-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/pkgsite: migrate to v1 vulnerability database #58928
Comments
Change https://go.dev/cl/474255 mentions this issue: |
Change https://go.dev/cl/474537 mentions this issue: |
No-op refactor to move all code that depends on x/vuln to the internal/vuln (renamed from internal/vulns) package. This will allow us to more easily remove the dependency, as a part of the migration to the v1 database schema. For golang/go#58928 Change-Id: Ic8ac2377832d8e4a2a6afbb42729a7e10553665c Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/474255 Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: kokoro <noreply+kokoro@google.com>
…ient Instead of passing around a function, getVulnEntries, pass the actual vuln client and call it directly. Update the TestClient to implement the GetByModules function so that tests can use it. The purpose of this change is to further isolate calls to the vulndb Client to the internal/vuln package, and to make the code easier to understand by removing a function parameter. For golang/go#58928 Change-Id: I8bef528034a1caa44b99da2f185990338ec9cd5f Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/474537 Reviewed-by: Jamal Carvalho <jamal@golang.org> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: kokoro <noreply+kokoro@google.com>
Change https://go.dev/cl/476555 mentions this issue: |
Change https://go.dev/cl/477015 mentions this issue: |
Change https://go.dev/cl/476556 mentions this issue: |
Add a new client struct, clientV1, that can read from Go vulnerability databases in the new v1 format. clientV1 implements the internal "client" interface, and will eventually be renamed to simply Client, and completely replace the existing Client type. The clientV1 struct contains a "source" interface. The source interface is used to read raw JSON data from a given endpoint. The implemented sources are an HTTP source, used to read from the actual database, and directory and in-memory sources used for testing. This struct and its methods are implemented and tested in this change, but not yet used outside of testing. For golang/go#58928 Change-Id: Icd4491aeb98a7f7e3bf10301c71ec620cf5cdea8 Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/476555 TryBot-Result: kokoro <noreply+kokoro@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Add an experiment, "vulndb-v1", which if active causes pkgsite to read from the v1 vulnerability database instead of the legacy database. The experiment is not yet enabled anywhere. For golang/go#58928 Change-Id: I66d6a90fc2eb841ed674169c09ea36c957551f1b Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/476556 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: kokoro <noreply+kokoro@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com>
No description provided.
The text was updated successfully, but these errors were encountered: