Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Different behaviour of vulnerable code and govulncheck #1564

Open
mkurzman opened this issue Aug 22, 2024 · 1 comment
Open

Different behaviour of vulnerable code and govulncheck #1564

mkurzman opened this issue Aug 22, 2024 · 1 comment
Assignees
@TG1999

Comments

@mkurzman
Copy link

Hi, I tried to reproduce the tutorial case from https://go.dev/doc/tutorial/govulncheck with golang.org/x/[email protected] but did not get a hit in VulnerableCode, even if I tried some variations to create the PURL as described in #749

On the other side, if I search by the CVE https://public.vulnerablecode.io/vulnerabilities/VCID-h89x-2eq9-aaar?search=CVE-2021-38561 the component is listed.
So VulnerableCode seems to have the information but for me it is unclear how I can access it using the PURL or at least fragments of the package name. Is there a way to search by "golang.org/x/text" to get "approximate" findings?

What would you recommend to reproduce the above mentioned tutorial with VulnerableCode?
@pombredanne
Copy link
Collaborator

@mkurzman Thanks for the report. This may not be entirely a bug as we have the code to collect Go vulnerabilities but we have not enabled this as an importer yet.

We should enable this shortly, and we will keep you posted here when this happens.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TG1999 TG1999

Labels
None yet
Projects
04-VulnerableCode Data Quality and next
Status: No status
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pombredanne @mkurzman @TG1999