Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/vuln: add fingerprinting for binary mode #64716

Open
zpavlinovic opened this issue Dec 14, 2023 · 1 comment
Open

x/vuln: add fingerprinting for binary mode #64716

zpavlinovic opened this issue Dec 14, 2023 · 1 comment
Assignees
Labels
vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone

Comments

@zpavlinovic
Copy link
Contributor

govulncheck version

govulncheck@v0.0.0-53a5385d13db-20231213181115

Does this issue reproduce at the latest version of golang.org/x/vuln?

yes

What operating system and processor architecture are you using (go env)?

not platform specific

What did you do?

code organization related

What did you expect to see?

fingerprinting should ideally be used when choosing how to parse an input to the binary mode. This would make the code cleaner and logic more precise, especially if we add more formats in the future.

What did you see instead?

We currently try to parse the input to a Go binary and, if that does not work, we try to parse the blob. If that fails, then we say that we don't recognize the input. This is not exactly clean and it won't cover precisely the (very rare) cases where, say, the input is a blob or a Go binary but parsing fails due to system issues.

@zpavlinovic zpavlinovic added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Dec 14, 2023
@zpavlinovic zpavlinovic added this to the Unplanned milestone Dec 14, 2023
@zpavlinovic zpavlinovic self-assigned this Dec 14, 2023
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/594935 mentions this issue: internal/scan: use fingerprinting to check if a file is Go binary

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Development

No branches or pull requests

2 participants