Google Git
Sign in
go / vulndb / 7e90cad64239
commit7e90cad642395fba3de74d89ef6a46e900056bef[log] [tgz]
authorTatiana Bradley <tatianabradley@google.com>Fri Aug 02 14:16:59 2024 -0400
committerTatiana Bradley <tatianabradley@google.com>Fri Aug 16 18:48:08 2024 +0000
tree5e79696672b53c881896ab8b2678c82c25c23fd6
parent0efc1400911a4de55baa784fa1cee51821b99f01 [diff]
internal/triage: add lots of tests for triage

To prep for a change in the triage algorithm, add 100 test cases
for real CVEs (75 Go and 25 not Go) and their triage results
with the current algorithm. (The current algorithm is copied
into a new function, AffectsGo, with no changes).

Note that the current algorithm doesn't always get it right, so
each test output file marks whether the result is correct or not.

This is OK; CVEs don't explicitly mark themselves as affecting
Go or not so we can't expect to always correctly categorize them.
However, we'd like to make sure changing the algorithm doesn't
reduce correctness.

Change-Id: I00ce8519b997d8605ab2e4693980f256d8eab7d0
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/602597
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
210 files changed
tree: 5e79696672b53c881896ab8b2678c82c25c23fd6
  1. .github/
  2. cmd/
  3. data/
  4. deploy/
  5. devtools/
  6. doc/
  7. internal/
  8. terraform/
  9. webconfig/
  10. .gitignore
  11. all_test.go
  12. checks.bash
  13. CONTRIBUTING.md
  14. go.mod
  15. go.sum
  16. LICENSE
  17. PATENTS
  18. README.md
  19. tools_test.go
README.md

The Go Vulnerability Database

Go Reference

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.