Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vuln/client: implement sanity check on the return value of httpReadJSON #56333

Closed
hyangah opened this issue Oct 19, 2022 · 1 comment
Closed

x/vuln/client: implement sanity check on the return value of httpReadJSON #56333

hyangah opened this issue Oct 19, 2022 · 1 comment
Assignees
@tatianab
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned

Comments

@hyangah
Copy link
Contributor

hyangah commented Oct 19, 2022

From "TODO" in https://github.com/golang/vuln/blob/41df7bda74f30fac0cab688927dab16df2f938eb/client/client.go#L314-L315:

The basic check is desirable since json.Unmarshal is too generous and types like osv.Entry allows omitempty for many fields. Assume that the client is built with an old version of golang.org/x/vuln/client, and vuln.go.dev decided to serve a slightly different osv.Entry (e.g. https://go-review.googlesource.com/c/vuln/+/424375) for some unforeseen reasons. The cache may be polluted with incomplete data.
@hyangah hyangah added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Oct 19, 2022
@gopherbot gopherbot modified the milestones: Unreleased, vuln/unplanned Oct 19, 2022
@dr2chase dr2chase added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Oct 20, 2022
@tatianab
Copy link

tatianab commented Apr 4, 2023

Obsolete with re-design of client

@tatianab tatianab closed this as not planned Won't fix, can't repro, duplicate, stale Apr 4, 2023
@golang golang locked and limited conversation to collaborators Apr 3, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@tatianab tatianab

Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
vuln/unplanned
Development

No branches or pull requests
4 participants
@dr2chase @hyangah @tatianab @gopherbot