commit | 2d6d886f8a82e2a5ac93bb52639914eda8b3373a | [log] [tgz] |
---|---|---|
author | Jonathan Amsterdam <jba@google.com> | Fri Mar 11 16:11:26 2022 -0500 |
committer | Jonathan Amsterdam <jba@google.com> | Mon Mar 21 12:44:02 2022 +0000 |
tree | 818550244bd40035c145f86aad0b5c72ebc7eb49 | |
parent | 8dddf5d87bd801dc1ab27b8c139421a548982696 [diff] |
cmd/govulncheck: select representative symbols more carefully Instead of using the entries (top of call stacks) as the symbols to show to the user, use the lowest symbols on the call stacks from the packages under analysis. This can greatly reduce the number of symbols. For example, in k8s.io/kubernetes, many functions call k8s.io/kubernetes/pkg/util/selinux.SELinuxEnabled, which then calls a vulnerable symbol in github.com/opencontainers/selinux/go-selinux. In this particular case, this CL reduces the number of symbols from 2,384 to 2. Change-Id: Ib191cb8ec6a09e607673af7ccdcb34ea121a5b69 Reviewed-on: https://go-review.googlesource.com/c/exp/+/391894 Trust: Jonathan Amsterdam <jba@google.com> Run-TryBot: Jonathan Amsterdam <jba@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
This subrepository holds experimental and deprecated (in the old
directory) packages.
The idea for this subrepository originated as the pkg/exp
directory of the main repository, but its presence there made it unavailable to users of the binary downloads of the Go installation. The subrepository has therefore been created to make it possible to go get
these packages.
Warning: Packages here are experimental and unreliable. Some may one day be promoted to the main repository or other subrepository, or they may be modified arbitrarily or even disappear altogether.
In short, code in this subrepository is not subject to the Go 1 compatibility promise. (No subrepo is, but the promise is even more likely to be violated by go.exp than the others.)
Caveat emptor.