Skip to content

x/vuln: govulncheck prints confusing/wrong output for reports with no fix #53822

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
neild opened this issue Jul 12, 2022 · 1 comment
Closed

x/vuln: govulncheck prints confusing/wrong output for reports with no fix #53822

neild opened this issue Jul 12, 2022 · 1 comment
Assignees
@neild
Labels
FrozenDueToAge vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
Unreleased

Comments

@neild
Copy link
Contributor

neild commented Jul 12, 2022 

$ govulncheck ./...
...
Found in:  example.mod@v1.0.0
Fixed in:  example.mod@v
...

When there's no fix version available, govulncheck prints a fixed version of "@v". The "Fixed in" line should be omitted or left blank in this case.
@gopherbot gopherbot added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Jul 12, 2022
@neild neild self-assigned this Jul 12, 2022
@gopherbot gopherbot added this to the Unreleased milestone Jul 12, 2022
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/417254 mentions this issue: cmd/govulncheck: fix printing of reports with no found/fixed version

softdev050 added a commit to softdev050/Golangvuln that referenced this issue Apr 5, 2023
@softdev050
cmd/govulncheck: fix printing of reports with no found/fixed version
6c102ad 
Remove the extraneous @ in "Found in: archive/zip@" when there is no
version available to print.

Omit the "Fixed in:" line when there is no fix version known.

Fixes golang/go#53822.

Change-Id: I5d665baca788839908e8d65e794e106233f90fea
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/417254
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
sayjun0505 added a commit to sayjun0505/Golangvuln that referenced this issue Apr 8, 2023
@sayjun0505
cmd/govulncheck: fix printing of reports with no found/fixed version
60d47ac 
Remove the extraneous @ in "Found in: archive/zip@" when there is no
version available to print.

Omit the "Fixed in:" line when there is no fix version known.

Fixes golang/go#53822.

Change-Id: I5d665baca788839908e8d65e794e106233f90fea
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/417254
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
stanislavkononiuk added a commit to stanislavkononiuk/Golangvuln that referenced this issue Jun 26, 2023
@stanislavkononiuk
cmd/govulncheck: fix printing of reports with no found/fixed version
ff84e5d 
Remove the extraneous @ in "Found in: archive/zip@" when there is no
version available to print.

Omit the "Fixed in:" line when there is no fix version known.

Fixes golang/go#53822.

Change-Id: I5d665baca788839908e8d65e794e106233f90fea
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/417254
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
@golang golang locked and limited conversation to collaborators Jul 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@neild neild

Labels
FrozenDueToAge vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Go Security
Status: No status
Milestone
Unreleased
Development

No branches or pull requests
2 participants
@neild @gopherbot