data/reports: add missing derived symbols
Change-Id: Ie705b1546eba530e75e27c65610ef58a7f96bbb2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/581797
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
diff --git a/data/osv/GO-2021-0054.json b/data/osv/GO-2021-0054.json
index d21929c..b0bfada 100644
--- a/data/osv/GO-2021-0054.json
+++ b/data/osv/GO-2021-0054.json
@@ -33,7 +33,12 @@
{
"path": "github.com/tidwall/gjson",
"symbols": [
+ "Get",
+ "GetBytes",
+ "GetMany",
+ "GetManyBytes",
"Result.ForEach",
+ "Result.Get",
"unwrap"
]
}
diff --git a/data/osv/GO-2021-0072.json b/data/osv/GO-2021-0072.json
index af6ea39..d44b2dd 100644
--- a/data/osv/GO-2021-0072.json
+++ b/data/osv/GO-2021-0072.json
@@ -33,6 +33,7 @@
{
"path": "github.com/docker/distribution/registry/handlers",
"symbols": [
+ "App.ServeHTTP",
"NewApp",
"blobUploadHandler.PatchBlobData",
"blobUploadHandler.PutBlobUploadComplete",
diff --git a/data/osv/GO-2022-0463.json b/data/osv/GO-2022-0463.json
index 1a062b1..44ac73a 100644
--- a/data/osv/GO-2022-0463.json
+++ b/data/osv/GO-2022-0463.json
@@ -329,7 +329,9 @@
"adminController.QpsIndex",
"adminController.TaskStatus",
"beegoAppConfig.Bool",
- "beegoAppConfig.DefaultBool"
+ "beegoAppConfig.DefaultBool",
+ "beegoAppConfig.SaveConfigFile",
+ "beegoAppConfig.Unmarshaler"
]
}
]
diff --git a/data/osv/GO-2022-0569.json b/data/osv/GO-2022-0569.json
index 5905720..ca54b2b 100644
--- a/data/osv/GO-2022-0569.json
+++ b/data/osv/GO-2022-0569.json
@@ -327,7 +327,9 @@
"adminController.QpsIndex",
"adminController.TaskStatus",
"beegoAppConfig.Bool",
- "beegoAppConfig.DefaultBool"
+ "beegoAppConfig.DefaultBool",
+ "beegoAppConfig.SaveConfigFile",
+ "beegoAppConfig.Unmarshaler"
]
}
]
diff --git a/data/osv/GO-2022-0572.json b/data/osv/GO-2022-0572.json
index 40cb040..054893c 100644
--- a/data/osv/GO-2022-0572.json
+++ b/data/osv/GO-2022-0572.json
@@ -280,7 +280,9 @@
"adminController.QpsIndex",
"adminController.TaskStatus",
"beegoAppConfig.Bool",
- "beegoAppConfig.DefaultBool"
+ "beegoAppConfig.DefaultBool",
+ "beegoAppConfig.SaveConfigFile",
+ "beegoAppConfig.Unmarshaler"
]
}
]
diff --git a/data/osv/GO-2022-0621.json b/data/osv/GO-2022-0621.json
index 63e18c4..f70576d 100644
--- a/data/osv/GO-2022-0621.json
+++ b/data/osv/GO-2022-0621.json
@@ -35,6 +35,7 @@
{
"path": "k8s.io/kube-state-metrics/internal/store",
"symbols": [
+ "Builder.Build",
"kubeAnnotationsToPrometheusLabels"
]
}
diff --git a/data/osv/GO-2022-0968.json b/data/osv/GO-2022-0968.json
index bdca12f..55ccc31 100644
--- a/data/osv/GO-2022-0968.json
+++ b/data/osv/GO-2022-0968.json
@@ -37,6 +37,14 @@
"NewClientConn",
"NewServerConn",
"chacha20Poly1305Cipher.readCipherPacket",
+ "curve25519sha256.Client",
+ "curve25519sha256.Server",
+ "dhGEXSHA.Client",
+ "dhGEXSHA.Server",
+ "dhGroup.Client",
+ "dhGroup.Server",
+ "ecdh.Client",
+ "ecdh.Server",
"gcmCipher.readCipherPacket"
]
}
diff --git a/data/osv/GO-2023-2000.json b/data/osv/GO-2023-2000.json
index 610d8c6..8f61a22 100644
--- a/data/osv/GO-2023-2000.json
+++ b/data/osv/GO-2023-2000.json
@@ -48,6 +48,9 @@
"GenerateKeyPair",
"GenerateKeyPairWithReader",
"GenerateRSAKeyPair",
+ "PublicKeyFromProto",
+ "UnmarshalPrivateKey",
+ "UnmarshalPublicKey",
"UnmarshalRsaPrivateKey",
"UnmarshalRsaPublicKey"
]
diff --git a/data/osv/GO-2023-2017.json b/data/osv/GO-2023-2017.json
index 817fe0c..1a65faf 100644
--- a/data/osv/GO-2023-2017.json
+++ b/data/osv/GO-2023-2017.json
@@ -45,6 +45,9 @@
{
"path": "github.com/weaviate/weaviate/adapters/handlers/rest",
"symbols": [
+ "Server.ConfigureAPI",
+ "Server.Serve",
+ "Server.SetAPI",
"handleUnbatchedGraphQLRequest"
]
}
diff --git a/data/osv/GO-2023-2402.json b/data/osv/GO-2023-2402.json
index 0f4c5fe..9a296da 100644
--- a/data/osv/GO-2023-2402.json
+++ b/data/osv/GO-2023-2402.json
@@ -69,6 +69,14 @@
"channel.WriteExtended",
"connectionState.readPacket",
"connectionState.writePacket",
+ "curve25519sha256.Client",
+ "curve25519sha256.Server",
+ "dhGEXSHA.Client",
+ "dhGEXSHA.Server",
+ "dhGroup.Client",
+ "dhGroup.Server",
+ "ecdh.Client",
+ "ecdh.Server",
"extChannel.Read",
"extChannel.Write",
"handshakeTransport.enterKeyExchange",
diff --git a/data/reports/GO-2021-0054.yaml b/data/reports/GO-2021-0054.yaml
index 4f84fbe..dac217f 100644
--- a/data/reports/GO-2021-0054.yaml
+++ b/data/reports/GO-2021-0054.yaml
@@ -9,7 +9,12 @@
symbols:
- unwrap
derived_symbols:
+ - Get
+ - GetBytes
+ - GetMany
+ - GetManyBytes
- Result.ForEach
+ - Result.Get
summary: Panic due to improper input validation in ForEach in github.com/tidwall/gjson
description: |-
Due to improper bounds checking, maliciously crafted JSON objects can cause an
diff --git a/data/reports/GO-2021-0072.yaml b/data/reports/GO-2021-0072.yaml
index f663ca3..9c7541e 100644
--- a/data/reports/GO-2021-0072.yaml
+++ b/data/reports/GO-2021-0072.yaml
@@ -11,6 +11,7 @@
symbols:
- copyFullPayload
derived_symbols:
+ - App.ServeHTTP
- NewApp
- blobUploadHandler.PatchBlobData
- blobUploadHandler.PutBlobUploadComplete
diff --git a/data/reports/GO-2022-0463.yaml b/data/reports/GO-2022-0463.yaml
index 923a297..ce72dd4 100644
--- a/data/reports/GO-2022-0463.yaml
+++ b/data/reports/GO-2022-0463.yaml
@@ -266,6 +266,8 @@
- adminController.TaskStatus
- beegoAppConfig.Bool
- beegoAppConfig.DefaultBool
+ - beegoAppConfig.SaveConfigFile
+ - beegoAppConfig.Unmarshaler
summary: |-
Access control bypass due to broad route matching in github.com/beego/beego and
beego/v2
diff --git a/data/reports/GO-2022-0569.yaml b/data/reports/GO-2022-0569.yaml
index 8ac875f..22b5978 100644
--- a/data/reports/GO-2022-0569.yaml
+++ b/data/reports/GO-2022-0569.yaml
@@ -265,6 +265,8 @@
- adminController.TaskStatus
- beegoAppConfig.Bool
- beegoAppConfig.DefaultBool
+ - beegoAppConfig.SaveConfigFile
+ - beegoAppConfig.Unmarshaler
summary: Path traversal in github.com/beego/beego and beego/v2
description: |-
The leafInfo.match() function uses path.join() to deal with wildcard values
diff --git a/data/reports/GO-2022-0572.yaml b/data/reports/GO-2022-0572.yaml
index 3d7a365..f40a147 100644
--- a/data/reports/GO-2022-0572.yaml
+++ b/data/reports/GO-2022-0572.yaml
@@ -219,6 +219,8 @@
- adminController.TaskStatus
- beegoAppConfig.Bool
- beegoAppConfig.DefaultBool
+ - beegoAppConfig.SaveConfigFile
+ - beegoAppConfig.Unmarshaler
summary: |-
Access control bypass via incorrect route lookup in github.com/beego/beego and
beego/v2
diff --git a/data/reports/GO-2022-0621.yaml b/data/reports/GO-2022-0621.yaml
index 418ff04..6d9b44f 100644
--- a/data/reports/GO-2022-0621.yaml
+++ b/data/reports/GO-2022-0621.yaml
@@ -9,6 +9,8 @@
- package: k8s.io/kube-state-metrics/internal/store
symbols:
- kubeAnnotationsToPrometheusLabels
+ derived_symbols:
+ - Builder.Build
summary: Exposure of sensitive information in k8s.io/kube-state-metrics
description: |-
Exposing annotations as metrics can leak secrets.
diff --git a/data/reports/GO-2022-0968.yaml b/data/reports/GO-2022-0968.yaml
index 03411ef..22e9600 100644
--- a/data/reports/GO-2022-0968.yaml
+++ b/data/reports/GO-2022-0968.yaml
@@ -13,6 +13,14 @@
- Dial
- NewClientConn
- NewServerConn
+ - curve25519sha256.Client
+ - curve25519sha256.Server
+ - dhGEXSHA.Client
+ - dhGEXSHA.Server
+ - dhGroup.Client
+ - dhGroup.Server
+ - ecdh.Client
+ - ecdh.Server
summary: Panic on malformed packets in golang.org/x/crypto/ssh
description: |-
Unauthenticated clients can cause a panic in SSH servers.
diff --git a/data/reports/GO-2023-2000.yaml b/data/reports/GO-2023-2000.yaml
index a1776f6..badecd8 100644
--- a/data/reports/GO-2023-2000.yaml
+++ b/data/reports/GO-2023-2000.yaml
@@ -17,6 +17,9 @@
derived_symbols:
- GenerateKeyPair
- GenerateKeyPairWithReader
+ - PublicKeyFromProto
+ - UnmarshalPrivateKey
+ - UnmarshalPublicKey
summary: Large RSA keys can cause high resource usage in github.com/libp2p/go-libp2p
description: |-
Large RSA keys can lead to resource exhaustion attacks.
diff --git a/data/reports/GO-2023-2017.yaml b/data/reports/GO-2023-2017.yaml
index 03a1626..7e3b728 100644
--- a/data/reports/GO-2023-2017.yaml
+++ b/data/reports/GO-2023-2017.yaml
@@ -12,6 +12,10 @@
- package: github.com/weaviate/weaviate/adapters/handlers/rest
symbols:
- handleUnbatchedGraphQLRequest
+ derived_symbols:
+ - Server.ConfigureAPI
+ - Server.Serve
+ - Server.SetAPI
summary: Denial of service vulnerability in github.com/weaviate/weaviate
description: |-
A type conversion issue in Weaviate may allow a remote attack that would cause a
diff --git a/data/reports/GO-2023-2402.yaml b/data/reports/GO-2023-2402.yaml
index 908cf4e..0b05202 100644
--- a/data/reports/GO-2023-2402.yaml
+++ b/data/reports/GO-2023-2402.yaml
@@ -49,6 +49,14 @@
- channel.SendRequest
- channel.Write
- channel.WriteExtended
+ - curve25519sha256.Client
+ - curve25519sha256.Server
+ - dhGEXSHA.Client
+ - dhGEXSHA.Server
+ - dhGroup.Client
+ - dhGroup.Server
+ - ecdh.Client
+ - ecdh.Server
- extChannel.Read
- extChannel.Write
- mux.OpenChannel
