[mirror] the database client and tools for the Go vulnerability database

The Go Vulnerability Database golang.org/x/vulndb

This repository is a prototype of the Go Vulnerability Database. Read the Draft Design.

Neither the code, nor the data, nor the existence of this repository is to be considered stable until an approved proposal.

Important: vulnerability entries in this repository are represented in an internal, unstable format that can and will change without notice.

Consuming database entries

Database clients must not rely on the contents of this repository. Instead, they can access the tree of JSON entries rooted at

https://storage.googleapis.com/go-vulndb/

An index.json file maps module paths to last modified timestamps (link).

For each module, a NAME.json file contains a list of vulnerability entries (example).

Note that this path and format are provisional and likely to change until an approved proposal.

Packages

Some of these packages can probably be coalesced, but for now are easier to work on in a more segmented fashion.

  • osv provides a package for generating OSV-style JSON vulnerability entries from a report.Report
  • client contains a client for accessing HTTP/fs based vulnerability databases, as well as a minimal caching implementation
  • cmd/dbdiff provides a tool for comparing two different versions of the vulnerability database
  • cmd/gendb provides a tool for converting YAML reports into JSON database
  • cmd/linter provides a tool for linting individual reports
  • cmd/report2cve provides a tool for converting YAML reports into JSON CVEs

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries available at https://storage.googleapis.com/go-vulndb/ are distributed under the terms of the CC-BY 4.0 license.

Owner
Go
The Go Programming Language
Go
https://github.com/golang/vuln
Similar Resources

Scan database/sql rows directly to structs, slices, and primitive types

Scan Scan standard lib database rows directly to structs or slices. For the most comprehensive and up-to-date docs see the godoc Examples Multiple Row

Dec 28, 2022

Go package providing simple database and server interfaces for the CSV files produced by the sfomuseum/go-libraryofcongress package

Go package providing simple database and server interfaces for the CSV files produced by the sfomuseum/go-libraryofcongress package

go-libraryofcongress-database Go package providing simple database and server interfaces for the CSV files produced by the sfomuseum/go-libraryofcongr

Oct 29, 2021

A go Library for scan database/sql rows to struct、slice、other types. And it support multiple databases connection management

ploto A go Library for scan database/sql rows to struct、slice、other types. And it support multiple databases connection management It's not an ORM. wo

Nov 3, 2022

CRUD API example is written in Go using net/http package and MySQL database.

CRUD API example is written in Go using net/http package and MySQL database.

GoCrudBook CRUD API example is written in Go using net/http package and MySQL database. Requirements Go MySQL Code Editor Project Structure GoCrudBook

Dec 10, 2022

Web-based, zero-config, dependency-free database schema change and version control tool for teams

Web-based, zero-config, dependency-free database schema change and version control tool for teams

Live Demo • Install • Help • Development • Design Doc Bytebase is a web-based, zero-config, dependency-free database schema change and version control

Jan 1, 2023

A proxy is database proxy that de-identifies PII for PostgresDB and MySQL

Surf Surf is a database proxy that is capable of de-identifying PII and anonymizing sentive data fields. Supported databases include Postgres, MySQL,

Dec 14, 2021

Lightweight SQL database written in Go for prototyping and playing with text (CSV, JSON) data

gopicosql Lightweight SQL database written in Go for prototyping and playing wit

Jul 27, 2022

Jobbuzz - Brunei job search database and alert notification

JobBuzz Brunei open source job search database and alert notification Developmen

Jul 30, 2022

Interactive client for PostgreSQL and MySQL

Interactive client for PostgreSQL and MySQL

dblab Interactive client for PostgreSQL and MySQL. Overview dblab is a fast and lightweight interactive terminal based UI application for PostgreSQL a

Jan 8, 2023
Comments
  • vulncheck: cache executable symbols in a map

    vulncheck: cache executable symbols in a map

    Currently, lookupSymbol for the various executable formats is implemented in terms of a linear search. This is inefficient and makes govulncheck not scale on larger binaries.

    You can test this with a large binary. I took the main binary from StackRox Scanner:

    $ docker export "$(docker create quay.io/stackrox-io/scanner:3.72.0)" | tar -C /tmp -x scanner

    On my machine (MacOS, Intel Core i9 8x2.4GHz), the results are the following:

    $ time /tmp/govulncheck-orig /tmp/scanner
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
[...]
real    19m7.105s
user    21m4.712s
sys     1m50.733s

    With this patch, it looks vastly different:

    $ time /tmp/govulncheck-patched /tmp/scanner
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
[...]
real    0m2.315s
user    0m0.307s
sys     0m0.126s

    Note: I ran experiments only for ELF binaries; however, I do not see a reason why PE and Mach-O executables should have substantially fewer symbols, so it should have a similar effect there.

  • Un-shadow err variable when reading binary

    Un-shadow err variable when reading binary

    The call to os.Open was shadowing the err variable, so the result of gvc.Binary wasn't checked. If something does go wrong, it segfaults in printText because res is nil.

Related tags
Database tools vuln
Database - Example project of database realization using drivers and models

database Golang based database realization Description Example project of databa

Feb 10, 2022
Devcloud-go provides a sql-driver for mysql which named devspore driver and a redis client which named devspore client,

Devcloud-go Devcloud-go provides a sql-driver for mysql which named devspore driver and a redis client which named devspore client, you can use them w

Jun 9, 2022
A Go rest API project that is following solid and common principles and is connected to local MySQL database.
 A Go rest API project that is following solid and common principles and is connected to local MySQL database.

This is an intermediate-level go project that running with a project structure optimized RESTful API service in Go. API's of that project is designed based on solid and common principles and connected to the local MySQL database.

Dec 25, 2022
An observability database aims to ingest, analyze and store Metrics, Tracing and Logging data.
 An observability database aims to ingest, analyze and store Metrics, Tracing and Logging data.

BanyanDB BanyanDB, as an observability database, aims to ingest, analyze and store Metrics, Tracing and Logging data. It's designed to handle observab

Dec 31, 2022
Database Access Layer for Golang - Testable, Extendable and Crafted Into a Clean and Elegant API

REL Modern Database Access Layer for Golang. REL is golang orm-ish database layer for layered architecture. It's testable and comes with its own test

Dec 29, 2022
🏋️ dbbench is a simple database benchmarking tool which supports several databases and own scripts

dbbench Table of Contents Description Example Installation Supported Databases Usage Custom Scripts Troubeshooting Development Acknowledgements Descri

Dec 30, 2022
Additions to Go's database/sql for super fast performance and convenience.

gocraft/dbr (database records) gocraft/dbr provides additions to Go's database/sql for super fast performance and convenience. $ go get -u github.com/

Jan 1, 2023
Database migrations. CLI and Golang library.

migrate Database migrations written in Go. Use as CLI or import as library. Migrate reads migrations from sources and applies them in correct order to

Jan 9, 2023
Library for scanning data from a database into Go structs and more

scany Overview Go favors simplicity, and it's pretty common to work with a database via driver directly without any ORM. It provides great control and

Jan 9, 2023
Interactive terminal user interface and CLI for database connections. MySQL, PostgreSQL. More to come.
 Interactive terminal user interface and CLI for database connections. MySQL, PostgreSQL. More to come.

?? dbui dbui is the terminal user interface and CLI for database connections. It provides features like, Connect to multiple data sources and instance

Jan 5, 2023