x/vuln: reports could exclude calls with unaffected arguments #54889
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
vulncheck or vulndb
Issues for the x/vuln or x/vulndb repo
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce at the latest version of golang.org/x/vuln?
Yes, using
v0.0.0-20220902211423-27dd78d2ca39
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
What did you expect to see?
Vulnerabilities affecting these packages.
What did you see instead?
This vulnerability affects
Faccessat
when called withflags != 0
. This report flags a call viaunix.Access
, which always passesflags == 0
.In theory vulncheck could encode that this vulnerability depends on a certain argument value and then statically find calls that don't match that value.
The text was updated successfully, but these errors were encountered: