vulncheck: make call stack search faster while preserving determinism

We sort edges while doing call stack search instead of sorting edges in
the vulnerability call graph (which is not promised to clients anyhow).
We can use the structure of call stack search to do sorting in a smart
way.

This reduces k8s and vault times by 7 and 5 seconds, resp.

Change-Id: I46b6623fd6543fdef898d991b7f29f228ca59d91
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/412194
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2 files changed
tree: 59997f7cc96118fce85f03e508d6e05214d20378
  1. client/
  2. cmd/
  3. devtools/
  4. doc/
  5. internal/
  6. osv/
  7. vulncheck/
  8. .gitignore
  9. all_test.go
  10. AUTHORS
  11. checks.bash
  12. CONTRIBUTING.md
  13. CONTRIBUTORS
  14. go.mod
  15. go.sum
  16. LICENSE
  17. PATENTS
  18. README.md
  19. tools_test.go
README.md

Go Vulnerability Management

Go Reference

This repository contains the following:

  • Package client: a client for interacting with the Go vulnerability database
  • Package vulncheck: an API for detecting vulnerabilities in Go packages
  • Command govulncheck: a CLI for detecting vulnerabilities in Go packages

The code in this repository is under active development and not to be considered stable.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries available at https://vuln.go.dev are distributed under the terms of the CC-BY 4.0 license.