diff --git a/cmd/vulnreport/main.go b/cmd/vulnreport/main.go index 9e92e0cd..36fc7efb 100644 --- a/cmd/vulnreport/main.go +++ b/cmd/vulnreport/main.go @@ -537,7 +537,7 @@ func reportFromAlias(ctx context.Context, id, modulePath, alias string, cfg *cre if err := cvelistrepo.FetchCVE(ctx, loadCVERepo(ctx), alias, cve); err != nil { return nil, err } - r = report.CVEToReport(cve, modulePath, cfg.proxyClient) + r = report.CVEToReport(cve, id, modulePath, cfg.proxyClient) default: r = &report.Report{} } diff --git a/internal/report/cve.go b/internal/report/cve.go index 032ade6b..1f90bb14 100644 --- a/internal/report/cve.go +++ b/internal/report/cve.go @@ -32,7 +32,13 @@ func removeNewlines(s string) string { } // CVEToReport creates a Report struct from a given CVE and modulePath. -func CVEToReport(c *cveschema.CVE, modulePath string, pc *proxy.Client) *Report { +func CVEToReport(c *cveschema.CVE, id, modulePath string, pc *proxy.Client) *Report { + r := cveToReport(c, id, modulePath) + r.Fix(pc) + return r +} + +func cveToReport(c *cveschema.CVE, id, modulePath string) *Report { var description Description for _, d := range c.Description.Data { description += Description(d.Value + "\n") @@ -63,6 +69,7 @@ func CVEToReport(c *cveschema.CVE, modulePath string, pc *proxy.Client) *Report pkgPath = modulePath } r := &Report{ + ID: id, Modules: []*Module{{ Module: modulePath, Packages: []*Package{{ @@ -84,6 +91,5 @@ func CVEToReport(c *cveschema.CVE, modulePath string, pc *proxy.Client) *Report } else { r.CVEs = []string{c.Metadata.ID} } - r.Fix(pc) return r } diff --git a/internal/worker/worker.go b/internal/worker/worker.go index 4d30e58a..f3d969be 100644 --- a/internal/worker/worker.go +++ b/internal/worker/worker.go @@ -270,7 +270,7 @@ func newCVEBody(sr storeRecord, allReports map[string]*report.Report, pc *proxy. if cr.CVE.Metadata.ID == "" { cr.CVE.Metadata.ID = cr.ID } - r := report.CVEToReport(cr.CVE, cr.Module, pc) + r := report.CVEToReport(cr.CVE, "GO-ID-PENDING", cr.Module, pc) r.Description = "" out, err := r.ToString() if err != nil { diff --git a/internal/worker/worker_test.go b/internal/worker/worker_test.go index f41341ca..249ec56a 100644 --- a/internal/worker/worker_test.go +++ b/internal/worker/worker_test.go @@ -286,6 +286,7 @@ Cross references: See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report. ` + "```" + ` +id: GO-ID-PENDING modules: - module: a.Module packages: