-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
internal/scan: suggest earliest valid fixed version as the fix
Instead of the latest fix, suggest the earliest fixed version following the current version in use. One caveat is that, in theory, the earliest fix can also be vulnerable, e.g., a different symbol for the same vulnerability can be present at a different range that contains the earliest fix. We hence return the earliest fix for a module that is not subsumed by other vulnerable ranges for the same module. Fixes golang/go#62276 Change-Id: Idaa01c6d6e18cbc26f2b95ac745917f6a575cb9a Reviewed-on: https://go-review.googlesource.com/c/vuln/+/530679 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
- Loading branch information
1 parent
a67dfbc
commit 6987ccb
Showing
5 changed files
with
126 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters