From 42135b8d27b9e4f37041cf251e8cc87678d617b6 Mon Sep 17 00:00:00 2001
From: Josh Dolitsky <josh@dolit.ski>
Date: Thu, 25 Jul 2024 09:26:21 -0500
Subject: [PATCH] DNM: cga check

Signed-off-by: Josh Dolitsky <josh@dolit.ski>
---
 pkg/advisory/request.go | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/pkg/advisory/request.go b/pkg/advisory/request.go
index bb3fa3b5..aef339cc 100644
--- a/pkg/advisory/request.go
+++ b/pkg/advisory/request.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"slices"
+	"strings"
 
 	"github.com/samber/lo"
 
@@ -26,20 +27,23 @@ func (req Request) Validate() error {
 		return errors.New("package cannot be empty")
 	}
 
-	if len(req.Aliases) == 0 {
+	aliases := req.Aliases
+	if id := req.VulnerabilityID; id != "" {
+		if strings.HasPrefix(id, "CGA-") {
+			return errors.New("vulnerability should be empty (or not start with CGA)")
+		}
+		aliases = append(aliases, id)
+	}
+	if len(aliases) == 0 {
 		return errors.New("aliases should have at least one vulnerability ID")
 	}
 
-	if err := errors.Join(lo.Map(req.Aliases, func(alias string, _ int) error {
+	if err := errors.Join(lo.Map(aliases, func(alias string, _ int) error {
 		return vuln.ValidateID(alias)
 	})...); err != nil {
 		return err
 	}
 
-	if req.VulnerabilityID != "" {
-		return errors.New("vulnerability should be empty")
-	}
-
 	if req.Event.IsZero() {
 		return errors.New("event cannot be zero")
 	}