From 723e3262c29ad8bea974f3fe584c7d88015e6ce3 Mon Sep 17 00:00:00 2001 From: Andrew Pollock Date: Mon, 7 Aug 2023 15:45:26 +1000 Subject: [PATCH] combine-to-osv expects an array of PackageInfo not a single struct (#1534) Emit an array so it doesn't crash on the non-array input --- vulnfeeds/cpp/main.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/vulnfeeds/cpp/main.go b/vulnfeeds/cpp/main.go index 06485ec0ff1..c2d3ba6d29f 100644 --- a/vulnfeeds/cpp/main.go +++ b/vulnfeeds/cpp/main.go @@ -296,7 +296,9 @@ func CVEToPackageInfo(CVE cves.CVEItem, repos []string, cache git.RepoTagsCache, return fmt.Errorf("[%s]: No affected commit ranges determined for %q", CVEID, CPE.Product) } + var pkgInfos []vulns.PackageInfo pi := vulns.PackageInfo{VersionInfo: versions} + pkgInfos = append(pkgInfos, pi) // combine-to-osv expects a serialised *array* of PackageInfo vulnDir := filepath.Join(directory, CPE.Vendor, CPE.Product) err = os.MkdirAll(vulnDir, 0755) @@ -314,11 +316,13 @@ func CVEToPackageInfo(CVE cves.CVEItem, repos []string, cache git.RepoTagsCache, } defer f.Close() - err = pi.ToJSON(f) + encoder := json.NewEncoder(f) + encoder.SetIndent("", " ") + err = encoder.Encode(&pkgInfos) if err != nil { - Logger.Warnf("Failed to write %s: %v", outputFile, err) - return fmt.Errorf("failed to write %s: %v", outputFile, err) + Logger.Warnf("Failed to encode PackageInfo to %s: %v", outputFile, err) + return fmt.Errorf("failed to encode PackageInfo to %s: %v", outputFile, err) } Logger.Infof("[%s]: Generated PackageInfo record from for %q", CVEID, CPE.Product)