Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vuln/vulncheck: unavailable module version for github and local modules #49264

Closed
zpavlinovic opened this issue Nov 1, 2021 · 2 comments
Closed

x/vuln/vulncheck: unavailable module version for github and local modules #49264

zpavlinovic opened this issue Nov 1, 2021 · 2 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned

Comments

@zpavlinovic
Copy link
Contributor

For a project cloned from github or in current development under a specific version, how to obtain the version? Currently, the version string of packages.Module is "". Perhaps use something based on src/cmd/go/internal/vcs?
@zpavlinovic zpavlinovic added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Nov 1, 2021
@zpavlinovic zpavlinovic self-assigned this Nov 1, 2021
@bcmills
Copy link
Contributor

bcmills commented Nov 1, 2021

See #37475 (slated for Go 1.18).

@zpavlinovic zpavlinovic changed the title exp/vulncheck: unavailable module version for github and local modules vuln/vulncheck: unavailable module version for github and local modules Jun 27, 2022
@zpavlinovic zpavlinovic added this to the Unplanned milestone Jun 27, 2022
@julieqiu julieqiu added vulncheck or vulndb Issues for the x/vuln or x/vulndb repo and removed vulncheck labels Jul 19, 2022
@julieqiu julieqiu modified the milestones: Unplanned, vuln/unplanned Sep 8, 2022
@seankhliao seankhliao changed the title vuln/vulncheck: unavailable module version for github and local modules x/vuln/vulncheck: unavailable module version for github and local modules Sep 9, 2022
@zpavlinovic
Copy link
Contributor Author

Regardless of whether a dependent module is vendored or a local version is used instead, it needs to appear in go.mod file with a version that vulncheck will pick up. The current module under analysis will have "" as version, but that is handled properly by vulncheck now.

@golang golang locked and limited conversation to collaborators Dec 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Go Security
Status: Done
Milestone
vuln/unplanned
Development

No branches or pull requests
4 participants
@zpavlinovic @bcmills @julieqiu @gopherbot