chore: backport juju#18525

manadart · Dec 10, 2024 · ea15fc0 · ea15fc0
1 parent 690aab0
commit ea15fc0
Showing 1 changed file with 26 additions and 1 deletion.
diff --git a/tests/suites/static_analysis/lint_go.sh b/tests/suites/static_analysis/lint_go.sh
@@ -42,8 +42,33 @@ run_go_tidy() {
 	fi
 }
 
+join() {
+	local IFS="$1"
+	shift
+	echo "$*"
+}
+
 run_govulncheck() {
-	govulncheck "github.com/juju/juju/..."
+	ignore=(
+		# false positive vulnerability in github.com/canonical/lxd. This is resolved in lxd-5.21.2.
+		# Anyway, it does not affect as we only use client-side lxc code, but the vulnerability is
+		# server-side.
+		# https://pkg.go.dev/vuln/GO-2024-3312
+		# https://pkg.go.dev/vuln/GO-2024-3313
+		"GO-2024-3312"
+		"GO-2024-3313"
+	)
+	ignoreMatcher=$(join "|" "${ignore[@]}")
+
+	echo "Ignoring vulnerabilities: ${ignoreMatcher}"
+
+	allVulns=$(govulncheck -format openvex "github.com/juju/juju/...")
+	filteredVulns=$(echo ${allVulns} | jq -r '.statements[] | select(.status == "affected") | .vulnerability.name' | grep -vE "${ignoreMatcher}")
+
+	if [[ -n ${filteredVulns} ]]; then
+		(echo >&2 -e "\\nError: govulncheck has issues:\\n\\n${filteredVulns}")
+		exit 1
+	fi
 }
 
 test_static_analysis_go() {