Skip to content

x/vulndb: convert from Github OSV to Go YAML #61769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tatianab opened this issue Aug 4, 2023 · 2 comments
Closed

x/vulndb: convert from Github OSV to Go YAML #61769

tatianab opened this issue Aug 4, 2023 · 2 comments
Assignees
@tatianab
Labels
FrozenDueToAge vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned

Comments

@tatianab
Copy link

tatianab commented Aug 4, 2023

Add function to (cleverly) convert Github OSV to Go YAML, including:

  • Attempting to fix major version of module paths
  • Checking if module paths exist
  • Determining if a path is a module path or an import (package) path
  • Verifying that stated versions exist
  • Collecting together version ranges for the same module path
@tatianab tatianab added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Aug 4, 2023
@tatianab tatianab self-assigned this Aug 4, 2023
@gopherbot gopherbot modified the milestones: Unreleased, vuln/unplanned Aug 4, 2023
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/515399 mentions this issue: internal/genericosv: add function to convert OSV to Go Report

gopherbot pushed a commit to golang/vulndb that referenced this issue Aug 23, 2023
@tatianab
internal/genericosv: add function to convert OSV to Go Report
c779530 
Add function ToReport which converts a generic OSV entry to a Report
(the representation for our YAML reports). To start, this function
simply translates between the formats and doesn't do anything clever.

This change also adds a number of real GHSAs that can be used as test
cases, and to see how the function behaves on real data as it evolves.

Lint errors are added as notes to generated reports, so that we can
more easily target areas for improvement.

For golang/go#61769

Change-Id: Ifd99796f96aa662e887a643276b3b2d7456e826b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/515399
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
Run-TryBot: Tatiana Bradley <[email protected]>
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/522835 mentions this issue: internal/{proxy,genericosv}: add mock proxy framework and use in TestToReport

gopherbot pushed a commit to golang/vulndb that referenced this issue Aug 28, 2023
@tatianab
internal/{proxy,genericosv}: add mock proxy framework and use in Test…
ccf7526 
…ToReport

Adds a framework to more easily store proxy responses for testing and
create mock proxy clients.

TestToReport is now hermetic by default, as it reads mock proxy responses
from a JSON file.

If the -proxy flag set, the test contacts the real module proxy and re-writes
the JSON file. (In most cases, there should be no need to use this flag).

For golang/go#61769

Change-Id: I7cfcea44b94ee57105bedcaf2f4d514ad2436688
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/522835
Run-TryBot: Tatiana Bradley <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
@golang golang locked and limited conversation to collaborators Jan 25, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@tatianab tatianab

Labels
FrozenDueToAge vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
vuln/unplanned
Development

No branches or pull requests
2 participants
@tatianab @gopherbot