commit | 2aa0553d353b72b8df9a1e17338ff7ec3f244aad | [log] [tgz] |
---|---|---|
author | Hana (Hyang-Ah) Kim <hyangah@gmail.com> | Mon Oct 03 13:20:49 2022 -0400 |
committer | Hyang-Ah Hana Kim <hyangah@gmail.com> | Tue Oct 04 23:26:41 2022 +0000 |
tree | c9753c1f8267f24ebb4bc9a98413d1da4d248e3a | |
parent | 7ee453d0a82a730ff5b3341a32caa758fd2e361e [diff] |
client: handle file URI scheme on windows A file URI takes the form of file://host/path https://en.wikipedia.org/wiki/File_URI_scheme On windows, for example, vulndb located in c:\dir\vulndb will be file:///c:/dir/vulndb Previously, the code took `file://` prefix and attempted to use the remaining as a directory of local vulndb. On windows, that caused to os.Stat on /c:/dir/vulndb when a correctly encoded URI was passed in. Turned out file-uri parsing is a known, complex issue. See golang/go#32456 for context. This CL includes the code copied from the Go project. https://github.com/golang/go/blob/2ebe77a2fda1ee9ff6fd9a3e08933ad1ebaea039/src/cmd/go/internal/web/url.go Updated the tests to exercise the windows-like file path correctly when testing on windows. Previously, tests depended on relative paths or assumed an incorrect form of windows file uri (e.g. file://C:\workdir\gopath\src\golang.org\x\vuln\cmd\govulncheck/testdata/vulndb) Change-Id: I5fc451e5ca44649b9623daee28ee3210a7b2b96c Reviewed-on: https://go-review.googlesource.com/c/vuln/+/438175 Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com> Reviewed-by: Jonathan Amsterdam <jba@google.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Bryan Mills <bcmills@google.com>
This repository contains packages for accessing and analyzing data from the Go Vulnerability Database. It contains the following:
Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.
The privacy policy for govulncheck
can be found at https://vuln.go.dev/privacy.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries available at https://vuln.go.dev are distributed under the terms of the CC-BY 4.0 license.