commit | f3137a66416d24e06f1bd985aa007caa19d9d55d | [log] [tgz] |
---|---|---|
author | Jonathan Amsterdam <jba@google.com> | Fri Apr 08 06:08:53 2022 -0400 |
committer | Jonathan Amsterdam <jba@google.com> | Tue Apr 12 11:49:56 2022 +0000 |
tree | ab9384f09a59cce16c5242a6af3fb15075a99bfa | |
parent | 3b8a5f69d17947abaab7e3723c42fc198ec32e55 [diff] |
cmd/govulncheck: don't skip vulns with no CallSink for binaries When we analyze a binary, we don't have call stacks. The code that skipped vulns with CallSink==0 was skipping all vulns in binaries. Now we filter out those vulns only when we run on source. Fixes golang/go#51412. Change-Id: If11b079fd771ccfb05360da4a1db64102e0db182 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/399114 Run-TryBot: Jonathan Amsterdam <jba@google.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
This repository contains the following:
The code in this repository is under active development and not to be considered stable.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries available at https://vuln.go.dev are distributed under the terms of the CC-BY 4.0 license.