internal/vulncheck: consider main module when checking bin vulns

Tests will come later. Change-Id: I82b478dc2f7613b65308807475a7f0cd43681937 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/598675 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Maceo Thompson <[email protected]>
golang · Jul 18, 2024 · 201ff88 · 201ff88
1 parent 0a7cb13
commit 201ff88
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 2 deletions.
diff --git a/cmd/govulncheck/testdata/common/testfiles/extract/vuln.blob b/cmd/govulncheck/testdata/common/testfiles/extract/vuln.blob
diff --git a/internal/scan/binary.go b/internal/scan/binary.go
@@ -11,6 +11,7 @@ import (
 	"os"
 	"runtime/debug"
 
+	"golang.org/x/tools/go/packages"
 	"golang.org/x/vuln/internal/buildinfo"
 	"golang.org/x/vuln/internal/client"
 	"golang.org/x/vuln/internal/derrors"
@@ -41,7 +42,17 @@ func createBin(path string) (*vulncheck.Bin, error) {
 	// TODO(#64716): use fingerprinting to make this precise, clean, and fast.
 	mods, packageSymbols, bi, err := buildinfo.ExtractPackagesAndSymbols(path)
 	if err == nil {
+		var main *packages.Module
+		if bi.Main.Path != "" {
+			main = &packages.Module{
+				Path:    bi.Main.Path,
+				Version: bi.Main.Version,
+			}
+		}
+
 		return &vulncheck.Bin{
+			Path:       bi.Path,
+			Main:       main,
 			Modules:    mods,
 			PkgSymbols: packageSymbols,
 			GoVersion:  bi.GoVersion,

diff --git a/internal/vulncheck/binary.go b/internal/vulncheck/binary.go
@@ -19,6 +19,10 @@ import (
 // Bin is an abstraction of Go binary containing
 // minimal information needed by govulncheck.
 type Bin struct {
+	// Path of the main package.
+	Path string `json:"path,omitempty"`
+	// Main module. When present, it never has empty information.
+	Main       *packages.Module   `json:"main,omitempty"`
 	Modules    []*packages.Module `json:"modules,omitempty"`
 	PkgSymbols []buildinfo.Symbol `json:"pkgSymbols,omitempty"`
 	GoVersion  string             `json:"goVersion,omitempty"`
@@ -44,8 +48,11 @@ func Binary(ctx context.Context, handler govulncheck.Handler, bin *Bin, cfg *gov
 // info in Result will be empty.
 func binary(ctx context.Context, handler govulncheck.Handler, bin *Bin, cfg *govulncheck.Config, client *client.Client) (*Result, error) {
 	graph := NewPackageGraph(bin.GoVersion)
-	graph.AddModules(bin.Modules...)
 	mods := append(bin.Modules, graph.GetModule(internal.GoStdModulePath))
+	if bin.Main != nil {
+		mods = append(mods, bin.Main)
+	}
+	graph.AddModules(mods...)
 
 	if err := handler.Progress(&govulncheck.Progress{Message: fetchingVulnsMessage}); err != nil {
 		return nil, err