diff --git a/internal/genericosv/testdata/yaml/GHSA-33m6-q9v5-62r7.yaml b/internal/genericosv/testdata/yaml/GHSA-33m6-q9v5-62r7.yaml index 75984649..fc27b370 100644 --- a/internal/genericosv/testdata/yaml/GHSA-33m6-q9v5-62r7.yaml +++ b/internal/genericosv/testdata/yaml/GHSA-33m6-q9v5-62r7.yaml @@ -58,3 +58,4 @@ notes: - lint: 'github.com/apptainer/sif: 2 versions do not exist: 1.2.1-0.20180103161547-0ef6afb2f6cd, 1.2.1-0.20180404165556-75cca531ea76' - lint: 'github.com/satori/go.uuid: vulnerable_at version 1.2.0 is not inside vulnerable range' - lint: references should contain at most one advisory link + - lint: summary should begin with a capital letter diff --git a/internal/genericosv/testdata/yaml/GHSA-54q4-74p3-mgcw.yaml b/internal/genericosv/testdata/yaml/GHSA-54q4-74p3-mgcw.yaml index 00bacfa3..5f930ccd 100644 --- a/internal/genericosv/testdata/yaml/GHSA-54q4-74p3-mgcw.yaml +++ b/internal/genericosv/testdata/yaml/GHSA-54q4-74p3-mgcw.yaml @@ -20,3 +20,4 @@ references: notes: - lint: 'github.com/zhaojh329/rttys: version 4.0.0 does not exist' - lint: 'github.com/zhaojh329/rttys: version issue: 1 unsupported version(s)' + - lint: summary should begin with a capital letter diff --git a/internal/genericosv/testdata/yaml/GHSA-fv82-r8qv-ch4v.yaml b/internal/genericosv/testdata/yaml/GHSA-fv82-r8qv-ch4v.yaml index 04541fbd..71ee785a 100644 --- a/internal/genericosv/testdata/yaml/GHSA-fv82-r8qv-ch4v.yaml +++ b/internal/genericosv/testdata/yaml/GHSA-fv82-r8qv-ch4v.yaml @@ -37,3 +37,4 @@ references: - fix: https://github.com/pomerium/pomerium/pull/2048 notes: - lint: references should contain at most one advisory link + - lint: summary should begin with a capital letter diff --git a/internal/genericosv/testdata/yaml/GHSA-hv53-vf5m-8q94.yaml b/internal/genericosv/testdata/yaml/GHSA-hv53-vf5m-8q94.yaml index c54493dc..46a357c5 100644 --- a/internal/genericosv/testdata/yaml/GHSA-hv53-vf5m-8q94.yaml +++ b/internal/genericosv/testdata/yaml/GHSA-hv53-vf5m-8q94.yaml @@ -54,3 +54,4 @@ references: - web: https://pkg.go.dev/github.com/personnummer/go notes: - lint: 'github.com/personnummer/go: version 3.0.1 does not exist' + - lint: summary should begin with a capital letter diff --git a/internal/report/lint.go b/internal/report/lint.go index 4d196eda..6086bce3 100644 --- a/internal/report/lint.go +++ b/internal/report/lint.go @@ -11,6 +11,7 @@ import ( "path/filepath" "regexp" "strings" + "unicode" "golang.org/x/exp/slices" "golang.org/x/mod/module" @@ -303,6 +304,10 @@ func (s *Summary) lint(addIssue func(string), r *Report) { if !r.IsExcluded() && len(summary) == 0 { addIssue("missing summary") } + // Nothing to lint. + if len(summary) == 0 { + return + } if strings.HasPrefix(summary, "TODO") { addIssue("summary contains a TODO") } @@ -312,6 +317,14 @@ func (s *Summary) lint(addIssue func(string), r *Report) { if strings.HasSuffix(summary, ".") { addIssue("summary should not end in a period (should be a phrase, not a sentence)") } + for i, r := range summary { + if i != 0 { + break + } + if !unicode.IsUpper(r) { + addIssue("summary should begin with a capital letter") + } + } } func (r *Report) IsExcluded() bool { diff --git a/internal/report/lint_test.go b/internal/report/lint_test.go index 88f044a7..81bf77e9 100644 --- a/internal/report/lint_test.go +++ b/internal/report/lint_test.go @@ -41,7 +41,7 @@ func validReport(f func(r *Report)) Report { }}, }}, Description: "description", - Summary: "a summary", + Summary: "A summary", CVEs: []string{"CVE-1234-0000"}, } f(&r) @@ -59,7 +59,7 @@ func validStdReport(f func(r *Report)) Report { }}, }}, Description: "description", - Summary: "a summary", + Summary: "A summary", References: validStdLibReferences, } f(&r)