Ross SpencerNov 22, 2016

Key :: Value Access Language (KVAL) for BoltDB and Golang


by @beet_keeper

With some forced downtime as the effects of the Kaikōura earthquake are felt here on the North Island, with the shutdown of Archives New Zealand, what better way to spend it than creating a new grammar and parser for key-value databases? I have spent the last few weeks developing a specification for a Key-Value Access Language (KVAL) and implementing a binding for it for Golang’s BoltDB. I hope it will be of interest to folks, but let’s take a look at it in more detail below.

Continue reading “Key :: Value Access Language (KVAL) for BoltDB and Golang”

#API #Bolt #BoltDB #Database #Go #Golang #KeyValueAccessLanguage #KeyValueStore #KVAL #Libraries

Howard Chu @ SymasFeb 13, 2025

#BoltDB is a Go rewrite of #LMDB (mostly; it has a lot more limitations). It's no longer maintained. Since 2021 some forks had a backdoor giving remote command access to machines.

https://snyk.io/blog/go-malicious-package-alert/

All of this is inconceivable for LMDB, since it has no other dependencies. Also, the thought of an embedded DB engine having access to any networking APIs at all is just mindboggling.

The Go build system, and its automatic pulling of dependencies from github, is ludicrous.

#golang

Do not pass GO - Malicious Package Alert | Snyk

Recently, researchers have found another Software Supply Chain issue in BoltDB, a popular database tool in the Go programming environment. The BoltDB Go Module was found backdoored and contained hidden malicious code.

Snyk
st1nger  🏴‍☠️  Feb 8, 2025
#Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence - a backdoored typosquat of #BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years. https://socket.dev/blog/malicious-package-exploits-go-module-proxy-caching-for-persistence
Go Supply Chain Attack: Malicious Package Exploits Go Module...

Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.

Socket
Go Time ⏰Aug 11, 2023

That time when a decision @benbjohnson made “a decade ago” in #BoltDB took down #Roblox for three days 🙀 #golang #consul #kubernetes

🎥 https://youtube.com/shorts/kA0EajPfAP0?feature=share

TFW a decision you made a decade ago takes down Roblox 🙀 #podcast #softwareengineering #golang

YouTube
Tim  Oct 21, 2020

replaced an in-memory map in a Golang project with BoltDB. Pretty simple transition, surprisingly.

#golang #boltdb #programming