From 0230f730092d1a12b7b77d15fb2b5ccaac1d977e Mon Sep 17 00:00:00 2001
From: Naimuddin Shaik <65420264+tonaim@users.noreply.github.com>
Date: Mon, 11 Jul 2022 18:11:13 +0530
Subject: [PATCH] bugfix: handle zero version event (#227)

---
 pkg/vulnsrc/govulndb/govulndb.go      | 3 +++
 pkg/vulnsrc/govulndb/govulndb_test.go | 5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkg/vulnsrc/govulndb/govulndb.go b/pkg/vulnsrc/govulndb/govulndb.go
index 500ac539..a8b9a8f3 100644
--- a/pkg/vulnsrc/govulndb/govulndb.go
+++ b/pkg/vulnsrc/govulndb/govulndb.go
@@ -117,6 +117,9 @@ func (vs VulnSrc) commit(tx *bolt.Tx, item Entry) error {
 				if vulnerable != "" {
 					vulnerableVersions = append(vulnerableVersions, vulnerable)
 				}
+				if event.Introduced == "0" {
+					event.Introduced = "0.0.0-0"
+				}
 				vulnerable = fmt.Sprintf(">=%s", event.Introduced)
 			case event.Fixed != "":
 				// patched versions
diff --git a/pkg/vulnsrc/govulndb/govulndb_test.go b/pkg/vulnsrc/govulndb/govulndb_test.go
index bc4efb4d..8ffc631b 100644
--- a/pkg/vulnsrc/govulndb/govulndb_test.go
+++ b/pkg/vulnsrc/govulndb/govulndb_test.go
@@ -1,9 +1,10 @@
 package govulndb_test
 
 import (
-	"github.com/aquasecurity/trivy-db/pkg/vulnsrctest"
 	"testing"
 
+	"github.com/aquasecurity/trivy-db/pkg/vulnsrctest"
+
 	"github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/govulndb"
 	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
@@ -50,7 +51,7 @@ func TestVulnSrc_Update(t *testing.T) {
 					Key: []string{"advisory-detail", "CVE-2020-26160", "go::The Go Vulnerability Database", "github.com/dgrijalva/jwt-go/v4"},
 					Value: types.Advisory{
 						PatchedVersions:    []string{"4.0.0-preview1"},
-						VulnerableVersions: []string{">=0, <4.0.0-preview1"},
+						VulnerableVersions: []string{">=0.0.0-0, <4.0.0-preview1"},
 					},
 				},
 				{