Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: add package and symbol search options for vulnerabilities #54802

Closed
jba opened this issue Aug 31, 2022 · 3 comments
Closed

x/pkgsite: add package and symbol search options for vulnerabilities #54802

jba opened this issue Aug 31, 2022 · 3 comments
Assignees
Labels
FeatureRequest FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone

Comments

@jba
Copy link
Contributor

jba commented Aug 31, 2022

We should support the following searches for pkg.go.dev/vuln pages:

  • Search by module path / package path prefix
  • Search by symbol name
@jba jba added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. FeatureRequest pkgsite vulndb labels Aug 31, 2022
@jba jba added this to the pkgsite/unplanned milestone Aug 31, 2022
@jba jba added vulncheck or vulndb Issues for the x/vuln or x/vulndb repo and removed vulndb labels Aug 31, 2022
@julieqiu
Copy link
Member

julieqiu commented Sep 6, 2022

Related feedback:

A module author may want to know if any vulnerabilities are reported against any of the
modules they maintain, either current or past versions? This search UI could provide an easy way to figure
this out.

Ideally, support would include searching by a module path
prefix, for example, mvdan.cc/ or github.com/mvdan/, so I can then find all
known vulnerabilities for mvdan.cc/foo, github.com/mvdan/bar, etc."

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/432418 mentions this issue: internal,static: add module path search for vulnerabilities

gopherbot pushed a commit to golang/pkgsite that referenced this issue Sep 22, 2022
Adds support for searching by mobule path prefix. For example a search
for 'net' will match with vulns for paths net, net/http, net/http/cgi.

For golang/go#54802.

Change-Id: I89543fd02d8861b8676fe4c552f7f57e436e945e
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/432418
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jamal Carvalho <jamal@golang.org>
TryBot-Result: kokoro <noreply+kokoro@google.com>
Reviewed-by: Hyang-Ah Hana Kim <hyangah@gmail.com>
@jamalc
Copy link

jamalc commented Sep 28, 2022

Done.

@jamalc jamalc closed this as completed Sep 28, 2022
@jamalc jamalc moved this to Done in Go Security Sep 28, 2022
@golang golang locked and limited conversation to collaborators Sep 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FeatureRequest FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Status: Done
Development

No branches or pull requests

4 participants