Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vuln/cmd/govulncheck: govulncheck should exit with failure if it finds a vulnerability #51590

Closed
rittneje opened this issue Mar 10, 2022 · 7 comments
Closed

x/vuln/cmd/govulncheck: govulncheck should exit with failure if it finds a vulnerability #51590

rittneje opened this issue Mar 10, 2022 · 7 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
Unreleased

Comments

@rittneje
Copy link

Currently, the govulncheck command always exits with success (0), even if it finds a vulnerability. This makes it hard to use in any automated logic.
@gopherbot gopherbot added this to the Unreleased milestone Mar 10, 2022
@zpavlinovic zpavlinovic added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Mar 15, 2022
@zpavlinovic
Copy link
Contributor

@jba

@zpavlinovic
Copy link
Contributor

Would vet approach work: 0 for no issues and no findings, 3 for no issues but some findings, and 1 for issues?

@rittneje
Copy link
Author

For my immediate purposes it doesn't matter, but I could imagine some people wanting to distinguish, so it sounds reasonable.

@jba jba self-assigned this Mar 16, 2022
@gopherbot
Copy link

Change https://go.dev/cl/393415 mentions this issue: cmd/govulncheck: exit with a non-zero code if there are vulns

@jba
Copy link
Contributor

jba commented Mar 16, 2022

In the above CL, I exit with a 1 if there are vulns and 0 if not. I don't think govulncheck currently distinguishes between findings and issues.

gopherbot pushed a commit to golang/exp that referenced this issue Mar 16, 2022
@jba
cmd/govulncheck: exit with a non-zero code if there are vulns
354416b 
Updates golang/go#51590

Change-Id: Ieffa62d753c0db79ec576368822831ab76cbdc6f
Reviewed-on: https://go-review.googlesource.com/c/exp/+/393415
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
@gopherbot
Copy link

Change https://go.dev/cl/395239 mentions this issue: cmd/govulncheck: exit with a non-zero code if there are vulns

gopherbot pushed a commit to golang/vuln that referenced this issue Mar 23, 2022
@jba @julieqiu
cmd/govulncheck: exit with a non-zero code if there are vulns
b749fb1 
Updates golang/go#51590

Cherry-picked: https://go-review.googlesource.com/c/exp/+/393415

Change-Id: Ieffa62d753c0db79ec576368822831ab76cbdc6f
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/395239
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
@zpavlinovic zpavlinovic changed the title x/exp/vulndb/govulncheck: govulncheck should exit with failure if it finds a vulnerability x/vuln/cmd/govulncheck: govulncheck should exit with failure if it finds a vulnerability Mar 24, 2022
@zpavlinovic
Copy link
Contributor

Note: the new version of govulncheck is now in x/vuln/cmd/govulncheck. The previous version is not supported anymore and has been deleted.

@rsc rsc unassigned jba Jun 22, 2022
@julieqiu julieqiu added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Sep 8, 2022
softdev050 added a commit to softdev050/Golangvuln that referenced this issue Apr 5, 2023
@softdev050
cmd/govulncheck: exit with a non-zero code if there are vulns
67cbee0 
Updates golang/go#51590

Cherry-picked: https://go-review.googlesource.com/c/exp/+/393415

Change-Id: Ieffa62d753c0db79ec576368822831ab76cbdc6f
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/395239
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
sayjun0505 added a commit to sayjun0505/Golangvuln that referenced this issue Apr 8, 2023
@sayjun0505
cmd/govulncheck: exit with a non-zero code if there are vulns
3ead65c 
Updates golang/go#51590

Cherry-picked: https://go-review.googlesource.com/c/exp/+/393415

Change-Id: Ieffa62d753c0db79ec576368822831ab76cbdc6f
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/395239
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
stanislavkononiuk added a commit to stanislavkononiuk/Golangvuln that referenced this issue Jun 26, 2023
@stanislavkononiuk
cmd/govulncheck: exit with a non-zero code if there are vulns
e4732c5 
Updates golang/go#51590

Cherry-picked: https://go-review.googlesource.com/c/exp/+/393415

Change-Id: Ieffa62d753c0db79ec576368822831ab76cbdc6f
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/395239
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
@golang golang locked and limited conversation to collaborators Sep 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Go Security
Status: No status
Milestone
Unreleased
Development

No branches or pull requests
6 participants
@zpavlinovic @ianlancetaylor @julieqiu @gopherbot @jba @rittneje