commit | dc3bfff71da63b27dc73dc416e2f0270f7c56710 | [log] [tgz] |
---|---|---|
author | Damien Neil <dneil@google.com> | Wed May 04 15:33:19 2022 -0700 |
committer | Damien Neil <dneil@google.com> | Thu May 05 15:37:37 2022 +0000 |
tree | 5ccc8a683fe9873ebcb551184de794a6071e51f7 | |
parent | 819f17d9412403cacf62223fe0171ef0181a8d2a [diff] |
cmd/vulnreport, internal/ghsa: speed up GHSA query The "vulnreport fix" command queries GitHub for GHSAs related to the CVE in each fixed report. Instead of querying for every Go GHSA (slow), query for GHSAs related to the specific CVE(s) of interest. Skip the GHSA query entirely if the GHSAs field is populated, unless the -always-fix-ghsa flag is provided. This may issue more queries if fixing many reports with no GHSAs, but dramatically speeds up the query when fixing a single report (from 30s to <1s). Also, the number of queries no longer scales with the size of the GitHub GHSA corpus. Change-Id: I0dde2ad7ebb4621785575c0dffdadd3febd873d4 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/404116 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Julie Qiu <julieqiu@google.com> Run-TryBot: Damien Neil <dneil@google.com>
This repository contains the reports for the Go Vulnerability Database.
If you are interested accessing data from the Go Vulnerability Database, see x/vuln for information. This repository is only used for adding new vulnerabilities.
We are not accepting new vulnerability reports at this time. We will update this README.md once we are ready to receive reports.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries are distributed under the terms of the CC-BY 4.0 license. See x/vuln for information on how to access these entries.