Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: add alias search option for vulnerabilities #54465

Open
1 task
julieqiu opened this issue Aug 15, 2022 · 4 comments
Open
1 task

x/pkgsite: add alias search option for vulnerabilities #54465

julieqiu opened this issue Aug 15, 2022 · 4 comments
Assignees
Labels
FeatureRequest NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone

Comments

@julieqiu
Copy link
Contributor

julieqiu commented Aug 15, 2022

We should support the following searches for pkg.go.dev/vuln pages:

  • - Aliases (CVE, GHSAs, etc). Currently only the GO-* ids are supported
@gopherbot gopherbot added this to the Unreleased milestone Aug 15, 2022
@julieqiu julieqiu added vulncheck or vulndb Issues for the x/vuln or x/vulndb repo NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. FeatureRequest labels Aug 15, 2022
@suzmue suzmue modified the milestones: Unreleased, pkgsite/later Aug 19, 2022
@gopherbot
Copy link

gopherbot commented Aug 25, 2022

Change https://go.dev/cl/425695 mentions this issue: internal/database: generate alias index

gopherbot pushed a commit to golang/vulndb that referenced this issue Aug 26, 2022
Output aliases.json, which is a map from each Entry alias to
the Entry's ID.

Updates golang/go#54465.

Change-Id: If2d487260b16c22a4a763f295b3adc29f1c3dafa
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/425695
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
@jba jba changed the title x/pkgsite: add search options for vulnerabilities x/pkgsite: add alias search option for vulnerabilities Aug 31, 2022
@jba
Copy link
Contributor

jba commented Aug 31, 2022

Reduced scope to aliases only. Symbols and packages moved to #54802.

@gopherbot
Copy link

gopherbot commented Aug 31, 2022

Change https://go.dev/cl/427079 mentions this issue: client: add GetByAlias

@julieqiu julieqiu modified the milestones: pkgsite/later, vuln/2022 Sep 6, 2022
gopherbot pushed a commit to golang/vuln that referenced this issue Sep 12, 2022
Add a method to get a list of entries that share the
same CVE or GHSA.

Updates golang/go#54465.

Change-Id: I395c1790cfb394c88b1283e17c7808585922237d
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/427079
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
@gopherbot
Copy link

gopherbot commented Sep 13, 2022

Change https://go.dev/cl/430280 mentions this issue: go.mod: upgrade to latest golang.org/x/vuln

gopherbot pushed a commit to golang/pkgsite that referenced this issue Sep 13, 2022
Upgrade to get Client.GetByAlias, to enable vuln alias search.

Updates golang/go#54465.

Change-Id: Idd182c5c0994153c36f9843ccc4acf50e0f5fae9
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/430280
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
FeatureRequest NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Status: No status
Development

No branches or pull requests

4 participants