internal/symbols, cmd/vulnreport: move logic to add symbols to reports

Move the logic (but don't modify it) to populate symbols to its own file in
internal/symbols. Add some basic tests that confirm the current behavior
(which will likely be tweaked in follow up CLs).

Change-Id: I10593154c343adb680733ebd66a4dd97abed2c43
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/560778
Reviewed-by: Maceo Thompson <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>

Author: tatianab

cmd/vulnreport/symbols.go

@@ -6,12 +6,8 @@ package main
 
 import (
 	"context"
-	"fmt"
-	"path/filepath"
-	"strings"
 
 	"golang.org/x/vulndb/cmd/vulnreport/log"
-	"golang.org/x/vulndb/internal/osv"
 	"golang.org/x/vulndb/internal/report"
 	"golang.org/x/vulndb/internal/symbols"
 )
@@ -34,66 +30,10 @@ func (s *symbolsCmd) run(ctx context.Context, filename string) (err error) {
 	if err != nil {
 		return err
 	}
-	var defaultFixes []string
 
-	for _, ref := range r.References {
-		if ref.Type == osv.ReferenceTypeFix {
-			if filepath.Base(filepath.Dir(ref.URL)) == "commit" {
-				defaultFixes = append(defaultFixes, ref.URL)
-			}
-		}
-	}
-	if len(defaultFixes) == 0 {
-		return fmt.Errorf("no commit fix links found")
+	if err = symbols.Populate(r, log.Err); err != nil {
+		return err
 	}
 
-	for _, mod := range r.Modules {
-		hasFixLink := mod.FixLink != ""
-		if hasFixLink {
-			defaultFixes = append(defaultFixes, mod.FixLink)
-		}
-		numFixedSymbols := make([]int, len(defaultFixes))
-		for i, fixLink := range defaultFixes {
-			fixHash := filepath.Base(fixLink)
-			fixRepo := strings.TrimSuffix(fixLink, "/commit/"+fixHash)
-			pkgsToSymbols, err := symbols.Patched(mod.Module, fixRepo, fixHash)
-			if err != nil {
-				log.Err(err)
-				continue
-			}
-			packages := mod.AllPackages()
-			for pkg, symbols := range pkgsToSymbols {
-				if _, exists := packages[pkg]; exists {
-					packages[pkg].Symbols = append(packages[pkg].Symbols, symbols...)
-				} else {
-					mod.Packages = append(mod.Packages, &report.Package{
-						Package: pkg,
-						Symbols: symbols,
-					})
-				}
-				numFixedSymbols[i] += len(symbols)
-			}
-		}
-		// if the module's link field wasn't already populated, populate it with
-		// the link that results in the most symbols
-		if hasFixLink {
-			defaultFixes = defaultFixes[:len(defaultFixes)-1]
-		} else {
-			mod.FixLink = defaultFixes[indexMax(numFixedSymbols)]
-		}
-	}
 	return r.Write(filename)
 }
-
-// indexMax takes a slice of nonempty ints and returns the index of the maximum value
-func indexMax(s []int) (index int) {
-	maxVal := s[0]
-	index = 0
-	for i, val := range s {
-		if val > maxVal {
-			maxVal = val
-			index = i
-		}
-	}
-	return index
-}

internal/symbols/populate.go

@@ -0,0 +1,86 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package symbols
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+
+	"golang.org/x/vulndb/internal/osv"
+	"golang.org/x/vulndb/internal/report"
+)
+
+// Populate attempts to populate the report with symbols derived
+// from the patch link(s) in the report.
+func Populate(r *report.Report, errln logln) error {
+	return populate(r, Patched, errln)
+}
+
+func populate(r *report.Report, patched func(string, string, string) (map[string][]string, error), errln logln) error {
+	var defaultFixes []string
+
+	for _, ref := range r.References {
+		if ref.Type == osv.ReferenceTypeFix {
+			if filepath.Base(filepath.Dir(ref.URL)) == "commit" {
+				defaultFixes = append(defaultFixes, ref.URL)
+			}
+		}
+	}
+	if len(defaultFixes) == 0 {
+		return fmt.Errorf("no commit fix links found")
+	}
+
+	for _, mod := range r.Modules {
+		hasFixLink := mod.FixLink != ""
+		if hasFixLink {
+			defaultFixes = append(defaultFixes, mod.FixLink)
+		}
+		numFixedSymbols := make([]int, len(defaultFixes))
+		for i, fixLink := range defaultFixes {
+			fixHash := filepath.Base(fixLink)
+			fixRepo := strings.TrimSuffix(fixLink, "/commit/"+fixHash)
+			pkgsToSymbols, err := patched(mod.Module, fixRepo, fixHash)
+			if err != nil {
+				errln(err)
+				continue
+			}
+			packages := mod.AllPackages()
+			for pkg, symbols := range pkgsToSymbols {
+				if _, exists := packages[pkg]; exists {
+					packages[pkg].Symbols = append(packages[pkg].Symbols, symbols...)
+				} else {
+					mod.Packages = append(mod.Packages, &report.Package{
+						Package: pkg,
+						Symbols: symbols,
+					})
+				}
+				numFixedSymbols[i] += len(symbols)
+			}
+		}
+		// if the module's link field wasn't already populated, populate it with
+		// the link that results in the most symbols
+		if hasFixLink {
+			defaultFixes = defaultFixes[:len(defaultFixes)-1]
+		} else {
+			mod.FixLink = defaultFixes[indexMax(numFixedSymbols)]
+		}
+	}
+
+	return nil
+}
+
+// indexMax takes a slice of nonempty ints and returns the index of the maximum value
+func indexMax(s []int) (index int) {
+	maxVal := s[0]
+	index = 0
+	for i, val := range s {
+		if val > maxVal {
+			maxVal = val
+			index = i
+		}
+	}
+	return index
+}

internal/symbols/populate_test.go

@@ -0,0 +1,116 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package symbols
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"golang.org/x/vulndb/internal/osv"
+	"golang.org/x/vulndb/internal/report"
+)
+
+func TestPopulate(t *testing.T) {
+	for _, tc := range []struct {
+		name  string
+		input *report.Report
+		want  *report.Report
+	}{
+		{
+			name: "basic",
+			input: &report.Report{
+				Modules: []*report.Module{{
+					Module: "example.com/module",
+				}},
+				References: []*report.Reference{{
+					Type: osv.ReferenceTypeFix,
+					URL:  "https://example.com/module/commit/1234",
+				}},
+			},
+			want: &report.Report{
+				Modules: []*report.Module{{
+					Module: "example.com/module",
+					Packages: []*report.Package{{
+						Package: "example.com/module/package",
+						Symbols: []string{"symbol1", "symbol2"},
+					}},
+					FixLink: "https://example.com/module/commit/1234",
+				}},
+				References: []*report.Reference{
+					{
+						Type: osv.ReferenceTypeFix,
+						URL:  "https://example.com/module/commit/1234",
+					},
+				},
+			},
+		},
+		{
+			name: "multiple_fixes",
+			input: &report.Report{
+				Modules: []*report.Module{{
+					Module: "example.com/module",
+				}},
+				References: []*report.Reference{
+					{
+						Type: osv.ReferenceTypeFix,
+						URL:  "https://example.com/module/commit/1234",
+					},
+					{
+						Type: osv.ReferenceTypeFix,
+						URL:  "https://example.com/module/commit/5678",
+					},
+				},
+			},
+			want: &report.Report{
+				Modules: []*report.Module{{
+					Module: "example.com/module",
+					Packages: []*report.Package{{
+						Package: "example.com/module/package",
+						// We don't yet dedupe the symbols.
+						Symbols: []string{"symbol1", "symbol2", "symbol1", "symbol2", "symbol3"},
+					}},
+					// This commit is picked because it results in the most symbols.
+					FixLink: "https://example.com/module/commit/5678",
+				}},
+				References: []*report.Reference{
+					{
+						Type: osv.ReferenceTypeFix,
+						URL:  "https://example.com/module/commit/1234",
+					},
+					{
+						Type: osv.ReferenceTypeFix,
+						URL:  "https://example.com/module/commit/5678",
+					},
+				},
+			},
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			discardLog := func(...any) {}
+			if err := populate(tc.input, patchedFake, discardLog); err != nil {
+				t.Fatal(err)
+			}
+			got := tc.input
+			if diff := cmp.Diff(tc.want, got); diff != "" {
+				t.Errorf("populate mismatch (-want, +got):\n%s", diff)
+			}
+		})
+	}
+}
+
+func patchedFake(module string, repo string, hash string) (map[string][]string, error) {
+	if module == "example.com/module" && repo == "https://example.com/module" && hash == "1234" {
+		return map[string][]string{
+			"example.com/module/package": {"symbol1", "symbol2"},
+		}, nil
+	}
+	if module == "example.com/module" && repo == "https://example.com/module" && hash == "5678" {
+		return map[string][]string{
+			"example.com/module/package": {"symbol1", "symbol2", "symbol3"},
+		}, nil
+	}
+	return nil, fmt.Errorf("unrecognized inputs: module=%s,repo=%s,hash=%s", module, repo, hash)
+}