x/vuln: remove unaffected symbols from json output in binary mode #59698

julieqiu · 2023-04-18T22:06:55Z

For example, for GO-2021-0054, the callstacks shouldn't be present:

https://github.com/golang/vuln/blob/22f32fddd8a17e19dcc6bfc82d3d6f2863ce8748/cmd/govulncheck/testdata/binaryjson.ct#L285-L298

since this vulnerability is not called:

https://github.com/golang/vuln/blob/22f32fddd8a17e19dcc6bfc82d3d6f2863ce8748/cmd/govulncheck/testdata/source.ct#L45

The text was updated successfully, but these errors were encountered:

julieqiu · 2023-04-18T23:18:37Z

Discussed with @zpavlinovic - in binary mode, we cannot know with certainty which symbols are called, so all symbols present in the binary are present. Unused code can be pulled in by the linker for performance reasons, and there is no way for us to figure that the method is not used. Closing this issue.

julieqiu added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Apr 18, 2023

julieqiu added this to the vuln/v0.2.0 milestone Apr 18, 2023

julieqiu closed this as completed Apr 18, 2023

golang locked and limited conversation to collaborators Apr 17, 2024

gopherbot added the FrozenDueToAge label Apr 17, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vuln: remove unaffected symbols from json output in binary mode #59698

x/vuln: remove unaffected symbols from json output in binary mode #59698

julieqiu commented Apr 18, 2023

julieqiu commented Apr 18, 2023

x/vuln: remove unaffected symbols from json output in binary mode #59698

x/vuln: remove unaffected symbols from json output in binary mode #59698

Comments

julieqiu commented Apr 18, 2023

julieqiu commented Apr 18, 2023