Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

internal/report/human: add fingerprint, split resource rows #91

Merged
merged 3 commits into from
Aug 9, 2024
Merged

internal/report/human: add fingerprint, split resource rows #91

merged 3 commits into from
Aug 9, 2024

Conversation

jroimartin
Copy link
Contributor

This PR implements two changes in Lava's human-readable output:

  • Show vulnerability fingerprint, so it is easier to exclude
    vulnerabilities by this criteria.
  • Split resource rows with hyphens, so it is easier to read the
    resource tables.

Before,

=== [GO-2021-0113] Out-of-bounds read in golang.org/x/text/language (HIGH) ===

TARGET
/home/n/tmp/govulncheck-test/

AFFECTED RESOURCE
Module golang.org/x/[email protected] at sub1/go.mod:1

DESCRIPTION
Out-of-bounds read in golang.org/x/text/language

DETAILS
Your code calls vulnerable functions in 1 package (golang.org/x/text/language).

RECOMMENDATIONS
- Visit the linked references for more details.

REFERENCES
- https://pkg.go.dev/vuln/GO-2021-0113

RESOURCES
- A summarized code flow for vulnerable function golang.org/x/text/language.Parse:
  module: sub1@
  location: %SRCROOT%/main.go:12:29
  function: sub1.main
  module: golang.org/x/[email protected]
  location: %GOMODCACHE%/golang.org/x/[email protected]/language/parse.go:33:6
  function: golang.org/x/text/language.Parse

After,

=== [GO-2021-0113] Out-of-bounds read in golang.org/x/text/language (HIGH) ===

TARGET
/home/n/tmp/govulncheck-test/

AFFECTED RESOURCE
Module golang.org/x/[email protected] at sub1/go.mod:1

FINGERPRINT
30832915d775c6f522564e815d0322facca4598bf72427ad5c93281026b351a6

DESCRIPTION
Out-of-bounds read in golang.org/x/text/language

DETAILS
Your code calls vulnerable functions in 1 package (golang.org/x/text/language).

RECOMMENDATIONS
- Visit the linked references for more details.

REFERENCES
- https://pkg.go.dev/vuln/GO-2021-0113

RESOURCES
- A summarized code flow for vulnerable function golang.org/x/text/language.Parse:
  - module: sub1@
    location: %SRCROOT%/main.go:12:29
    function: sub1.main
  - module: golang.org/x/[email protected]
    location: %GOMODCACHE%/golang.org/x/[email protected]/language/parse.go:33:6
    function: golang.org/x/text/language.Parse

@jroimartin jroimartin requested a review from danfaizer August 9, 2024 09:14
@jroimartin jroimartin merged commit 64b49d0 into main Aug 9, 2024
6 checks passed
@jroimartin jroimartin deleted the human-output branch August 9, 2024 09:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danfaizer danfaizer danfaizer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jroimartin @danfaizer