internal/report: add lint check to for summary capital letter

Adds a lint check to ensure that report summaries begin with a capital letter, and updates testdata for GHSA-to-report accordingly. Change-Id: I26446c1171439f29e711e8be58b4f501d7182f26 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/542360 Reviewed-by: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
golang · Nov 17, 2023 · 64aa884 · 64aa884
1 parent 914ef23
commit 64aa884
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 2 deletions.
diff --git a/internal/genericosv/testdata/yaml/GHSA-33m6-q9v5-62r7.yaml b/internal/genericosv/testdata/yaml/GHSA-33m6-q9v5-62r7.yaml
@@ -58,3 +58,4 @@ notes:
     - lint: 'github.com/apptainer/sif: 2 versions do not exist: 1.2.1-0.20180103161547-0ef6afb2f6cd, 1.2.1-0.20180404165556-75cca531ea76'
     - lint: 'github.com/satori/go.uuid: vulnerable_at version 1.2.0 is not inside vulnerable range'
     - lint: references should contain at most one advisory link
+    - lint: summary should begin with a capital letter
diff --git a/internal/genericosv/testdata/yaml/GHSA-54q4-74p3-mgcw.yaml b/internal/genericosv/testdata/yaml/GHSA-54q4-74p3-mgcw.yaml
@@ -20,3 +20,4 @@ references:
 notes:
     - lint: 'github.com/zhaojh329/rttys: version 4.0.0 does not exist'
     - lint: 'github.com/zhaojh329/rttys: version issue: 1 unsupported version(s)'
+    - lint: summary should begin with a capital letter
diff --git a/internal/genericosv/testdata/yaml/GHSA-fv82-r8qv-ch4v.yaml b/internal/genericosv/testdata/yaml/GHSA-fv82-r8qv-ch4v.yaml
@@ -37,3 +37,4 @@ references:
     - fix: https://github.com/pomerium/pomerium/pull/2048
 notes:
     - lint: references should contain at most one advisory link
+    - lint: summary should begin with a capital letter
diff --git a/internal/genericosv/testdata/yaml/GHSA-hv53-vf5m-8q94.yaml b/internal/genericosv/testdata/yaml/GHSA-hv53-vf5m-8q94.yaml
@@ -54,3 +54,4 @@ references:
     - web: https://pkg.go.dev/github.com/personnummer/go
 notes:
     - lint: 'github.com/personnummer/go: version 3.0.1 does not exist'
+    - lint: summary should begin with a capital letter
diff --git a/internal/report/lint.go b/internal/report/lint.go
@@ -11,6 +11,7 @@ import (
 	"path/filepath"
 	"regexp"
 	"strings"
+	"unicode"
 
 	"golang.org/x/exp/slices"
 	"golang.org/x/mod/module"
@@ -303,6 +304,10 @@ func (s *Summary) lint(addIssue func(string), r *Report) {
 	if !r.IsExcluded() && len(summary) == 0 {
 		addIssue("missing summary")
 	}
+	// Nothing to lint.
+	if len(summary) == 0 {
+		return
+	}
 	if strings.HasPrefix(summary, "TODO") {
 		addIssue("summary contains a TODO")
 	}
@@ -312,6 +317,14 @@ func (s *Summary) lint(addIssue func(string), r *Report) {
 	if strings.HasSuffix(summary, ".") {
 		addIssue("summary should not end in a period (should be a phrase, not a sentence)")
 	}
+	for i, r := range summary {
+		if i != 0 {
+			break
+		}
+		if !unicode.IsUpper(r) {
+			addIssue("summary should begin with a capital letter")
+		}
+	}
 }
 
 func (r *Report) IsExcluded() bool {

diff --git a/internal/report/lint_test.go b/internal/report/lint_test.go
@@ -41,7 +41,7 @@ func validReport(f func(r *Report)) Report {
 			}},
 		}},
 		Description: "description",
-		Summary:     "a summary",
+		Summary:     "A summary",
 		CVEs:        []string{"CVE-1234-0000"},
 	}
 	f(&r)
@@ -59,7 +59,7 @@ func validStdReport(f func(r *Report)) Report {
 			}},
 		}},
 		Description: "description",
-		Summary:     "a summary",
+		Summary:     "A summary",
 		References:  validStdLibReferences,
 	}
 	f(&r)