Google Git
Sign in
go / vuln / 91bf12f5f8a408610d7769bc6196709b110cc15f
commit91bf12f5f8a408610d7769bc6196709b110cc15f[log] [tgz]
authorRoland Shoemaker <roland@golang.org>Tue Apr 13 10:50:27 2021 -0700
committerRoland Shoemaker <bracewell@google.com>Tue Apr 13 18:22:00 2021 +0000
tree9be30dc5bc240d79eb9a2b0285351ddd505eb0c5
parent0cb7a210b0c522c6cbf57750b44e8579482962c1 [diff]
reports: add a handful of CVEs

Results of testing new CVE triaging tooling. Also adds a file which
tracks which CVEs have been triaged. Still need to add all of the
false positives, but would like to fine tune the triage tooling first
to hopefully cut down the number of them.

Change-Id: I7591b10f5abc5e73b6a3291beeaedca0032ad02f
Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1053804
Reviewed-by: Roland Shoemaker <bracewell@google.com>
28 files changed
tree: 9be30dc5bc240d79eb9a2b0285351ddd505eb0c5
  1. client/
  2. cmd/
  3. osv/
  4. report/
  5. reports/
  6. format.md
  7. go.mod
  8. go.sum
  9. new-vuln.sh
  10. README.md
  11. template
  12. triaged-cve-list
README.md

This repository contains a handful of prototypes for the Go vulnerability database, as well as a initial set of vulnerability reports. Some of these packages can probably be coalesced, but for now are easier to work on in a more segmented fashion.

  • reports contains TOML security reports, the format is described in format.md
  • report provides a package for parsing and linting TOML reports
  • osv provides a package for generating OSV-style JSON vulnerability entries from a report.Report
  • client contains a client for accesing HTTP/fs based vulnerability databases, as well as a minimal caching implementation
  • cmd/gendb provides a tool for converting TOML reports into JSON database
  • cmd/genhtml provides a tool for converting TOML reports into a HTML website
  • cmd/linter provides a tool for linting individual reports
  • cmd/report2cve provides a tool for converting TOML reports into JSON CVEs