commit | eee64c577fc6d80dd6bf78b9d4fc302b03c09f80 | [log] [tgz] |
---|---|---|
author | Tatiana Bradley <tatianabradley@google.com> | Wed Dec 06 15:15:26 2023 -0500 |
committer | Tatiana Bradley <tatianabradley@google.com> | Tue Dec 12 21:51:49 2023 +0000 |
tree | b22f0e3029a68ca3fb8ef8c154242ec114b6e884 | |
parent | 625c3c96db478967137343fa0441e4ece8e8862f [diff] |
internal/report: improve cve5ToReport - Consider all "affected" blocks instead of just the first one. - More cleverly account for vendor/product/package data. For example, ignore it if it is "n/a", or if it is merely a suffix of the module path we already have. - Attempt to populate version data. Skip the test that checks if v4 and v5 are handled equivalently, as we are now taking into account data that is only available in v5. Change-Id: Ibf46c2ad77bad6d72b50ed21b136e5ee014a99f8 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/548057 Reviewed-by: Sarawut Wansee <sarawutwansee07@gmail.com> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.
Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.
Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.
The privacy policy for govulncheck
can be found at https://vuln.go.dev/privacy.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.