-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include module names #1
Comments
On another note, it seems that |
Maybe the idea is to check parent "directory" of a package until there is a module match or there is no parent. |
Design of vulnerabilities is coupled with the vulnerability db layout. So the module info is not available in the json file per se, but it can be read from the relative path at which the json file is located in the db. For instance, given db located at
is |
Moved to the Go issue tracker: golang/go#50006. The x/vulndb issue tracker is currently only meant for use by the Go security team for tracking CVEs that should be included in the Go vulnerability database. |
Change https://go.dev/cl/460416 mentions this issue: |
Aliases: CVE-2020-36567, GHSA-6vm3-jj99-7229 Updates #1 Fixes #1209 Change-Id: I6d09a050d6a3d137de3dfff0b86e6320d226c0f6 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/460416 Run-TryBot: Damien Neil <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Zvonimir Pavlinovic <[email protected]>
Fix a bug in which the "likely duplicate" label was applied to all issues that have duplicates on the tracker. (For example, if #1 and #2 both refer to GHSA-xxxx-yyyy-zzzz, only one of these should be marked as a duplicate). This also revealed some bugs in the fake in-memory implementation of the GHSA API, which are now fixed. Change-Id: Ifd98befdf3e23f1fc95df38533107de9c921b195 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/599456 Reviewed-by: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
Hi, thank you for the great database!
Looks like the current JSON API is missing module names. For example, the following YAML file includes the module name as well as the package name.
vulndb/reports/GO-2021-0079.yaml
Line 1 in e0c00fa
On the other hand, the API doesn't include it.
Is it possible to include it?
The text was updated successfully, but these errors were encountered: