+govulncheck - Go vulnerability checker (#3805)

* +govulncheck - Go vulnerability checker

* add test

---------

Co-authored-by: Jacob Heider <jacob@pkgx.dev>
This commit is contained in:
Kevin Chen 2023-10-24 18:30:23 -04:00 committed by GitHub
parent 9f2d4662d2
commit 618e2a22af
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -0,0 +1,63 @@
distributable:
url: https://github.com/golang/vuln/archive/refs/tags/v{{version}}.tar.gz
strip-components: 1
versions:
github: golang/vuln/tags
provides:
- bin/govulncheck
build:
dependencies:
go.dev: ^1.19
script: |
go mod download
mkdir -p "{{ prefix }}"/bin
go build -v -trimpath -ldflags="$LDFLAGS" -o $BUILDLOC ./cmd/govulncheck
env:
GOPROXY: https://proxy.golang.org,direct
GOSUMDB: sum.golang.org
GO111MODULE: on
CGO_ENABLED: 0
BUILDLOC: '{{prefix}}/bin/govulncheck'
LDFLAGS:
- -s
- -w
linux:
# or segmentation fault
# fix found here https://github.com/docker-library/golang/issues/402#issuecomment-982204575
LDFLAGS:
- -buildmode=pie
test:
fixture: |
package main
import (
"fmt"
"os"
"golang.org/x/text/language"
)
func main() {
for _, arg := range os.Args[1:] {
tag, err := language.Parse(arg)
if err != nil {
fmt.Printf("%s: error: %v\n", arg, err)
} else if tag == language.Und {
fmt.Printf("%s: undefined\n", arg)
} else {
fmt.Printf("%s: tag %s\n", arg, tag)
}
}
}
dependencies:
go.dev: ^1.19
script:
- go mod init vuln.tutorial
- cp $FIXTURE main.go
- go mod tidy
- go get golang.org/x/text@v0.3.5
- (govulncheck ./... 2>&1 || true) | grep GO-2021-0113