diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index f1311f7..4df5be8 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -24,7 +24,7 @@ jobs: go-version: '1.21' #cache: false - name: golangci-lint - uses: golangci/golangci-lint-action@v5 + uses: golangci/golangci-lint-action@v6 with: # Optional: golangci-lint command line arguments. args: -D errcheck diff --git a/.golangci.yaml b/.golangci.yaml index b45f630..620dd3e 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -5,6 +5,9 @@ run: # https://golangci-lint.run/usage/false-positives/ # https://staticcheck.io/docs/ linters-settings: + govet: + disable: + - printf staticcheck: checks: - all diff --git a/.vscode/settings.json b/.vscode/settings.json index 0ef6ff6..e03256c 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -50,6 +50,7 @@ "gojsondiff", "gojsonschema", "gomod", + "govet", "GTPL", "hasher", "hashstructure", diff --git a/README.md b/README.md index 17e5d58..5641253 100644 --- a/README.md +++ b/README.md @@ -1669,7 +1669,7 @@ In this example, the `--from` filter will return the entire JSON components arra ] ``` -**Note**: The command for this example only used the `--from` flag and did not need to supply `--select '*'` as this us the default. +**Note**: The command for this example only used the `--from` flag and did not need to supply `--select '*'` as this is the default. ##### Example: Filter result entries with a specified value diff --git a/cmd/component.go b/cmd/component.go index 7716352..8e12d21 100644 --- a/cmd/component.go +++ b/cmd/component.go @@ -20,6 +20,7 @@ package cmd import ( "encoding/csv" + "errors" "fmt" "io" "sort" @@ -395,7 +396,7 @@ func DisplayComponentListCSV(bom *schema.BOM, writer io.Writer, flags utils.Comp // unable to emit an error message into output stream return getLogger().Errorf("error writing to output (%v): %s", currentRow, err) } - return fmt.Errorf(currentRow[0]) + return errors.New(MSG_OUTPUT_NO_RESOURCES_FOUND) } // Sort Components prior to outputting @@ -443,7 +444,7 @@ func DisplayComponentListMarkdown(bom *schema.BOM, writer io.Writer, flags utils // Emit no components found warning into output if len(entries) == 0 { fmt.Fprintf(writer, "%s\n", MSG_OUTPUT_NO_COMPONENTS_FOUND) - return fmt.Errorf(MSG_OUTPUT_NO_COMPONENTS_FOUND) + return errors.New(MSG_OUTPUT_NO_COMPONENTS_FOUND) } // Sort Components prior to outputting diff --git a/cmd/license_policy.go b/cmd/license_policy.go index 8519cfb..f099fc5 100644 --- a/cmd/license_policy.go +++ b/cmd/license_policy.go @@ -20,6 +20,7 @@ package cmd import ( "encoding/csv" + "errors" "fmt" "io" "sort" @@ -262,7 +263,7 @@ func DisplayLicensePoliciesTabbedText(writer io.Writer, filteredPolicyMap *slice // Emit no schemas found warning into output // TODO Use only for Warning messages, do not emit in output table if len(keyNames) == 0 { - return fmt.Errorf(MSG_OUTPUT_NO_POLICIES_FOUND) + return errors.New(MSG_OUTPUT_NO_POLICIES_FOUND) } // Sort entries by family name @@ -353,7 +354,7 @@ func DisplayLicensePoliciesCSV(writer io.Writer, filteredPolicyMap *slicemultima // TODO Use only for Warning messages, do not emit in output table if len(keyNames) == 0 { fmt.Fprintf(writer, "%s\n", MSG_OUTPUT_NO_POLICIES_FOUND) - return fmt.Errorf(MSG_OUTPUT_NO_POLICIES_FOUND) + return errors.New(MSG_OUTPUT_NO_POLICIES_FOUND) } // Sort entries by family name @@ -405,7 +406,7 @@ func DisplayLicensePoliciesMarkdown(writer io.Writer, filteredPolicyMap *slicemu // TODO Use only for Warning messages, do not emit in output table if len(keyNames) == 0 { fmt.Fprintf(writer, "%s\n", MSG_OUTPUT_NO_POLICIES_FOUND) - return fmt.Errorf(MSG_OUTPUT_NO_POLICIES_FOUND) + return errors.New(MSG_OUTPUT_NO_POLICIES_FOUND) } // Sort entries by family name diff --git a/cmd/license_policy_test.go b/cmd/license_policy_test.go index efd9a19..80c2d1d 100644 --- a/cmd/license_policy_test.go +++ b/cmd/license_policy_test.go @@ -145,7 +145,7 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) { // Set the policy file to the reduced, 3-entry policy file used to test the 3 policy states testPolicyConfig, err := LoadCustomPolicyFile(POLICY_FILE_GOOD_BAD_MAYBE) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } // 1. schema.POLICY_DENY AND schema.POLICY_ALLOW @@ -153,7 +153,7 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) { EXPECTED_USAGE_POLICY := schema.POLICY_DENY parsedExpression, err := schema.ParseExpression(testPolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } resolvedPolicy := parsedExpression.CompoundUsagePolicy if resolvedPolicy != EXPECTED_USAGE_POLICY { @@ -165,7 +165,7 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) { EXPECTED_USAGE_POLICY = schema.POLICY_DENY parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } resolvedPolicy = parsedExpression.CompoundUsagePolicy if resolvedPolicy != EXPECTED_USAGE_POLICY { @@ -177,7 +177,7 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) { EXPECTED_USAGE_POLICY = schema.POLICY_DENY parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } resolvedPolicy = parsedExpression.CompoundUsagePolicy if resolvedPolicy != EXPECTED_USAGE_POLICY { @@ -189,7 +189,7 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) { EXPECTED_USAGE_POLICY = schema.POLICY_NEEDS_REVIEW parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } resolvedPolicy = parsedExpression.CompoundUsagePolicy if resolvedPolicy != EXPECTED_USAGE_POLICY { @@ -201,7 +201,7 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) { EXPECTED_USAGE_POLICY = schema.POLICY_NEEDS_REVIEW parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } resolvedPolicy = parsedExpression.CompoundUsagePolicy if resolvedPolicy != EXPECTED_USAGE_POLICY { @@ -213,7 +213,7 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) { EXPECTED_USAGE_POLICY = schema.POLICY_ALLOW parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } resolvedPolicy = parsedExpression.CompoundUsagePolicy if resolvedPolicy != EXPECTED_USAGE_POLICY { @@ -235,7 +235,7 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) { // Set the policy file to the reduced, 3-entry policy file used to test the 3 policy states testPolicyConfig, err := LoadCustomPolicyFile(POLICY_FILE_GOOD_BAD_MAYBE) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } // 1. schema.POLICY_ALLOW OR schema.POLICY_DENY @@ -243,7 +243,7 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) { EXPECTED_USAGE_POLICY := schema.POLICY_ALLOW parsedExpression, err := schema.ParseExpression(testPolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } resolvedPolicy := parsedExpression.CompoundUsagePolicy if resolvedPolicy != EXPECTED_USAGE_POLICY { @@ -255,7 +255,7 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) { EXPECTED_USAGE_POLICY = schema.POLICY_ALLOW parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } resolvedPolicy = parsedExpression.CompoundUsagePolicy if resolvedPolicy != EXPECTED_USAGE_POLICY { @@ -267,7 +267,7 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) { EXPECTED_USAGE_POLICY = schema.POLICY_ALLOW parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } resolvedPolicy = parsedExpression.CompoundUsagePolicy if resolvedPolicy != EXPECTED_USAGE_POLICY { @@ -279,7 +279,7 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) { EXPECTED_USAGE_POLICY = schema.POLICY_NEEDS_REVIEW parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } resolvedPolicy = parsedExpression.CompoundUsagePolicy if resolvedPolicy != EXPECTED_USAGE_POLICY { @@ -291,7 +291,7 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) { EXPECTED_USAGE_POLICY = schema.POLICY_NEEDS_REVIEW parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } resolvedPolicy = parsedExpression.CompoundUsagePolicy if resolvedPolicy != EXPECTED_USAGE_POLICY { @@ -303,7 +303,7 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) { EXPECTED_USAGE_POLICY = schema.POLICY_DENY parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } resolvedPolicy = parsedExpression.CompoundUsagePolicy if resolvedPolicy != EXPECTED_USAGE_POLICY { @@ -323,7 +323,7 @@ func TestLicensePolicyFamilyUsagePolicyConflict(t *testing.T) { // Note: the conflict is only encountered on the "hash"; load only loads what policies are defined in the config. if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } } @@ -334,7 +334,7 @@ func TestLicensePolicyCustomListGoodBadMaybe(t *testing.T) { outputBuffer, err := innerTestLicensePolicyList(t, lti) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) return } @@ -695,7 +695,7 @@ func TestLicensePolicyMatchByExpFailureInvalidRightExp(t *testing.T) { expressionTree, err := schema.ParseExpression(LicensePolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } getLogger().Tracef("Parsed expression:\n%v", expressionTree) @@ -716,7 +716,7 @@ func TestLicensePolicyMatchByExpFailureInvalidLeftExp(t *testing.T) { expressionTree, err := schema.ParseExpression(LicensePolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } getLogger().Tracef("Parsed expression:\n%v", expressionTree) @@ -737,7 +737,7 @@ func TestLicensePolicyExpressionBSD3OrMIT(t *testing.T) { expressionTree, err := schema.ParseExpression(LicensePolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } getLogger().Tracef("Parsed expression:\n%v", expressionTree) @@ -759,7 +759,7 @@ func TestLicensePolicyExpressionMultipleConjunctions(t *testing.T) { expressionTree, err := schema.ParseExpression(LicensePolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } getLogger().Tracef("Parsed expression:\n%v", expressionTree) @@ -777,7 +777,7 @@ func TestLicensePolicyExpressionMultipleConjunctions(t *testing.T) { expressionTree, err = schema.ParseExpression(LicensePolicyConfig, EXP) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } getLogger().Tracef("Parsed expression:\n%v", expressionTree) diff --git a/cmd/patch.go b/cmd/patch.go index cf6c33f..85f6368 100644 --- a/cmd/patch.go +++ b/cmd/patch.go @@ -19,6 +19,7 @@ package cmd import ( + "errors" "fmt" "io" "os" @@ -260,14 +261,14 @@ func processPatchRecords(bomDocument *schema.BOM, patchDocument *IETF6902Documen // which does not make sense... if record.Path == "" { // TODO: make this a declared error type that can be tested - return fmt.Errorf("invalid IETF RFC 6902 patch operation. \"path\" is empty") + return errors.New("invalid IETF RFC 6902 patch operation. \"path\" is empty") } var keys []string jsonMap := bomDocument.GetJSONMap() if jsonMap == nil { - return fmt.Errorf("invalid json document (nil)") + return errors.New("invalid json document (nil)") } if keys, err = parseMapKeysFromPath(record.Path); err != nil { @@ -276,14 +277,14 @@ func processPatchRecords(bomDocument *schema.BOM, patchDocument *IETF6902Documen lengthKeys := len(keys) if lengthKeys == 0 { - return fmt.Errorf("invalid document path (nil)") + return errors.New("invalid document path (nil)") } switch record.Operation { case IETF_RFC6902_OP_ADD: if record.Value == nil { // TODO: make this a declared error type that can be tested - return fmt.Errorf("invalid IETF RFC 6902 patch operation. \"value\" missing") + return errors.New("invalid IETF RFC 6902 patch operation. \"value\" missing") } if err = addOrReplaceValue(jsonMap, keys, record.Value, false); err != nil { return @@ -293,7 +294,7 @@ func processPatchRecords(bomDocument *schema.BOM, patchDocument *IETF6902Documen // the target "key" MUST exist... if record.Value == nil { // TODO: make this a declared error type that can be tested - return fmt.Errorf("invalid IETF RFC 6902 patch operation. \"value\" missing") + return errors.New("invalid IETF RFC 6902 patch operation. \"value\" missing") } if err = addOrReplaceValue(jsonMap, keys, record.Value, true); err != nil { return @@ -335,7 +336,7 @@ func processPatchRecords(bomDocument *schema.BOM, patchDocument *IETF6902Documen func parseMapKeysFromPath(path string) (keys []string, err error) { // first char SHOULD be a forward slash, if not error if path == "" || path[0] != '/' { - err = fmt.Errorf("invalid path. Path must begin with forward slash") + err = errors.New("invalid path. Path must begin with forward slash") return } // parse out paths ignoring leading forward slash character @@ -406,7 +407,7 @@ func testValue(parentMap map[string]interface{}, keys []string, value interface{ switch lengthKeys { case 0: - err = fmt.Errorf("invalid map key (nil)") + err = errors.New("invalid map key (nil)") return case 1: // special case of adding new key/value to document root nextNode = parentMap @@ -438,7 +439,7 @@ func testValue(parentMap map[string]interface{}, keys []string, value interface{ case []interface{}: if lengthKeys != 2 { // TODO: create a formal error type for this - err = fmt.Errorf("invalid path. IETF RFC 6901 does not permit paths after array indices") + err = errors.New("invalid path. IETF RFC 6901 does not permit paths after array indices") return } var arrayIndex int @@ -516,7 +517,7 @@ func removeValue(parentMap map[string]interface{}, keys []string, value interfac switch lengthKeys { case 0: - return fmt.Errorf("invalid map key (nil)") + return errors.New("invalid map key (nil)") case 1: // special case of adding new key/value to document root nextNode = parentMap default: // adding keys/values along document path @@ -542,7 +543,7 @@ func removeValue(parentMap map[string]interface{}, keys []string, value interfac } case []interface{}: if lengthKeys != 2 { - err = fmt.Errorf("invalid path. IETF RFC 6901 does not permit paths after array indices") + err = errors.New("invalid path. IETF RFC 6901 does not permit paths after array indices") return } @@ -595,7 +596,7 @@ func addOrReplaceValue(parentMap map[string]interface{}, keys []string, value in switch lengthKeys { case 0: - return fmt.Errorf("invalid map key (nil)") + return errors.New("invalid map key (nil)") case 1: // special case of adding new key/value to document root nextNode = parentMap default: // adding keys/values along document path @@ -619,14 +620,14 @@ func addOrReplaceValue(parentMap map[string]interface{}, keys []string, value in // to the next node's map with the provided value currentKey := keys[lengthKeys-1] if _, exists := typedNode[currentKey]; !exists && replace { - err = fmt.Errorf(ERR_PATCH_REPLACE_PATH_EXISTS) + err = errors.New(ERR_PATCH_REPLACE_PATH_EXISTS) return } typedNode[currentKey] = value } case []interface{}: if lengthKeys != 2 { - err = fmt.Errorf("invalid path. IETF RFC 6901 does not permit paths after array indices") + err = errors.New("invalid path. IETF RFC 6901 does not permit paths after array indices") return } diff --git a/cmd/query.go b/cmd/query.go index 6b71cb5..ad32d37 100644 --- a/cmd/query.go +++ b/cmd/query.go @@ -21,6 +21,7 @@ package cmd import ( "bytes" "encoding/gob" + "errors" "fmt" "io" "strconv" @@ -188,18 +189,18 @@ func Query(writer io.Writer, request *common.QueryRequest, response *common.Quer // Assure we have a map to dereference if document.GetJSONMap() == nil { - err = fmt.Errorf(ERR_TYPE_INVALID_JSON_MAP) + err = errors.New(ERR_TYPE_INVALID_JSON_MAP) return } // Validate we have query request/response structs if request == nil { - err = fmt.Errorf(common.MSG_QUERY_INVALID_REQUEST) + err = errors.New(common.MSG_QUERY_INVALID_REQUEST) return } if response == nil { - err = fmt.Errorf(common.MSG_QUERY_INVALID_RESPONSE) + err = errors.New(common.MSG_QUERY_INVALID_RESPONSE) return } diff --git a/cmd/resource.go b/cmd/resource.go index 9bbf440..c3f71ba 100644 --- a/cmd/resource.go +++ b/cmd/resource.go @@ -20,6 +20,7 @@ package cmd import ( "encoding/csv" + "errors" "fmt" "io" "sort" @@ -347,7 +348,7 @@ func DisplayResourceListCSV(bom *schema.BOM, writer io.Writer) (err error) { // unable to emit an error message into output stream return getLogger().Errorf("error writing to output (%v): %s", currentRow, err) } - return fmt.Errorf(currentRow[0]) + return errors.New(MSG_OUTPUT_NO_RESOURCES_FOUND) } // Sort resources prior to outputting @@ -392,7 +393,7 @@ func DisplayResourceListMarkdown(bom *schema.BOM, writer io.Writer) (err error) // Emit no resource found warning into output if len(entries) == 0 { fmt.Fprintf(writer, "%s\n", MSG_OUTPUT_NO_RESOURCES_FOUND) - return fmt.Errorf(MSG_OUTPUT_NO_RESOURCES_FOUND) + return errors.New(MSG_OUTPUT_NO_RESOURCES_FOUND) } // Sort resources prior to outputting diff --git a/cmd/schema.go b/cmd/schema.go index 9ef9c43..8a7d815 100644 --- a/cmd/schema.go +++ b/cmd/schema.go @@ -20,6 +20,7 @@ package cmd import ( "encoding/csv" + "errors" "fmt" "io" "sort" @@ -286,7 +287,7 @@ func DisplaySchemasMarkdown(writer io.Writer, filteredSchemas []schema.FormatSch // Emit no schemas found warning into output if len(filteredSchemas) == 0 { fmt.Fprintf(writer, "%s\n", MSG_OUTPUT_NO_SCHEMAS_FOUND) - return fmt.Errorf(MSG_OUTPUT_NO_SCHEMAS_FOUND) + return errors.New(MSG_OUTPUT_NO_SCHEMAS_FOUND) } // Sort by Format, Version, Variant @@ -334,7 +335,7 @@ func DisplaySchemasCSV(writer io.Writer, filteredSchemas []schema.FormatSchemaIn if err = w.Write(currentRow); err != nil { return getLogger().Errorf("error writing to output (%v): %s", currentRow, err) } - return fmt.Errorf(currentRow[0]) + return errors.New(MSG_OUTPUT_NO_SCHEMAS_FOUND) } // Sort by Format, Version, Variant diff --git a/cmd/vulnerability.go b/cmd/vulnerability.go index b00a8e8..d26ebc8 100644 --- a/cmd/vulnerability.go +++ b/cmd/vulnerability.go @@ -20,6 +20,7 @@ package cmd import ( "encoding/csv" + "errors" "fmt" "io" "sort" @@ -385,7 +386,7 @@ func DisplayVulnListMarkdown(bom *schema.BOM, writer io.Writer, flags utils.Vuln // Emit no vuln. found warning into output if len(entries) == 0 { fmt.Fprintf(writer, "%s\n", MSG_OUTPUT_NO_VULNERABILITIES_FOUND) - return fmt.Errorf(MSG_OUTPUT_NO_VULNERABILITIES_FOUND) + return errors.New(MSG_OUTPUT_NO_VULNERABILITIES_FOUND) } // Sort vulnerabilities prior to outputting diff --git a/go.mod b/go.mod index 41d1032..be30898 100644 --- a/go.mod +++ b/go.mod @@ -16,6 +16,7 @@ require ( ) require ( + github.com/BurntSushi/toml v1.2.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/kr/text v0.2.0 // indirect @@ -26,7 +27,11 @@ require ( github.com/spf13/pflag v1.0.5 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect + golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a // indirect + golang.org/x/mod v0.13.0 // indirect golang.org/x/sys v0.13.0 // indirect + golang.org/x/tools v0.14.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + honnef.co/go/tools v0.4.4 // indirect ) diff --git a/go.sum b/go.sum index 887ad51..f4e6f2e 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= +github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -61,12 +63,18 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= +golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a h1:Jw5wfR+h9mnIYH+OtGT2im5wV1YGGDora5vTv/aa5bE= +golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= +golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= +golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= +golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= +golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -77,3 +85,5 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.4.4 h1:0qdLQGd+M60AF8kdZavf1pzNTlnY2QQCiLehPGkJ5MQ= +honnef.co/go/tools v0.4.4/go.mod h1:GUV+uIBCLpdf0/v6UhHHG/yzI/z6qPskBeQCjcNB96k= diff --git a/schema/bom_hash.go b/schema/bom_hash.go index 3edfa09..d95c882 100644 --- a/schema/bom_hash.go +++ b/schema/bom_hash.go @@ -421,7 +421,7 @@ func (bom *BOM) HashmapVulnerability(cdxVulnerability CDXVulnerability, whereFil // defer to same source as the top-level vuln. declares fSeverity := fmt.Sprintf("%s: %v (%s)", rating.Method, rating.Score, rating.Severity) // give listing priority to ratings that matches top-level vuln. reporting source - if rating.Source.Name == cdxVulnerability.Source.Name { + if rating.Source != nil && rating.Source.Name == cdxVulnerability.Source.Name { // prepend to slice vulnInfo.CvssSeverity = append([]string{fSeverity}, vulnInfo.CvssSeverity...) continue