internal/scan: disallow package input in mod level

Maceo Thompson · Maceo Thompson · commit 25985ceb20a5 · 2023-11-28T21:12:38.000Z
Throws an error when the user attempts to input a package path when running govulncheck with -scan=module. Change-Id: I97c6dd32c027a42e1bd4b3edd8e1bea90b447888 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/544595 Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/cmd/govulncheck/testdata/testfiles/failures/source_fail.ct b/cmd/govulncheck/testdata/testfiles/failures/source_fail.ct
@@ -28,3 +28,8 @@ There are errors with the provided package patterns:
 -: package foo is not in GOROOT (/tmp/foo)
 
 For details on package patterns, see https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns.
+
+#####
+# Test of handing a package pattern to scan level module
+$ govulncheck -scan module -C ${moddir}/vuln pattern --> FAIL 2
+patterns are not accepted for module only scanning
diff --git a/internal/scan/flags.go b/internal/scan/flags.go
@@ -107,6 +107,9 @@ func validateConfig(cfg *config) error {
 		if len(cfg.patterns) == 1 && isFile(cfg.patterns[0]) {
 			return fmt.Errorf("%q is a file.\n\n%v", cfg.patterns[0], errNoBinaryFlag)
 		}
+		if cfg.ScanLevel == govulncheck.ScanLevelModule && len(cfg.patterns) != 0 {
+			return fmt.Errorf("patterns are not accepted for module only scanning")
+		}
 	case modeBinary:
 		if cfg.test {
 			return fmt.Errorf("the -test flag is not supported in binary mode")
