Google Git
Sign in
go / vulndb / 629ed536694dc1d7f9a0d2dfd5d89d28c94e2186
commit629ed536694dc1d7f9a0d2dfd5d89d28c94e2186[log] [tgz]
authorMarkus Kusano <kusano@google.com>Wed Jul 23 20:01:36 2025 +0000
committerMarkus Kusano <kusano@google.com>Tue Aug 05 12:57:40 2025 -0700
treea2a4c3e37c47f7e20109a648567108cfefc6229f
parent30913b3f436d15633fa8384631c81e1e54b8c98d [diff]
internal/triage/priority: limit reports used for priority

Updates priority.Analyze to only consider reports in the past when
computing priority. Previously, reports ocurring after the
currently-analyzed report would be used for computing priority. This has
2 symmetric consequence:

(1) Adding new high priority report(s) causes low priority reports in
the past to flip to high priority. This is not what we want since
reports that were low priority should stay low. This is the issue
blocking golang/vulndb#3605.

(2) Adding new low priority reports can flip reports from high to low.

Fixing this logic lets us add new reports for case (1), but it also
means we will detect reports which should have been reviewed. We will
need to cleanup these reports before submitting this change.

  - data/reports/GO-2025-3605.yaml

Fixes golang/vulndb#3605

Change-Id: Iebee68b1df0b168ed2a3f09e6f7473756bfa0199
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/690255
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Neal Patel <nealpatel@google.com>
115 files changed
tree: a2a4c3e37c47f7e20109a648567108cfefc6229f
  1. .github/
  2. cmd/
  3. data/
  4. deploy/
  5. devtools/
  6. doc/
  7. internal/
  8. terraform/
  9. webconfig/
  10. .gitignore
  11. all_test.go
  12. checks.bash
  13. CONTRIBUTING.md
  14. go.mod
  15. go.sum
  16. LICENSE
  17. PATENTS
  18. README.md
  19. tools_test.go
README.md

The Go Vulnerability Database

Go Reference

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.