From f14c655af3a968359cf94d4a21648a5e8c5ea6db Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Tue, 10 Mar 2026 22:41:07 +0000
Subject: [PATCH] fix(vulnfeeds): ignore empty reference URLs in nvd conversion

Update `ClassifyReferences` in `vulnfeeds/vulns/vulns.go` to explicitly skip
references that have a blank/empty URL before categorizing them. This prevents
the output from containing blank reference objects that lack a valid URL.
Also added a test case in `vulns_test.go` to verify this behavior.

Co-authored-by: jess-lowe <86962800+jess-lowe@users.noreply.github.com>
---
 vulnfeeds/vulns/vulns.go      |  4 ++++
 vulnfeeds/vulns/vulns_test.go | 13 +++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/vulnfeeds/vulns/vulns.go b/vulnfeeds/vulns/vulns.go
index 484b8829c0f..d68436a5249 100644
--- a/vulnfeeds/vulns/vulns.go
+++ b/vulnfeeds/vulns/vulns.go
@@ -686,6 +686,10 @@ func ClassifyReferences(refs []models.Reference) []*osvschema.Reference {
 	bestTypes := make(map[string]osvschema.Reference_Type)
 
 	for _, ref := range refs {
+		if ref.URL == "" {
+			continue
+		}
+
 		if len(ref.Tags) > 0 {
 			for _, tag := range ref.Tags {
 				refType := ClassifyReferenceLink(ref.URL, tag)
diff --git a/vulnfeeds/vulns/vulns_test.go b/vulnfeeds/vulns/vulns_test.go
index 9324769a580..b4c6c49ae96 100644
--- a/vulnfeeds/vulns/vulns_test.go
+++ b/vulnfeeds/vulns/vulns_test.go
@@ -139,6 +139,19 @@ func TestClassifyReferences(t *testing.T) {
 				{Url: "http://www.openwall.com/lists/oss-security/2023/07/20/1", Type: osvschema.Reference_ARTICLE},
 			},
 		},
+		{
+			refData: []models.Reference{
+				{
+					Source: "https://example.com/some/valid/link", URL: "https://example.com/some/valid/link", Tags: []string{"mailing-list"},
+				},
+				{
+					Source: "https://example.com/some/invalid/link", URL: "", Tags: []string{"mailing-list"},
+				},
+			},
+			references: []*osvschema.Reference{
+				{Url: "https://example.com/some/valid/link", Type: osvschema.Reference_ARTICLE},
+			},
+		},
 	}
 	for _, tc := range testcases {
 		references := ClassifyReferences(tc.refData)