Google Git
Sign in
go / vulndb / eee64c577fc6d80dd6bf78b9d4fc302b03c09f80
commiteee64c577fc6d80dd6bf78b9d4fc302b03c09f80[log] [tgz]
authorTatiana Bradley <tatianabradley@google.com>Wed Dec 06 15:15:26 2023 -0500
committerTatiana Bradley <tatianabradley@google.com>Tue Dec 12 21:51:49 2023 +0000
treeb22f0e3029a68ca3fb8ef8c154242ec114b6e884
parent625c3c96db478967137343fa0441e4ece8e8862f [diff]
internal/report: improve cve5ToReport

- Consider all "affected" blocks instead of just the first one.
- More cleverly account for vendor/product/package data. For example,
ignore it if it is "n/a", or if it is merely a suffix of the module path
we already have.
- Attempt to populate version data.

Skip the test that checks if v4 and v5 are handled equivalently, as
we are now taking into account data that is only available in v5.

Change-Id: Ibf46c2ad77bad6d72b50ed21b136e5ee014a99f8
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/548057
Reviewed-by: Sarawut Wansee <sarawutwansee07@gmail.com>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
12 files changed
tree: b22f0e3029a68ca3fb8ef8c154242ec114b6e884
  1. .github/
  2. cmd/
  3. data/
  4. deploy/
  5. devtools/
  6. doc/
  7. internal/
  8. terraform/
  9. webconfig/
  10. .gitignore
  11. all_test.go
  12. checks.bash
  13. CONTRIBUTING.md
  14. go.mod
  15. go.sum
  16. LICENSE
  17. PATENTS
  18. README.md
  19. tools_test.go
README.md

The Go Vulnerability Database

Go Reference

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.