Google Git
Sign in
go / exp / 2d6d886f8a82e2a5ac93bb52639914eda8b3373a
commit2d6d886f8a82e2a5ac93bb52639914eda8b3373a[log] [tgz]
authorJonathan Amsterdam <jba@google.com>Fri Mar 11 16:11:26 2022 -0500
committerJonathan Amsterdam <jba@google.com>Mon Mar 21 12:44:02 2022 +0000
tree818550244bd40035c145f86aad0b5c72ebc7eb49
parent8dddf5d87bd801dc1ab27b8c139421a548982696 [diff]
cmd/govulncheck: select representative symbols more carefully

Instead of using the entries (top of call stacks) as the symbols to
show to the user, use the lowest symbols on the call stacks from the
packages under analysis. This can greatly reduce the number of symbols.

For example, in k8s.io/kubernetes, many functions call
k8s.io/kubernetes/pkg/util/selinux.SELinuxEnabled, which then calls a
vulnerable symbol in github.com/opencontainers/selinux/go-selinux.

In this particular case, this CL reduces the number of
symbols from 2,384 to 2.

Change-Id: Ib191cb8ec6a09e607673af7ccdcb34ea121a5b69
Reviewed-on: https://go-review.googlesource.com/c/exp/+/391894
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
2 files changed
tree: 818550244bd40035c145f86aad0b5c72ebc7eb49
  1. apidiff/
  2. cmd/
  3. constraints/
  4. devtools/
  5. ebnf/
  6. ebnflint/
  7. errors/
  8. event/
  9. fsnotify/
  10. inotify/
  11. io/
  12. jsonrpc2/
  13. maps/
  14. mmap/
  15. rand/
  16. shiny/
  17. shootout/
  18. slices/
  19. sumdb/
  20. typeparams/
  21. utf8string/
  22. vulncheck/
  23. vulndb/
  24. winfsnotify/
  25. .gitattributes
  26. .gitignore
  27. AUTHORS
  28. codereview.cfg
  29. CONTRIBUTING.md
  30. CONTRIBUTORS
  31. go.mod
  32. go.sum
  33. LICENSE
  34. PATENTS
  35. README.md
README.md

exp

PkgGoDev

This subrepository holds experimental and deprecated (in the old directory) packages.

The idea for this subrepository originated as the pkg/exp directory of the main repository, but its presence there made it unavailable to users of the binary downloads of the Go installation. The subrepository has therefore been created to make it possible to go get these packages.

Warning: Packages here are experimental and unreliable. Some may one day be promoted to the main repository or other subrepository, or they may be modified arbitrarily or even disappear altogether.

In short, code in this subrepository is not subject to the Go 1 compatibility promise. (No subrepo is, but the promise is even more likely to be violated by go.exp than the others.)

Caveat emptor.