cvelistrepo.FetchCVE(ctx, loadCVERepo(ctx), alias, cve); err != nil {
 			return nil, err
 		}
-		r = report.CVEToReport(cve, modulePath, cfg.proxyClient)
+		r = report.CVEToReport(cve, id, modulePath, cfg.proxyClient)
 	default:
 		r = &report.Report{}
 	}

diff --git a/internal/report/cve.go b/internal/report/cve.go
@@ -32,7 +32,13 @@ func removeNewlines(s string) string {
 }
 
 // CVEToReport creates a Report struct from a given CVE and modulePath.
-func CVEToReport(c *cveschema.CVE, modulePath string, pc *proxy.Client) *Report {
+func CVEToReport(c *cveschema.CVE, id, modulePath string, pc *proxy.Client) *Report {
+	r := cveToReport(c, id, modulePath)
+	r.Fix(pc)
+	return r
+}
+
+func cveToReport(c *cveschema.CVE, id, modulePath string) *Report {
 	var description Description
 	for _, d := range c.Description.Data {
 		description += Description(d.Value + "\n")
@@ -63,6 +69,7 @@ func CVEToReport(c *cveschema.CVE, modulePath string, pc *proxy.Client) *Report
 		pkgPath = modulePath
 	}
 	r := &Report{
+		ID: id,
 		Modules: []*Module{{
 			Module: modulePath,
 			Packages: []*Package{{
@@ -84,6 +91,5 @@ func CVEToReport(c *cveschema.CVE, modulePath string, pc *proxy.Client) *Report
 	} else {
 		r.CVEs = []string{c.Metadata.ID}
 	}
-	r.Fix(pc)
 	return r
 }
diff --git a/internal/worker/worker.go b/internal/worker/worker.go
@@ -270,7 +270,7 @@ func newCVEBody(sr storeRecord, allReports map[string]*report.Report, pc *proxy.
 	if cr.CVE.Metadata.ID == "" {
 		cr.CVE.Metadata.ID = cr.ID
 	}
-	r := report.CVEToReport(cr.CVE, cr.Module, pc)
+	r := report.CVEToReport(cr.CVE, "GO-ID-PENDING", cr.Module, pc)
 	r.Description = ""
 	out, err := r.ToString()
 	if err != nil {

diff --git a/internal/worker/worker_test.go b/internal/worker/worker_test.go
@@ -286,6 +286,7 @@ Cross references:
 See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.
 
 ` + "```" + `
+id: GO-ID-PENDING
 modules:
     - module: a.Module
       packages: