Re: [go-nuts] Tool to check binaries for vulnerabilities

2022-04-19 Thread Michel Casabianca 
Thank you very much for your feedback. I have made a new 0.7.0 release 
including your suggestions 
: https://github.com/intercloud/gobinsec/releases/tag/0.7.0

Enjoy!
Le lundi 18 avril 2022 à 14:48:55 UTC+2, Michel Casabianca a écrit :

> Thank you very much for this feedback. I have made a pull request to use 
> debug/buildinfo.ReadFile as suggested: 
> https://github.com/intercloud/gobinsec/pull/7
>
> This is far better than calling go on command line.
>
> Best regards
>
>
> Le vendredi 15 avril 2022 à 11:11:09 UTC+2, se...@liao.dev a écrit :
>
>> If you only need to target 1.18+, you can use `debug/buildinfo.ReadFile` 
>> which doesn't require shelling out to go
>>
>>
>> On Fri, Apr 15, 2022 at 7:03 AM Zhaoxun Yan  wrote:
>>
>>> That sounds great! Thanks.
>>>
>>> 在2022年4月15日星期五 UTC+8 05:55:27 写道:
>>>
 On Thu, 2022-04-14 at 03:05 -0700, Michel Casabianca wrote: 
 > Any comment and contribution welcome. 

 Can I suggest that you use golang.org/x/sys/execabs rather than 
 os/exec 
 in ExecCommand? 


 -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "golang-nuts" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to golang-nuts...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/golang-nuts/454f35cf-6599-4fc1-9dd2-602137d58cb6n%40googlegroups.com
>>>  
>>> 
>>> .
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/e53bbe72-5cd4-475c-9c56-5e88e79928bcn%40googlegroups.com.

Re: [go-nuts] Tool to check binaries for vulnerabilities

2022-04-18 Thread Michel Casabianca 
Thank you very much for this feedback. I have made a pull request to use 
debug/buildinfo.ReadFile as 
suggested: https://github.com/intercloud/gobinsec/pull/7

This is far better than calling go on command line.

Best regards

Le vendredi 15 avril 2022 à 11:11:09 UTC+2, se...@liao.dev a écrit :

> If you only need to target 1.18+, you can use `debug/buildinfo.ReadFile` 
> which doesn't require shelling out to go
>
>
> On Fri, Apr 15, 2022 at 7:03 AM Zhaoxun Yan  wrote:
>
>> That sounds great! Thanks.
>>
>> 在2022年4月15日星期五 UTC+8 05:55:27 写道:
>>
>>> On Thu, 2022-04-14 at 03:05 -0700, Michel Casabianca wrote: 
>>> > Any comment and contribution welcome. 
>>>
>>> Can I suggest that you use golang.org/x/sys/execabs rather than os/exec 
>>> in ExecCommand? 
>>>
>>>
>>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "golang-nuts" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to golang-nuts...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/golang-nuts/454f35cf-6599-4fc1-9dd2-602137d58cb6n%40googlegroups.com
>>  
>> 
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/e2e74443-acb3-4e49-a850-8a18a0b7bc35n%40googlegroups.com.

Re: [go-nuts] Tool to check binaries for vulnerabilities

2022-04-18 Thread Michel Casabianca 
Thank you for your feedback. Nevertheless, I don't call go anymore using 
debug/buildinfo.ReadFile, as suggested by another feedback below.

Le jeudi 14 avril 2022 à 23:55:27 UTC+2, kortschak a écrit :

> On Thu, 2022-04-14 at 03:05 -0700, Michel Casabianca wrote:
> > Any comment and contribution welcome.
>
> Can I suggest that you use golang.org/x/sys/execabs rather than os/exec
> in ExecCommand?
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/7cd44e90-2e0c-40e2-8d7e-421be73656e5n%40googlegroups.com.

Re: [go-nuts] Tool to check binaries for vulnerabilities

2022-04-15 Thread 'Sean Liao' via golang-nuts 
If you only need to target 1.18+, you can use `debug/buildinfo.ReadFile`
which doesn't require shelling out to go


On Fri, Apr 15, 2022 at 7:03 AM Zhaoxun Yan  wrote:

> That sounds great! Thanks.
>
> 在2022年4月15日星期五 UTC+8 05:55:27 写道:
>
>> On Thu, 2022-04-14 at 03:05 -0700, Michel Casabianca wrote:
>> > Any comment and contribution welcome.
>>
>> Can I suggest that you use golang.org/x/sys/execabs rather than os/exec
>> in ExecCommand?
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/454f35cf-6599-4fc1-9dd2-602137d58cb6n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/CAGabyPpo-HZgSLDNFU_fTrj%2BoMpCj2ePcUQWK3sGkFX_BZfG8w%40mail.gmail.com.

Re: [go-nuts] Tool to check binaries for vulnerabilities

2022-04-14 Thread Zhaoxun Yan 
That sounds great! Thanks.

在2022年4月15日星期五 UTC+8 05:55:27 写道:

> On Thu, 2022-04-14 at 03:05 -0700, Michel Casabianca wrote:
> > Any comment and contribution welcome.
>
> Can I suggest that you use golang.org/x/sys/execabs rather than os/exec
> in ExecCommand?
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/454f35cf-6599-4fc1-9dd2-602137d58cb6n%40googlegroups.com.

Re: [go-nuts] Tool to check binaries for vulnerabilities

2022-04-14 Thread 'Dan Kortschak' via golang-nuts 
On Thu, 2022-04-14 at 03:05 -0700, Michel Casabianca wrote:
> Any comment and contribution welcome.

Can I suggest that you use golang.org/x/sys/execabs rather than os/exec
in ExecCommand?


-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/23893aa067930681ed084b09fee6b14a9e1a14b4.camel%40kortschak.io.

[go-nuts] Tool to check binaries for vulnerabilities

2022-04-14 Thread Michel Casabianca 
Hello Gophers,

We, at Intercloud, have developed a tool to check dependencies embedded in 
Go binaries. It first lists dependencies running "go version -m mybinary", 
then it looks for vulnerabilities in NVD online database (at 
https://nvd.nist.gov/).

This tool is open source and available at 
https://github.com/intercloud/gobinsec.

Any comment and contribution welcome.

Enjoy!

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/4bf78f56-f44e-4921-97b8-d9512141fbffn%40googlegroups.com.