Ron Desmond
Ron Desmond
We are seeing this issue and investigating
Shouldn't [this](https://github.com/knqyf263/go-rpmdb/blob/master/pkg/bdb/hash_page.go#L83) be part of the loop post statement? Otherwise the line mentioned by @daveharmon will cause an infinite loop. Alternatively, we can break out of the loop when we...
Seems like Jfrog has forked the library with a timeout fix: https://github.com/jfrog/go-rpmdb
The infinite loop is when it hits the `currentPage.PageType != OverflowPageType` condition, then continues without updating the loop variable or erroring out. The reason I did not modify the hash...
The other option is to add the loop update clause to before the `continue` statement: ``` if currentPage.PageType != OverflowPageType { currentPageNo = currentPage.NextPageNo continue } ```
Want to note that internally there's an interest in Vulnerable _File_ analysis for OS package manager scanning which is a bit easier to implement than function-based analysis. Since we move...
This is not a current plan for osv-scanner, but if file-based vulnerability reporting proves useful it may be added to Osv-scanner in the future.