x/vulndb: converge on symbol names for methods defined on aliased types #63132
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
vulncheck or vulndb
Issues for the x/vuln or x/vulndb repo
Milestone
Suppose there is an incoming database report for a vulnerability where the fix is patching the body of a method named
Vuln
:Manual vulnerability symbol extraction could likely add the symbol
B.Vuln
to the database.But if the type
B
is defined as a type aliastype B = A
, the actual symbol name that govulncheck would see when encountering the method will beA.Vuln
. In that case, govulncheck would miss the use of the vulnerable method.@golang/vulndb
The text was updated successfully, but these errors were encountered: