Google Git
Sign in
go / vuln / 18fd808f5c7f09fa91513e6a63a59791f7c0a8a5
commit18fd808f5c7f09fa91513e6a63a59791f7c0a8a5[log] [tgz]
authorJonathan Amsterdam <jba@google.com>Wed Mar 23 09:35:46 2022 -0400
committerJonathan Amsterdam <jba@google.com>Thu Mar 24 00:53:16 2022 +0000
tree190c4d4361bb78b5beead034e58b7dd7076af308
parent0396c4c102e274da19a8eb032d2b84198d1709c9 [diff]
cmd/govulncheck: summarized call stacks

This CL is another attempt at compact but helpful default output.

For each vuln, pick a single call stack and summarize it.

The vulncheck package sorts the call stacks in a reasonable way, so
we use the first one.

Sample output:

Change-Id: I9a2928a4ce1f3b79f9c6b09e79cd2c53490756b5

---
package:        github.com/opencontainers/selinux/go-selinux
your version:   v0.0.0-20170621221121-4a2974bf1ee9
fixed version:  v1.0.0-rc8.0.20190930145003-cad42f6e0932
sample call stacks:
                k8s.io/kubernetes/pkg/util/selinux.SELinuxEnabled calls github.com/opencontainers/selinux/go-selinux.GetEnabled
                k8s.io/kubernetes/pkg/util/selinux.SetFileLabel calls github.com/opencontainers/selinux/go-selinux.SetFileLabel
                k8s.io/kubernetes/pkg/util/selinux.realSELinuxRunner.Getfilecon calls github.com/opencontainers/selinux/go-selinux.FileLabel
reference:      https://pkg.go.dev/vuln/GO-2021-0085
description:    AppArmor restrictions may be bypassed due to improper validation
                of mount targets, allowing a malicious image to mount volumes
                over e.g. /proc.
---

Change-Id: I982228e84dcd71870d67a467fd789547ef24d484
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/395156
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
2 files changed
tree: 190c4d4361bb78b5beead034e58b7dd7076af308
  1. client/
  2. cmd/
  3. devtools/
  4. doc/
  5. internal/
  6. osv/
  7. vulncheck/
  8. .gitignore
  9. all_test.go
  10. AUTHORS
  11. checks.bash
  12. CONTRIBUTING.md
  13. CONTRIBUTORS
  14. go.mod
  15. go.sum
  16. LICENSE
  17. PATENTS
  18. README.md
  19. tools_test.go
README.md

Go Vulnerability Management

Go Reference

This repository contains the following:

  • Package client: a client for interacting with the Go vulnerability database
  • Package vulncheck: an API for detecting vulnerabilities in Go packages
  • Command govulncheck: a CLI for detecting vulnerabilities in Go packages

The code in this repository is under active development and not to be considered stable.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries available at https://storage.googleapis.com/go-vulndb/ are distributed under the terms of the CC-BY 4.0 license.