cmd/vulnreport: remove unneccessary logic from fix

Remove logic to add/fix the Go ID and add TODOs for skip_fix, which are
no longer needed. (They existed as part of a transition to adding new
fields to the YAML).

Change-Id: I9e3e9f709d0d3a110e1dca08a332b624101001ed
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/500495
Run-TryBot: Tatiana Bradley <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
Auto-Submit: Tatiana Bradley <[email protected]>

Author: tatianab

cmd/vulnreport/main.go

@@ -715,10 +715,6 @@ func fix(ctx context.Context, filename string, ghsaClient *ghsa.Client) (err err
 	if err != nil {
 		return err
 	}
-	// Add/fix the Go ID if needed.
-	if goID := report.GoID(filename); goID != r.ID {
-		r.ID = goID
-	}
 	if err := r.CheckFilename(filename); err != nil {
 		return err
 	}
@@ -729,9 +725,6 @@ func fix(ctx context.Context, filename string, ghsaClient *ghsa.Client) (err err
 		warnlog.Printf("%s still has lint errors after fix:\n\t- %s", filename, strings.Join(lints, "\n\t- "))
 	}
 
-	// Adds a todo for a human. Currently outside of the scope of r.Fix()
-	addSkipFixTodos(r)
-
 	if !*skipSymbols {
 		if err := checkReportSymbols(r); err != nil {
 			return err
@@ -763,23 +756,6 @@ func fix(ctx context.Context, filename string, ghsaClient *ghsa.Client) (err err
 	return nil
 }
 
-// addSkipFixTodos adds a todo SkipFix to every package in an
-// unexcluded module that does not give a VulnerableAt.
-func addSkipFixTodos(r *report.Report) {
-	if r.Excluded != "" {
-		return
-	}
-	for _, m := range r.Modules {
-		if m.VulnerableAt == "" {
-			for _, p := range m.Packages {
-				if p.SkipFix == "" {
-					p.SkipFix = todo + " [or set vulnerable_at to derive symbols]"
-				}
-			}
-		}
-	}
-}
-
 func checkReportSymbols(r *report.Report) error {
 	if r.IsExcluded() {
 		infolog.Printf("%s is excluded, skipping symbol checks\n", r.ID)