Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide per-method hashes #36

Open
fweimer opened this issue Aug 4, 2014 · 1 comment
Open

Provide per-method hashes #36

fweimer opened this issue Aug 4, 2014 · 1 comment
Labels
enhancement

Comments

@fweimer
Copy link
Contributor

fweimer commented Aug 4, 2014

It is desirable to compute per-method hashes. This would allow to better pin-point vulnerable code, and reduce the risk somewhat that unrelated modifications obscure the presence of a vulnerable method because the hash does not match any known-vulnerable class anymore.
@abn abn added the enhancement label Aug 9, 2014
@abn
Copy link
Member

abn commented Aug 9, 2014

This is a good optional feature to have and will be implemented as an optional extension in a future release of the library.

However, do note that while this valuable for extended applications of the victims fingerprinting mechanism, this information for vulnerable artifacts will not be provided by the EVD database itself. Upstream projects, mostly, do not release one-off patches and isolating security patches from one release to another is not something that is reliably automatable as thing stand.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@abn @fweimer