src/cmd/go/testdata/script/mod_sum_absent.txt - go.git - Git at Google

 # When the sumdb returns a response which does not
 # include a sum for the requested module,
 # we should report an error.
 # Verifies CVE-2026-42501.
 env sumdb=$GOSUMDB
 env proxy=$GOPROXY
 env GOPROXY GONOPROXY GOSUMDB GONOSUMDB

 # /sumdb-redirect/ causes the sumdb to return /lookup/ responses
 # for rsc.io/quote@v1.0.0, not for the requested module.
 env GOSUMDB=$sumdb' '$proxy/sumdb-redirect/rsc.io/quote@v1.0.0:

 ! go get rsc.io/fortune@v1.0.0
 stderr 'SECURITY ERROR'
 ! grep rsc.io go.sum
 -- go.mod --
 module m
	# When the sumdb returns a response which does not
	# include a sum for the requested module,
	# we should report an error.
	# Verifies CVE-2026-42501.
	env sumdb=$GOSUMDB
	env proxy=$GOPROXY
	env GOPROXY GONOPROXY GOSUMDB GONOSUMDB

	# /sumdb-redirect/ causes the sumdb to return /lookup/ responses
	# for rsc.io/quote@v1.0.0, not for the requested module.
	env GOSUMDB=$sumdb' '$proxy/sumdb-redirect/rsc.io/quote@v1.0.0:

	! go get rsc.io/fortune@v1.0.0
	stderr 'SECURITY ERROR'
	! grep rsc.io go.sum
	-- go.mod --
	module m