-
Notifications
You must be signed in to change notification settings - Fork 59
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
internal/openvex: populate product subcomponents
Populates the "subcomponent" field of a outputted vex statement with the PURL to the vulnerable dependency. updates golang/go#68152 Change-Id: I9e7b9a6686744496b3409ee9d4d0f3d70917db45 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/598956 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Zvonimir Pavlinovic <[email protected]>
- Loading branch information
Maceo Thompson
committed
Sep 25, 2024
1 parent
2e326d4
commit bd80eaa
Showing
7 changed files
with
367 additions
and
47 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,7 +3,7 @@ | |
$ govulncheck -format openvex -mode binary ${common_vuln_binary} | ||
{ | ||
"@context": "https://openvex.dev/ns/v0.2.0", | ||
"@id": "govulncheck/vex:b1a12e6f591b29f244e67c80a88d10539c220a04f6ca48d3fe7af2faf0189437", | ||
"@id": "govulncheck/vex:261b597336f7aa5eb53a4a196c354c5afed43fe55658ae3816194192b5268881", | ||
"author": "Unknown Author", | ||
"timestamp": "2024-01-01T00:00:00", | ||
"version": 1, | ||
|
@@ -21,7 +21,12 @@ $ govulncheck -format openvex -mode binary ${common_vuln_binary} | |
}, | ||
"products": [ | ||
{ | ||
"@id": "Unknown Product" | ||
"@id": "Unknown Product", | ||
"subcomponents": [ | ||
{ | ||
"@id": "pkg:golang/golang.org%2Fx%[email protected]" | ||
} | ||
] | ||
} | ||
], | ||
"status": "not_affected", | ||
|
@@ -40,7 +45,12 @@ $ govulncheck -format openvex -mode binary ${common_vuln_binary} | |
}, | ||
"products": [ | ||
{ | ||
"@id": "Unknown Product" | ||
"@id": "Unknown Product", | ||
"subcomponents": [ | ||
{ | ||
"@id": "pkg:golang/github.com%2Ftidwall%[email protected]" | ||
} | ||
] | ||
} | ||
], | ||
"status": "affected" | ||
|
@@ -57,7 +67,12 @@ $ govulncheck -format openvex -mode binary ${common_vuln_binary} | |
}, | ||
"products": [ | ||
{ | ||
"@id": "Unknown Product" | ||
"@id": "Unknown Product", | ||
"subcomponents": [ | ||
{ | ||
"@id": "pkg:golang/golang.org%2Fx%[email protected]" | ||
} | ||
] | ||
} | ||
], | ||
"status": "not_affected", | ||
|
@@ -78,7 +93,12 @@ $ govulncheck -format openvex -mode binary ${common_vuln_binary} | |
}, | ||
"products": [ | ||
{ | ||
"@id": "Unknown Product" | ||
"@id": "Unknown Product", | ||
"subcomponents": [ | ||
{ | ||
"@id": "pkg:golang/github.com%2Ftidwall%[email protected]" | ||
} | ||
] | ||
} | ||
], | ||
"status": "affected" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,7 +3,7 @@ | |
$ govulncheck -C ${moddir}/vuln -format openvex ./... | ||
{ | ||
"@context": "https://openvex.dev/ns/v0.2.0", | ||
"@id": "govulncheck/vex:b1a12e6f591b29f244e67c80a88d10539c220a04f6ca48d3fe7af2faf0189437", | ||
"@id": "govulncheck/vex:261b597336f7aa5eb53a4a196c354c5afed43fe55658ae3816194192b5268881", | ||
"author": "Unknown Author", | ||
"timestamp": "2024-01-01T00:00:00", | ||
"version": 1, | ||
|
@@ -21,7 +21,12 @@ $ govulncheck -C ${moddir}/vuln -format openvex ./... | |
}, | ||
"products": [ | ||
{ | ||
"@id": "Unknown Product" | ||
"@id": "Unknown Product", | ||
"subcomponents": [ | ||
{ | ||
"@id": "pkg:golang/golang.org%2Fx%[email protected]" | ||
} | ||
] | ||
} | ||
], | ||
"status": "not_affected", | ||
|
@@ -40,7 +45,12 @@ $ govulncheck -C ${moddir}/vuln -format openvex ./... | |
}, | ||
"products": [ | ||
{ | ||
"@id": "Unknown Product" | ||
"@id": "Unknown Product", | ||
"subcomponents": [ | ||
{ | ||
"@id": "pkg:golang/github.com%2Ftidwall%[email protected]" | ||
} | ||
] | ||
} | ||
], | ||
"status": "affected" | ||
|
@@ -57,7 +67,12 @@ $ govulncheck -C ${moddir}/vuln -format openvex ./... | |
}, | ||
"products": [ | ||
{ | ||
"@id": "Unknown Product" | ||
"@id": "Unknown Product", | ||
"subcomponents": [ | ||
{ | ||
"@id": "pkg:golang/golang.org%2Fx%[email protected]" | ||
} | ||
] | ||
} | ||
], | ||
"status": "not_affected", | ||
|
@@ -78,7 +93,12 @@ $ govulncheck -C ${moddir}/vuln -format openvex ./... | |
}, | ||
"products": [ | ||
{ | ||
"@id": "Unknown Product" | ||
"@id": "Unknown Product", | ||
"subcomponents": [ | ||
{ | ||
"@id": "pkg:golang/github.com%2Ftidwall%[email protected]" | ||
} | ||
] | ||
} | ||
], | ||
"status": "affected" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.