You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, I discovered a case where the test results for the same project were different.
Problem
In a Windows environment, there are cases where vulnerabilities cannot be discovered due to the autocrlf setting when checking out git.
Why is it a problem
This problem is caused by git's CRLF option, so it is not an OSV-Scanner issue.
However, since this is an option that can cause user error, I personally think that it should be supported regardless of LF / CRLF, or at least be specified in the documentation.
If used without knowing the settings, users may hastily conclude that OSV-Scanner does not find vulnerabilities.
Test Environment
OS
Windows 11 Pro 64-bit (10.0, Build 22621) (22621.ni_release.220506-1250)
Git Version
ersia@MINGW64 ~/source/Repos/test $ git --version git version 2.40.1.windows.1
Although the exact internal logic has not been analyzed, it is presumed that packages are searched based on hash values at the file and directory level.
At this time, it is expected that package search will not be possible because the hash value is different due to the autocrlf setting.
The text was updated successfully, but these errors were encountered:
Hi. Thank you for distributing such a great tool.
I checked out this post and did some testing on a few projects.
- https://osv.dev/blog/posts/introducing-broad-c-c++-support/
However, I discovered a case where the test results for the same project were different.
Problem
In a Windows environment, there are cases where vulnerabilities cannot be discovered due to the autocrlf setting when checking out git.
Why is it a problem
This problem is caused by git's CRLF option, so it is not an OSV-Scanner issue.
However, since this is an option that can cause user error, I personally think that it should be supported regardless of LF / CRLF, or at least be specified in the documentation.
If used without knowing the settings, users may hastily conclude that OSV-Scanner does not find vulnerabilities.
Test Environment
OS
Windows 11 Pro 64-bit (10.0, Build 22621) (22621.ni_release.220506-1250)
Git Version
ersia@MINGW64 ~/source/Repos/test $ git --version
git version 2.40.1.windows.1
OSV-Scanner Version
ersia@MINGW64 ~/source/Repos/test $ osv-scanner.exe -v
osv-scanner version: 1.4.3
commit: 6316373
built at: 2023-11-02T00:53:14Z
Issue testing
Windows CRLF
Linux LF
Probable cause
Although the exact internal logic has not been analyzed, it is presumed that packages are searched based on hash values at the file and directory level.
At this time, it is expected that package search will not be possible because the hash value is different due to the autocrlf setting.
The text was updated successfully, but these errors were encountered: