Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: add alias search option for vulnerabilities #54465

Closed
1 task
julieqiu opened this issue Aug 15, 2022 · 5 comments
Closed
1 task

x/pkgsite: add alias search option for vulnerabilities #54465

julieqiu opened this issue Aug 15, 2022 · 5 comments
Assignees
Labels
FeatureRequest FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite UX Issues that involve UXD/UXR input vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone

Comments

@julieqiu
Copy link
Member

julieqiu commented Aug 15, 2022

We should support the following searches for pkg.go.dev/vuln pages:

  • - Aliases (CVE, GHSAs, etc). Currently only the GO-* ids are supported
@gopherbot gopherbot added this to the Unreleased milestone Aug 15, 2022
@julieqiu julieqiu added vulncheck or vulndb Issues for the x/vuln or x/vulndb repo NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. FeatureRequest labels Aug 15, 2022
@suzmue suzmue modified the milestones: Unreleased, pkgsite/later Aug 19, 2022
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/425695 mentions this issue: internal/database: generate alias index

gopherbot pushed a commit to golang/vulndb that referenced this issue Aug 26, 2022
Output aliases.json, which is a map from each Entry alias to
the Entry's ID.

Updates golang/go#54465.

Change-Id: If2d487260b16c22a4a763f295b3adc29f1c3dafa
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/425695
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
@jba jba changed the title x/pkgsite: add search options for vulnerabilities x/pkgsite: add alias search option for vulnerabilities Aug 31, 2022
@jba
Copy link
Contributor

jba commented Aug 31, 2022

Reduced scope to aliases only. Symbols and packages moved to #54802.

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/427079 mentions this issue: client: add GetByAlias

@julieqiu julieqiu modified the milestones: pkgsite/later, vuln/2022 Sep 6, 2022
gopherbot pushed a commit to golang/vuln that referenced this issue Sep 12, 2022
Add a method to get a list of entries that share the
same CVE or GHSA.

Updates golang/go#54465.

Change-Id: I395c1790cfb394c88b1283e17c7808585922237d
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/427079
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/430280 mentions this issue: go.mod: upgrade to latest golang.org/x/vuln

gopherbot pushed a commit to golang/pkgsite that referenced this issue Sep 13, 2022
Upgrade to get Client.GetByAlias, to enable vuln alias search.

Updates golang/go#54465.

Change-Id: Idd182c5c0994153c36f9843ccc4acf50e0f5fae9
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/430280
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
@julieqiu julieqiu added the UX Issues that involve UXD/UXR input label Oct 7, 2022
@jamalc
Copy link

jamalc commented Oct 12, 2022

This is done.

@jamalc jamalc closed this as completed Oct 12, 2022
@jamalc jamalc moved this to Done in Go Security Oct 12, 2022
softdev050 added a commit to softdev050/Golangvuln that referenced this issue Apr 5, 2023
Add a method to get a list of entries that share the
same CVE or GHSA.

Updates golang/go#54465.

Change-Id: I395c1790cfb394c88b1283e17c7808585922237d
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/427079
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
sayjun0505 added a commit to sayjun0505/Golangvuln that referenced this issue Apr 8, 2023
Add a method to get a list of entries that share the
same CVE or GHSA.

Updates golang/go#54465.

Change-Id: I395c1790cfb394c88b1283e17c7808585922237d
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/427079
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
stanislavkononiuk added a commit to stanislavkononiuk/Golangvuln that referenced this issue Jun 26, 2023
Add a method to get a list of entries that share the
same CVE or GHSA.

Updates golang/go#54465.

Change-Id: I395c1790cfb394c88b1283e17c7808585922237d
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/427079
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
@golang golang locked and limited conversation to collaborators Oct 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FeatureRequest FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite UX Issues that involve UXD/UXR input vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Status: Done
Development

No branches or pull requests

5 participants