Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: link symbols on pkg.go.dev/vuln pages to the corresponding pkg.go.dev/<path>#<symbol> #52660

Closed
julieqiu opened this issue May 2, 2022 · 4 comments
Assignees
Labels
FrozenDueToAge pkgsite UX Issues that involve UXD/UXR input vulncheck or vulndb Issues for the x/vuln or x/vulndb repo

Comments

@julieqiu
Copy link
Member

julieqiu commented May 2, 2022

It would be nice if symbols on the pkg.go.dev/vuln pages linked to the corresponding symbol on the pkg.go.dev package page.

For example, on https://pkg.go.dev/vuln/GO-2021-0242, Rat.SetString and Rat.UnmarshalText should link to https://pkg.go.dev/math/big#Rat.SetString and https://pkg.go.dev/math/big#Rat.UnmarshalText.

We could change the description field to a markdown type in the yaml reports, and have it parsed by pkgsite when rendering the page.

/cc @golang/vulndb @golang/pkgsite

@julieqiu julieqiu added vulndb and removed pkgsite labels May 2, 2022
@gopherbot gopherbot added this to the pkgsite/unplanned milestone May 2, 2022
@julieqiu
Copy link
Member Author

julieqiu commented May 3, 2022

The details field for OSV supports markdown: https://ossf.github.io/osv-schema/#summary-details-fields.

We currently only populate details (example: https://vuln.go.dev/golang.org/x/text.json).

@jba jba self-assigned this Jun 1, 2022
@jba
Copy link
Contributor

jba commented Jun 1, 2022

What about using Affected.EcosystemSpecific.Symbols instead?

@julieqiu
Copy link
Member Author

julieqiu commented Jun 1, 2022

A lot of times Affected.EcosystemSpecific.Symbols won't contain exported symbols, but I think it is a good idea to link to them if they are.

These are currently also not listed on the pkg.go.dev/vuln pages.

@jba jba assigned jamalc and unassigned jba Jul 8, 2022
@julieqiu julieqiu added vulncheck or vulndb Issues for the x/vuln or x/vulndb repo and removed vulndb labels Sep 2, 2022
@julieqiu julieqiu assigned jamalc and unassigned jamalc Sep 8, 2022
@jamalc jamalc assigned hyangah and unassigned jamalc Sep 19, 2022
@julieqiu julieqiu added the UX Issues that involve UXD/UXR input label Oct 7, 2022
@hyangah
Copy link
Contributor

hyangah commented Oct 7, 2022

This is fixed.

@hyangah hyangah closed this as completed Oct 7, 2022
@hyangah hyangah moved this to Done in Go Security Oct 7, 2022
@golang golang locked and limited conversation to collaborators Oct 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge pkgsite UX Issues that involve UXD/UXR input vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Status: Done
Development

No branches or pull requests

5 participants