x/vuln/client: implement sanity check on the return value of httpReadJSON
#56333
Labels
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
vulncheck or vulndb
Issues for the x/vuln or x/vulndb repo
Milestone
From "TODO" in https://github.com/golang/vuln/blob/41df7bda74f30fac0cab688927dab16df2f938eb/client/client.go#L314-L315:
The basic check is desirable since
json.Unmarshal
is too generous and types likeosv.Entry
allowsomitempty
for many fields. Assume that the client is built with an old version of golang.org/x/vuln/client, and vuln.go.dev decided to serve a slightly differentosv.Entry
(e.g. https://go-review.googlesource.com/c/vuln/+/424375) for some unforeseen reasons. The cache may be polluted with incomplete data.The text was updated successfully, but these errors were encountered: