Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/pkgsite: migrate to v1 vulnerability database #58928

Closed
tatianab opened this issue Mar 8, 2023 · 5 comments
Closed

x/pkgsite: migrate to v1 vulnerability database #58928

tatianab opened this issue Mar 8, 2023 · 5 comments
Assignees
@tatianab
Labels
pkgsite vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
pkgsite/backlog

Comments

@tatianab
Copy link

tatianab commented Mar 8, 2023

No description provided.

@tatianab tatianab added pkgsite vulncheck or vulndb Issues for the x/vuln or x/vulndb repo labels Mar 8, 2023
@tatianab tatianab self-assigned this Mar 8, 2023
@gopherbot gopherbot added this to the Unreleased milestone Mar 8, 2023
@gopherbot
Copy link

Change https://go.dev/cl/474255 mentions this issue: internal/frontend, internal/vulns: isolate references to x/vuln repo

@gopherbot
Copy link

Change https://go.dev/cl/474537 mentions this issue: internal/frontend, internal/vuln: replace getVulnEntries with vuln.Client

gopherbot pushed a commit to golang/pkgsite that referenced this issue Mar 8, 2023
@tatianab
internal/frontend, internal/vulns: isolate references to x/vuln repo
0817681 
No-op refactor to move all code that depends on x/vuln to the
internal/vuln (renamed from internal/vulns) package. This will allow
us to more easily remove the dependency, as a part of the migration to
the v1 database schema.

For golang/go#58928

Change-Id: Ic8ac2377832d8e4a2a6afbb42729a7e10553665c
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/474255
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: kokoro <noreply+kokoro@google.com>
@hyangah hyangah modified the milestones: Unreleased, pkgsite/later Mar 8, 2023
gopherbot pushed a commit to golang/pkgsite that referenced this issue Mar 9, 2023
@tatianab
internal/frontend, internal/vuln: replace getVulnEntries with vuln.Cl…
8e09d06 
…ient

Instead of passing around a function, getVulnEntries, pass the actual
vuln client and call it directly.

Update the TestClient to implement the GetByModules function so that
tests can use it.

The purpose of this change is to further isolate calls to the vulndb
Client to the internal/vuln package, and to make the code easier to
understand by removing a function parameter.

For golang/go#58928

Change-Id: I8bef528034a1caa44b99da2f185990338ec9cd5f
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/474537
Reviewed-by: Jamal Carvalho <jamal@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: kokoro <noreply+kokoro@google.com>
@gopherbot
Copy link

Change https://go.dev/cl/476555 mentions this issue: internal/vuln: add support for v1 vulndb client

@gopherbot
Copy link

Change https://go.dev/cl/477015 mentions this issue: add newSource and newClient functions

@gopherbot
Copy link

Change https://go.dev/cl/476556 mentions this issue: cmd/frontend, internal/vuln: add vulndb v1 experiment

gopherbot pushed a commit to golang/pkgsite that referenced this issue Mar 28, 2023
@tatianab
internal/vuln: add support for v1 vulndb client
d8df22d 
Add a new client struct, clientV1, that can read from Go vulnerability
databases in the new v1 format. clientV1 implements the internal "client"
interface, and will eventually be renamed to simply Client, and
completely replace the existing Client type.

The clientV1 struct contains a "source" interface. The source interface
is used to read raw JSON data from a given endpoint. The implemented sources
are an HTTP source, used to read from the actual database, and directory
and in-memory sources used for testing.

This struct and its methods are implemented and tested in this change,
but not yet used outside of testing.

For golang/go#58928

Change-Id: Icd4491aeb98a7f7e3bf10301c71ec620cf5cdea8
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/476555
TryBot-Result: kokoro <noreply+kokoro@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
gopherbot pushed a commit to golang/pkgsite that referenced this issue Mar 29, 2023
@tatianab
cmd/frontend, internal/vuln: add vulndb v1 experiment
42e3e5f 
Add an experiment, "vulndb-v1", which if active causes pkgsite to
read from the v1 vulnerability database instead of the legacy database.

The experiment is not yet enabled anywhere.

For golang/go#58928

Change-Id: I66d6a90fc2eb841ed674169c09ea36c957551f1b
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/476556
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: kokoro <noreply+kokoro@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
@julieqiu julieqiu modified the milestones: pkgsite/later, vuln/v0.1.0 Apr 7, 2023
@tatianab tatianab closed this as completed Jul 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tatianab tatianab

Labels
pkgsite vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
pkgsite/backlog
Development

No branches or pull requests
4 participants
@hyangah @julieqiu @tatianab @gopherbot