in internal/report/cve.go [133:187]
func CVEToReport(c *cveschema.CVE, modulePath string) *Report {
var description string
for _, d := range c.Description.Data {
description += d.Value + "\n"
}
var (
pr, commit string
context []string
)
for _, r := range c.References.Data {
if strings.Contains(r.URL, "go-review.googlesource.com") {
pr = r.URL
} else if strings.Contains(r.URL, "commit") {
commit = r.URL
} else if strings.Contains(r.URL, "pull") {
pr = r.URL
} else {
context = append(context, r.URL)
}
}
sort.Strings(context)
var credits []string
for _, v := range c.Credit.Data.Description.Data {
credits = append(credits, v.Value)
}
credit := strings.Join(credits, "\t")
var pkgPath string
if data := c.Affects.Vendor.Data; len(data) > 0 {
if data2 := data[0].Product.Data; len(data2) > 0 {
pkgPath = data2[0].ProductName
}
}
r := &Report{
Module: modulePath,
Package: pkgPath,
Description: description,
CVEs: []string{c.Metadata.ID},
Credit: credit,
Links: Links{
Commit: commit,
PR: pr,
Context: context,
},
}
if !strings.Contains(modulePath, ".") {
r.Module = stdlib.ModulePath
r.Package = modulePath
}
if stdlib.Contains(r.Module) && r.Package == "" {
r.Package = modulePath
}
r.Fix()
return r
}