Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: converge on symbol names for methods defined on aliased types #63132

Open
zpavlinovic opened this issue Sep 20, 2023 · 0 comments
Open

x/vulndb: converge on symbol names for methods defined on aliased types #63132

zpavlinovic opened this issue Sep 20, 2023 · 0 comments
Assignees
@zpavlinovic
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned

Comments

@zpavlinovic
Copy link
Contributor

zpavlinovic commented Sep 20, 2023
edited

Suppose there is an incoming database report for a vulnerability where the fix is patching the body of a method named Vuln :

func (b B) Vuln() {
   // ...
  + // fix
}

Manual vulnerability symbol extraction could likely add the symbol B.Vuln to the database.

But if the type B is defined as a type alias type B = A, the actual symbol name that govulncheck would see when encountering the method will be A.Vuln. In that case, govulncheck would miss the use of the vulnerable method.

@golang/vulndb
@zpavlinovic zpavlinovic added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Sep 20, 2023
@gopherbot gopherbot modified the milestones: Unreleased, vuln/unplanned Sep 20, 2023
@thanm thanm added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Sep 25, 2023
@zpavlinovic zpavlinovic self-assigned this Jan 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zpavlinovic zpavlinovic

Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
vuln/unplanned
Development

No branches or pull requests
3 participants
@zpavlinovic @gopherbot @thanm