tests: add screentests for vuln pages
Using a vulndb snapshot as testdata, added screentests that run
only in CI for vuln pages. Because regular updates are made to
the vulndb, these tests are not deterministic for non CI runs.
Change-Id: I5aed1b350a13065cd7e45e100de1a9ba5123c2a5
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/431175
TryBot-Result: kokoro <noreply+kokoro@google.com>
Run-TryBot: Jamal Carvalho <jamal@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Hyang-Ah Hana Kim <hyangah@gmail.com>
diff --git a/devtools/docker/compose.yaml b/devtools/docker/compose.yaml
index b793a0a..55f234e 100644
--- a/devtools/docker/compose.yaml
+++ b/devtools/docker/compose.yaml
@@ -14,6 +14,7 @@
GO_DISCOVERY_CONFIG_DYNAMIC:
GO_DISCOVERY_LOG_LEVEL: ${GO_DISCOVERY_LOG_LEVEL:-info}
GO_DISCOVERY_SERVE_STATS: "true"
+ GO_DISCOVERY_VULN_DB:
services:
allbash:
diff --git a/tests/README.md b/tests/README.md
index 89e3716..55eedb1 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -82,6 +82,12 @@
postgres database, frontend, and headless chrome, and runs the screentest using
headless chrome.
+Tests in `./tests/screentest/testcases.ci.txt` run only for CI runs of the
+screentest. These tests may rely on mocked data, like the vuln page tests.
+Tests in `./tests/screentest/testcases.txt` run for all environments and
+are suitable for tests with data that is consistent between environments or
+static pages.
+
### Understanding Test Failures
If the tests fail with diffs, a file with the diffs will be created in the
diff --git a/tests/screentest/run.sh b/tests/screentest/run.sh
index 7c91a03..629a675 100755
--- a/tests/screentest/run.sh
+++ b/tests/screentest/run.sh
@@ -128,9 +128,12 @@
local cmd="screentest $concurrency $debugger_url $vars $update $testfile"
if [[ "$env" = ci ]]; then
+ testfile="'tests/screentest/testcases.*'"
+ cmd="screentest $concurrency $debugger_url $vars $update $testfile"
export GO_DISCOVERY_CONFIG_DYNAMIC="tests/screentest/config.yaml"
export GO_DISCOVERY_DATABASE_NAME="discovery_e2e_test"
export GO_DISCOVERY_SEED_DB_FILE="tests/screentest/seed.txt"
+ export GO_DISCOVERY_VULN_DB="file://tests/screentest/testdata/vulndb"
if [ "$seeddb" = true ]; then
dcompose run --rm seeddb
fi
diff --git a/tests/screentest/testcases.ci.txt b/tests/screentest/testcases.ci.txt
new file mode 100644
index 0000000..723c107
--- /dev/null
+++ b/tests/screentest/testcases.ci.txt
@@ -0,0 +1,30 @@
+windowsize 1536x960
+compare {{.Origin}}::cache {{.Origin}}
+output tests/screentest/testdata/ci
+# Prevent dynamic readme bages from rendering
+block https://codecov.io/* https://travis-ci.com/*
+
+test vuln
+pathname /vuln/
+capture fullscreen
+capture fullscreen 540x1080
+
+test vuln list
+pathname /vuln/list
+capture fullscreen
+capture fullscreen 540x1080
+
+test vuln entry
+pathname /vuln/GO-2022-0463
+capture fullscreen
+capture fullscreen 540x1080
+
+test vuln stdlib module
+pathname /archive/zip@go1.16.4
+capture viewport
+capture viewport 540x1080
+
+test vuln toolchain module
+pathname /cmd/go@go1.15.0
+capture viewport
+capture viewport 540x1080
diff --git a/tests/screentest/testdata/ci/vuln-540x1080.a.png b/tests/screentest/testdata/ci/vuln-540x1080.a.png
new file mode 100644
index 0000000..c437c47
--- /dev/null
+++ b/tests/screentest/testdata/ci/vuln-540x1080.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln-entry-540x1080.a.png b/tests/screentest/testdata/ci/vuln-entry-540x1080.a.png
new file mode 100644
index 0000000..fd84600
--- /dev/null
+++ b/tests/screentest/testdata/ci/vuln-entry-540x1080.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln-entry.a.png b/tests/screentest/testdata/ci/vuln-entry.a.png
new file mode 100644
index 0000000..2326448
--- /dev/null
+++ b/tests/screentest/testdata/ci/vuln-entry.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln-list-540x1080.a.png b/tests/screentest/testdata/ci/vuln-list-540x1080.a.png
new file mode 100644
index 0000000..e1498c7
--- /dev/null
+++ b/tests/screentest/testdata/ci/vuln-list-540x1080.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln-list.a.png b/tests/screentest/testdata/ci/vuln-list.a.png
new file mode 100644
index 0000000..eb8bf03
--- /dev/null
+++ b/tests/screentest/testdata/ci/vuln-list.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln-stdlib-module-540x1080.a.png b/tests/screentest/testdata/ci/vuln-stdlib-module-540x1080.a.png
new file mode 100644
index 0000000..4df6d15
--- /dev/null
+++ b/tests/screentest/testdata/ci/vuln-stdlib-module-540x1080.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln-stdlib-module.a.png b/tests/screentest/testdata/ci/vuln-stdlib-module.a.png
new file mode 100644
index 0000000..2290d5f
--- /dev/null
+++ b/tests/screentest/testdata/ci/vuln-stdlib-module.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln-toolchain-module-540x1080.a.png b/tests/screentest/testdata/ci/vuln-toolchain-module-540x1080.a.png
new file mode 100644
index 0000000..ce71b52
--- /dev/null
+++ b/tests/screentest/testdata/ci/vuln-toolchain-module-540x1080.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln-toolchain-module.a.png b/tests/screentest/testdata/ci/vuln-toolchain-module.a.png
new file mode 100644
index 0000000..fedc48e
--- /dev/null
+++ b/tests/screentest/testdata/ci/vuln-toolchain-module.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln.a.png b/tests/screentest/testdata/ci/vuln.a.png
new file mode 100644
index 0000000..64dc206
--- /dev/null
+++ b/tests/screentest/testdata/ci/vuln.a.png
Binary files differ
diff --git a/tests/screentest/testdata/vulndb/ID/GO-2021-0157.json b/tests/screentest/testdata/vulndb/ID/GO-2021-0157.json
new file mode 100644
index 0000000..3862d70
--- /dev/null
+++ b/tests/screentest/testdata/vulndb/ID/GO-2021-0157.json
@@ -0,0 +1 @@
+{"id":"GO-2021-0157","published":"2022-01-05T20:00:00Z","modified":"2022-08-29T16:50:59Z","aliases":["CVE-2015-5739"],"details":"The MIME header parser treated spaces and hyphens\nas equivalent, which can permit HTTP request smuggling.\n","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.4.3"}]}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0157"},"ecosystem_specific":{"imports":[{"path":"net/textproto","symbols":["CanonicalMIMEHeaderKey","canonicalMIMEHeaderKey"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/11772"},{"type":"FIX","url":"https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9"},{"type":"REPORT","url":"https://go.dev/issue/53035"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ"}]}
diff --git a/tests/screentest/testdata/vulndb/ID/GO-2021-0159.json b/tests/screentest/testdata/vulndb/ID/GO-2021-0159.json
new file mode 100644
index 0000000..edb0189
--- /dev/null
+++ b/tests/screentest/testdata/vulndb/ID/GO-2021-0159.json
@@ -0,0 +1 @@
+{"id":"GO-2021-0159","published":"2022-01-05T21:39:14Z","modified":"2022-08-29T16:50:59Z","aliases":["CVE-2015-5739","CVE-2015-5740","CVE-2015-5741"],"details":"HTTP headers were not properly parsed, which allows remote attackers to\nconduct HTTP request smuggling attacks via a request that contains\nContent-Length and Transfer-Encoding header fields.\n","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.4.3"}]}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0159"},"ecosystem_specific":{"imports":[{"path":"net/http","symbols":["CanonicalMIMEHeaderKey","body.readLocked","canonicalMIMEHeaderKey","chunkWriter.writeHeader","fixLength","fixTransferEncoding","readTransfer","transferWriter.shouldSendContentLength","validHeaderFieldByte"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/13148"},{"type":"FIX","url":"https://go.googlesource.com/go/+/26049f6f9171d1190f3bbe05ec304845cfe6399f"},{"type":"FIX","url":"https://go.dev/cl/11772"},{"type":"FIX","url":"https://go.dev/cl/11810"},{"type":"FIX","url":"https://go.dev/cl/12865"},{"type":"FIX","url":"https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9"},{"type":"FIX","url":"https://go.googlesource.com/go/+/300d9a21583e7cf0149a778a0611e76ff7c6680f"},{"type":"FIX","url":"https://go.googlesource.com/go/+/c2db5f4ccc61ba7df96a747e268a277b802cbb87"},{"type":"REPORT","url":"https://go.dev/issue/12027"},{"type":"REPORT","url":"https://go.dev/issue/11930"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ"}]}
diff --git a/tests/screentest/testdata/vulndb/ID/GO-2022-0463.json b/tests/screentest/testdata/vulndb/ID/GO-2022-0463.json
new file mode 100644
index 0000000..8ef8bf6
--- /dev/null
+++ b/tests/screentest/testdata/vulndb/ID/GO-2022-0463.json
@@ -0,0 +1,293 @@
+{
+ "id": "GO-2022-0463",
+ "published": "2022-07-01T20:06:59Z",
+ "modified": "2022-08-19T22:21:47Z",
+ "aliases": [
+ "CVE-2022-31259",
+ "GHSA-qx32-f6g6-fcfr"
+ ],
+ "details": "Routes in the beego HTTP router can match unintended patterns.\nThis overly-broad matching may permit an attacker to bypass access\ncontrols.\n\nFor example, the pattern \"/a/b/:name\" can match the URL \"/a.xml/b/\".\nThis may bypass access control applied to the prefix \"/a/\".\n",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/beego/beego",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.12.9"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0463"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/beego/beego",
+ "symbols": [
+ "App.Run",
+ "ControllerRegister.FindPolicy",
+ "ControllerRegister.FindRouter",
+ "ControllerRegister.ServeHTTP",
+ "FilterRouter.ValidRouter",
+ "InitBeegoBeforeTest",
+ "Run",
+ "RunWithMiddleWares",
+ "TestBeegoInit",
+ "Tree.Match",
+ "Tree.match",
+ "adminApp.Run"
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "package": {
+ "name": "github.com/beego/beego/v2",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "2.0.3"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0463"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/beego/beego/v2/server/web",
+ "symbols": [
+ "AddNamespace",
+ "Any",
+ "AutoPrefix",
+ "AutoRouter",
+ "Compare",
+ "CompareNot",
+ "Controller.Bind",
+ "Controller.BindForm",
+ "Controller.BindXML",
+ "Controller.BindYAML",
+ "Controller.GetSecureCookie",
+ "Controller.ParseForm",
+ "Controller.Render",
+ "Controller.RenderBytes",
+ "Controller.RenderString",
+ "Controller.Resp",
+ "Controller.SaveToFile",
+ "Controller.ServeFormatted",
+ "Controller.ServeXML",
+ "Controller.ServeYAML",
+ "Controller.SetSecureCookie",
+ "Controller.Trace",
+ "Controller.URLFor",
+ "Controller.XMLResp",
+ "Controller.XSRFFormHTML",
+ "Controller.XSRFToken",
+ "Controller.YamlResp",
+ "ControllerRegister.Add",
+ "ControllerRegister.AddAuto",
+ "ControllerRegister.AddAutoPrefix",
+ "ControllerRegister.AddMethod",
+ "ControllerRegister.AddRouterMethod",
+ "ControllerRegister.Any",
+ "ControllerRegister.CtrlAny",
+ "ControllerRegister.CtrlDelete",
+ "ControllerRegister.CtrlGet",
+ "ControllerRegister.CtrlHead",
+ "ControllerRegister.CtrlOptions",
+ "ControllerRegister.CtrlPatch",
+ "ControllerRegister.CtrlPost",
+ "ControllerRegister.CtrlPut",
+ "ControllerRegister.Delete",
+ "ControllerRegister.FindPolicy",
+ "ControllerRegister.FindRouter",
+ "ControllerRegister.Get",
+ "ControllerRegister.Handler",
+ "ControllerRegister.Head",
+ "ControllerRegister.Include",
+ "ControllerRegister.Init",
+ "ControllerRegister.InsertFilter",
+ "ControllerRegister.Options",
+ "ControllerRegister.Patch",
+ "ControllerRegister.Post",
+ "ControllerRegister.Put",
+ "ControllerRegister.ServeHTTP",
+ "ControllerRegister.URLFor",
+ "CtrlAny",
+ "CtrlDelete",
+ "CtrlGet",
+ "CtrlHead",
+ "CtrlOptions",
+ "CtrlPatch",
+ "CtrlPost",
+ "CtrlPut",
+ "Date",
+ "DateParse",
+ "Delete",
+ "Exception",
+ "ExecuteTemplate",
+ "ExecuteViewPathTemplate",
+ "FilterRouter.ValidRouter",
+ "FlashData.Error",
+ "FlashData.Notice",
+ "FlashData.Set",
+ "FlashData.Store",
+ "FlashData.Success",
+ "FlashData.Warning",
+ "Get",
+ "GetConfig",
+ "HTML2str",
+ "Handler",
+ "Head",
+ "Htmlquote",
+ "Htmlunquote",
+ "HttpServer.Any",
+ "HttpServer.AutoPrefix",
+ "HttpServer.AutoRouter",
+ "HttpServer.CtrlAny",
+ "HttpServer.CtrlDelete",
+ "HttpServer.CtrlGet",
+ "HttpServer.CtrlHead",
+ "HttpServer.CtrlOptions",
+ "HttpServer.CtrlPatch",
+ "HttpServer.CtrlPost",
+ "HttpServer.CtrlPut",
+ "HttpServer.Delete",
+ "HttpServer.Get",
+ "HttpServer.Handler",
+ "HttpServer.Head",
+ "HttpServer.Include",
+ "HttpServer.InsertFilter",
+ "HttpServer.Options",
+ "HttpServer.Patch",
+ "HttpServer.Post",
+ "HttpServer.PrintTree",
+ "HttpServer.Put",
+ "HttpServer.RESTRouter",
+ "HttpServer.Router",
+ "HttpServer.RouterWithOpts",
+ "HttpServer.Run",
+ "Include",
+ "InitBeegoBeforeTest",
+ "InsertFilter",
+ "LoadAppConfig",
+ "MapGet",
+ "Namespace.Any",
+ "Namespace.AutoPrefix",
+ "Namespace.AutoRouter",
+ "Namespace.Cond",
+ "Namespace.CtrlAny",
+ "Namespace.CtrlDelete",
+ "Namespace.CtrlGet",
+ "Namespace.CtrlHead",
+ "Namespace.CtrlOptions",
+ "Namespace.CtrlPatch",
+ "Namespace.CtrlPost",
+ "Namespace.CtrlPut",
+ "Namespace.Delete",
+ "Namespace.Filter",
+ "Namespace.Get",
+ "Namespace.Handler",
+ "Namespace.Head",
+ "Namespace.Include",
+ "Namespace.Namespace",
+ "Namespace.Options",
+ "Namespace.Patch",
+ "Namespace.Post",
+ "Namespace.Put",
+ "Namespace.Router",
+ "NewControllerRegister",
+ "NewControllerRegisterWithCfg",
+ "NewHttpServerWithCfg",
+ "NewHttpSever",
+ "NewNamespace",
+ "NotNil",
+ "Options",
+ "ParseForm",
+ "Patch",
+ "Policy",
+ "Post",
+ "PrintTree",
+ "Put",
+ "RESTRouter",
+ "ReadFromRequest",
+ "RenderForm",
+ "Router",
+ "RouterWithOpts",
+ "Run",
+ "RunWithMiddleWares",
+ "TestBeegoInit",
+ "Tree.AddRouter",
+ "Tree.AddTree",
+ "Tree.Match",
+ "Tree.match",
+ "URLFor",
+ "URLMap.GetMap",
+ "URLMap.GetMapData",
+ "adminApp.Run",
+ "adminController.AdminIndex",
+ "adminController.Healthcheck",
+ "adminController.ListConf",
+ "adminController.ProfIndex",
+ "adminController.PrometheusMetrics",
+ "adminController.QpsIndex",
+ "adminController.TaskStatus",
+ "beegoAppConfig.Bool",
+ "beegoAppConfig.DefaultBool"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "FIX",
+ "url": "https://github.com/beego/beego/pull/4958"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/beego/beego/commit/64cf44d725c8cc35d782327d333df9cbeb1bf2dd"
+ },
+ {
+ "type": "WEB",
+ "url": "https://beego.vip"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/beego/beego/issues/4946"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/beego/beego/pull/4954"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31259"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/advisories/GHSA-qx32-f6g6-fcfr"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/screentest/testdata/vulndb/ID/GO-2022-0569.json b/tests/screentest/testdata/vulndb/ID/GO-2022-0569.json
new file mode 100644
index 0000000..8ddee7f
--- /dev/null
+++ b/tests/screentest/testdata/vulndb/ID/GO-2022-0569.json
@@ -0,0 +1,94 @@
+{
+ "id": "GO-2022-0569",
+ "published": "2022-08-23T13:24:17Z",
+ "modified": "2022-08-23T13:24:17Z",
+ "aliases": [
+ "CVE-2022-31836",
+ "GHSA-95f9-94vc-665h"
+ ],
+ "details": "The leafInfo.match() function uses path.join()\nto deal with wildcard values which can lead to cross directory risk.\n",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/beego/beego",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.12.11"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0569"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/beego/beego",
+ "symbols": [
+ "Tree.Match"
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "package": {
+ "name": "github.com/beego/beego/v2",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "2.0.0"
+ },
+ {
+ "fixed": "2.0.4"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0569"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/beego/beego/v2/server/web",
+ "symbols": [
+ "Tree.Match"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "FIX",
+ "url": "https://github.com/beego/beego/pull/5025"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/beego/beego/pull/5025/commits/ea5ae58d40589d249cf577a053e490509de2bf57"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31836"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/advisories/GHSA-95f9-94vc-665h"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/screentest/testdata/vulndb/ID/GO-2022-0572.json b/tests/screentest/testdata/vulndb/ID/GO-2022-0572.json
new file mode 100644
index 0000000..88202ef
--- /dev/null
+++ b/tests/screentest/testdata/vulndb/ID/GO-2022-0572.json
@@ -0,0 +1,91 @@
+{
+ "id": "GO-2022-0572",
+ "published": "2022-08-22T17:56:17Z",
+ "modified": "2022-08-23T19:54:38Z",
+ "aliases": [
+ "CVE-2021-30080",
+ "GHSA-28r6-jm5h-mrgg"
+ ],
+ "details": "An issue was discovered in the route lookup process in\nbeego which attackers to bypass access control.\n",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/beego/beego",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0572"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/beego/beego",
+ "symbols": [
+ "Tree.Match"
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "package": {
+ "name": "github.com/beego/beego/v2",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "2.0.0"
+ },
+ {
+ "fixed": "2.0.3"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0572"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/beego/beego/v2/server/web",
+ "symbols": [
+ "Tree.Match"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "FIX",
+ "url": "https://github.com/beego/beego/pull/4459"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/beego/beego/commit/d5df5e470d0a8ed291930ae802fd7e6b95226519"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30080"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/advisories/GHSA-28r6-jm5h-mrgg"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/screentest/testdata/vulndb/ID/index.json b/tests/screentest/testdata/vulndb/ID/index.json
new file mode 100644
index 0000000..fab23cf
--- /dev/null
+++ b/tests/screentest/testdata/vulndb/ID/index.json
@@ -0,0 +1,5 @@
+[
+ "GO-2022-0463",
+ "GO-2022-0569",
+ "GO-2022-0572"
+]
diff --git a/tests/screentest/testdata/vulndb/aliases.json b/tests/screentest/testdata/vulndb/aliases.json
new file mode 100644
index 0000000..2ba6987
--- /dev/null
+++ b/tests/screentest/testdata/vulndb/aliases.json
@@ -0,0 +1,1204 @@
+{
+ "CVE-2013-10005": [
+ "GO-2020-0024"
+ ],
+ "CVE-2014-125026": [
+ "GO-2020-0022"
+ ],
+ "CVE-2014-7189": [
+ "GO-2021-0154"
+ ],
+ "CVE-2014-8681": [
+ "GO-2020-0021"
+ ],
+ "CVE-2015-10004": [
+ "GO-2020-0023"
+ ],
+ "CVE-2015-1340": [
+ "GO-2021-0071"
+ ],
+ "CVE-2015-5305": [
+ "GO-2022-0701"
+ ],
+ "CVE-2015-5739": [
+ "GO-2021-0157",
+ "GO-2021-0159"
+ ],
+ "CVE-2015-5740": [
+ "GO-2021-0159"
+ ],
+ "CVE-2015-5741": [
+ "GO-2021-0159"
+ ],
+ "CVE-2015-8618": [
+ "GO-2021-0160"
+ ],
+ "CVE-2016-15005": [
+ "GO-2020-0045"
+ ],
+ "CVE-2016-3697": [
+ "GO-2021-0070"
+ ],
+ "CVE-2016-3958": [
+ "GO-2021-0163"
+ ],
+ "CVE-2016-3959": [
+ "GO-2022-0166"
+ ],
+ "CVE-2016-5386": [
+ "GO-2022-0761"
+ ],
+ "CVE-2016-9121": [
+ "GO-2020-0010"
+ ],
+ "CVE-2016-9122": [
+ "GO-2020-0011",
+ "GO-2022-0945"
+ ],
+ "CVE-2016-9123": [
+ "GO-2020-0009"
+ ],
+ "CVE-2017-1000097": [
+ "GO-2022-0171"
+ ],
+ "CVE-2017-1000098": [
+ "GO-2021-0172"
+ ],
+ "CVE-2017-11468": [
+ "GO-2021-0072"
+ ],
+ "CVE-2017-11480": [
+ "GO-2022-0643"
+ ],
+ "CVE-2017-15041": [
+ "GO-2022-0177"
+ ],
+ "CVE-2017-15042": [
+ "GO-2021-0178"
+ ],
+ "CVE-2017-15133": [
+ "GO-2020-0006"
+ ],
+ "CVE-2017-17831": [
+ "GO-2021-0073"
+ ],
+ "CVE-2017-18367": [
+ "GO-2020-0007"
+ ],
+ "CVE-2017-20146": [
+ "GO-2020-0020"
+ ],
+ "CVE-2017-3204": [
+ "GO-2020-0013"
+ ],
+ "CVE-2017-8932": [
+ "GO-2022-0187"
+ ],
+ "CVE-2018-1103": [
+ "GO-2020-0026"
+ ],
+ "CVE-2018-12018": [
+ "GO-2021-0075"
+ ],
+ "CVE-2018-14632": [
+ "GO-2021-0076"
+ ],
+ "CVE-2018-16873": [
+ "GO-2022-0189"
+ ],
+ "CVE-2018-16874": [
+ "GO-2022-0190"
+ ],
+ "CVE-2018-16875": [
+ "GO-2022-0191"
+ ],
+ "CVE-2018-16886": [
+ "GO-2021-0077"
+ ],
+ "CVE-2018-17075": [
+ "GO-2021-0078"
+ ],
+ "CVE-2018-17142": [
+ "GO-2022-0192"
+ ],
+ "CVE-2018-17143": [
+ "GO-2022-0193"
+ ],
+ "CVE-2018-17419": [
+ "GO-2020-0028"
+ ],
+ "CVE-2018-17846": [
+ "GO-2020-0014"
+ ],
+ "CVE-2018-17847": [
+ "GO-2022-0197"
+ ],
+ "CVE-2018-17848": [
+ "GO-2022-0197"
+ ],
+ "CVE-2018-18206": [
+ "GO-2021-0079"
+ ],
+ "CVE-2018-21246": [
+ "GO-2020-0043"
+ ],
+ "CVE-2018-25046": [
+ "GO-2020-0025"
+ ],
+ "CVE-2018-6558": [
+ "GO-2020-0027"
+ ],
+ "CVE-2018-6574": [
+ "GO-2022-0201"
+ ],
+ "CVE-2018-7187": [
+ "GO-2022-0203"
+ ],
+ "CVE-2019-0210": [
+ "GO-2021-0101"
+ ],
+ "CVE-2019-10214": [
+ "GO-2021-0081"
+ ],
+ "CVE-2019-10223": [
+ "GO-2022-0621"
+ ],
+ "CVE-2019-11250": [
+ "GO-2021-0065"
+ ],
+ "CVE-2019-11254": [
+ "GO-2020-0036"
+ ],
+ "CVE-2019-11289": [
+ "GO-2021-0102"
+ ],
+ "CVE-2019-11840": [
+ "GO-2022-0209"
+ ],
+ "CVE-2019-11939": [
+ "GO-2021-0082"
+ ],
+ "CVE-2019-12496": [
+ "GO-2021-0083"
+ ],
+ "CVE-2019-13209": [
+ "GO-2022-0755"
+ ],
+ "CVE-2019-14809": [
+ "GO-2022-0211"
+ ],
+ "CVE-2019-16276": [
+ "GO-2022-0212"
+ ],
+ "CVE-2019-16354": [
+ "GO-2021-0084"
+ ],
+ "CVE-2019-16884": [
+ "GO-2021-0085"
+ ],
+ "CVE-2019-17110": [
+ "GO-2022-0621"
+ ],
+ "CVE-2019-17596": [
+ "GO-2022-0213"
+ ],
+ "CVE-2019-19619": [
+ "GO-2021-0086"
+ ],
+ "CVE-2019-19794": [
+ "GO-2020-0008"
+ ],
+ "CVE-2019-19921": [
+ "GO-2021-0087"
+ ],
+ "CVE-2019-20786": [
+ "GO-2020-0038"
+ ],
+ "CVE-2019-25072": [
+ "GO-2020-0037"
+ ],
+ "CVE-2019-25073": [
+ "GO-2020-0032"
+ ],
+ "CVE-2019-3564": [
+ "GO-2021-0088"
+ ],
+ "CVE-2019-6486": [
+ "GO-2022-0217"
+ ],
+ "CVE-2019-9512": [
+ "GO-2022-0536"
+ ],
+ "CVE-2019-9514": [
+ "GO-2022-0536"
+ ],
+ "CVE-2019-9634": [
+ "GO-2022-0220"
+ ],
+ "CVE-2020-0601": [
+ "GO-2022-0535"
+ ],
+ "CVE-2020-10675": [
+ "GO-2021-0089"
+ ],
+ "CVE-2020-12666": [
+ "GO-2020-0039"
+ ],
+ "CVE-2020-14039": [
+ "GO-2021-0223"
+ ],
+ "CVE-2020-14040": [
+ "GO-2020-0015"
+ ],
+ "CVE-2020-15091": [
+ "GO-2021-0090"
+ ],
+ "CVE-2020-15106": [
+ "GO-2020-0005"
+ ],
+ "CVE-2020-15111": [
+ "GO-2021-0091",
+ "GO-2021-0108"
+ ],
+ "CVE-2020-15112": [
+ "GO-2020-0005"
+ ],
+ "CVE-2020-15216": [
+ "GO-2020-0050"
+ ],
+ "CVE-2020-15222": [
+ "GO-2021-0092",
+ "GO-2021-0110"
+ ],
+ "CVE-2020-15223": [
+ "GO-2021-0109"
+ ],
+ "CVE-2020-15586": [
+ "GO-2021-0224"
+ ],
+ "CVE-2020-16845": [
+ "GO-2021-0142"
+ ],
+ "CVE-2020-24553": [
+ "GO-2021-0226"
+ ],
+ "CVE-2020-25614": [
+ "GO-2020-0048"
+ ],
+ "CVE-2020-26160": [
+ "GO-2020-0017"
+ ],
+ "CVE-2020-26242": [
+ "GO-2021-0103"
+ ],
+ "CVE-2020-26264": [
+ "GO-2021-0063"
+ ],
+ "CVE-2020-26265": [
+ "GO-2021-0105"
+ ],
+ "CVE-2020-26290": [
+ "GO-2020-0050"
+ ],
+ "CVE-2020-26521": [
+ "GO-2022-0402"
+ ],
+ "CVE-2020-26892": [
+ "GO-2022-0380"
+ ],
+ "CVE-2020-27813": [
+ "GO-2020-0019"
+ ],
+ "CVE-2020-27846": [
+ "GO-2021-0058"
+ ],
+ "CVE-2020-27847": [
+ "GO-2020-0050"
+ ],
+ "CVE-2020-28362": [
+ "GO-2021-0069"
+ ],
+ "CVE-2020-28366": [
+ "GO-2022-0475"
+ ],
+ "CVE-2020-28367": [
+ "GO-2022-0476"
+ ],
+ "CVE-2020-28483": [
+ "GO-2020-0029",
+ "GO-2021-0052"
+ ],
+ "CVE-2020-29242": [
+ "GO-2021-0097"
+ ],
+ "CVE-2020-29243": [
+ "GO-2021-0097"
+ ],
+ "CVE-2020-29244": [
+ "GO-2021-0097"
+ ],
+ "CVE-2020-29245": [
+ "GO-2021-0097"
+ ],
+ "CVE-2020-29509": [
+ "GO-2021-0060"
+ ],
+ "CVE-2020-29529": [
+ "GO-2021-0094"
+ ],
+ "CVE-2020-29652": [
+ "GO-2021-0227"
+ ],
+ "CVE-2020-35380": [
+ "GO-2021-0059"
+ ],
+ "CVE-2020-35381": [
+ "GO-2021-0057"
+ ],
+ "CVE-2020-36066": [
+ "GO-2022-0957"
+ ],
+ "CVE-2020-36067": [
+ "GO-2021-0054"
+ ],
+ "CVE-2020-36559": [
+ "GO-2020-0033"
+ ],
+ "CVE-2020-36560": [
+ "GO-2020-0034"
+ ],
+ "CVE-2020-36561": [
+ "GO-2020-0035"
+ ],
+ "CVE-2020-36562": [
+ "GO-2020-0040"
+ ],
+ "CVE-2020-36563": [
+ "GO-2020-0047"
+ ],
+ "CVE-2020-36564": [
+ "GO-2020-0049"
+ ],
+ "CVE-2020-36565": [
+ "GO-2021-0051"
+ ],
+ "CVE-2020-36566": [
+ "GO-2021-0106"
+ ],
+ "CVE-2020-36567": [
+ "GO-2020-0001"
+ ],
+ "CVE-2020-36568": [
+ "GO-2020-0003"
+ ],
+ "CVE-2020-36569": [
+ "GO-2020-0004"
+ ],
+ "CVE-2020-7664": [
+ "GO-2021-0228"
+ ],
+ "CVE-2020-7667": [
+ "GO-2020-0042"
+ ],
+ "CVE-2020-7668": [
+ "GO-2020-0041"
+ ],
+ "CVE-2020-7711": [
+ "GO-2020-0046"
+ ],
+ "CVE-2020-7919": [
+ "GO-2022-0229"
+ ],
+ "CVE-2020-8564": [
+ "GO-2021-0066"
+ ],
+ "CVE-2020-8565": [
+ "GO-2021-0064"
+ ],
+ "CVE-2020-8568": [
+ "GO-2022-0629"
+ ],
+ "CVE-2020-8911": [
+ "GO-2022-0646"
+ ],
+ "CVE-2020-8918": [
+ "GO-2021-0095"
+ ],
+ "CVE-2020-8945": [
+ "GO-2020-0002",
+ "GO-2020-0031",
+ "GO-2021-0096"
+ ],
+ "CVE-2020-9283": [
+ "GO-2020-0012"
+ ],
+ "CVE-2021-20206": [
+ "GO-2022-0230"
+ ],
+ "CVE-2021-20291": [
+ "GO-2021-0100"
+ ],
+ "CVE-2021-20329": [
+ "GO-2021-0111",
+ "GO-2021-0112"
+ ],
+ "CVE-2021-21237": [
+ "GO-2021-0098"
+ ],
+ "CVE-2021-21272": [
+ "GO-2021-0099"
+ ],
+ "CVE-2021-22133": [
+ "GO-2022-0706"
+ ],
+ "CVE-2021-23409": [
+ "GO-2022-0233"
+ ],
+ "CVE-2021-23772": [
+ "GO-2022-0272"
+ ],
+ "CVE-2021-27918": [
+ "GO-2021-0234"
+ ],
+ "CVE-2021-27919": [
+ "GO-2021-0067"
+ ],
+ "CVE-2021-28681": [
+ "GO-2021-0104"
+ ],
+ "CVE-2021-29272": [
+ "GO-2022-0762"
+ ],
+ "CVE-2021-29482": [
+ "GO-2020-0016"
+ ],
+ "CVE-2021-30080": [
+ "GO-2022-0572"
+ ],
+ "CVE-2021-3114": [
+ "GO-2021-0235"
+ ],
+ "CVE-2021-3115": [
+ "GO-2021-0068"
+ ],
+ "CVE-2021-3121": [
+ "GO-2021-0053"
+ ],
+ "CVE-2021-3127": [
+ "GO-2022-0386"
+ ],
+ "CVE-2021-31525": [
+ "GO-2022-0236"
+ ],
+ "CVE-2021-32690": [
+ "GO-2022-0384"
+ ],
+ "CVE-2021-32721": [
+ "GO-2021-0237"
+ ],
+ "CVE-2021-33194": [
+ "GO-2021-0238"
+ ],
+ "CVE-2021-33195": [
+ "GO-2021-0239"
+ ],
+ "CVE-2021-33196": [
+ "GO-2021-0240"
+ ],
+ "CVE-2021-33197": [
+ "GO-2021-0241"
+ ],
+ "CVE-2021-33198": [
+ "GO-2021-0242"
+ ],
+ "CVE-2021-34558": [
+ "GO-2021-0243"
+ ],
+ "CVE-2021-3538": [
+ "GO-2020-0018",
+ "GO-2022-0244"
+ ],
+ "CVE-2021-3602": [
+ "GO-2022-0345"
+ ],
+ "CVE-2021-36221": [
+ "GO-2021-0245"
+ ],
+ "CVE-2021-3761": [
+ "GO-2022-0246"
+ ],
+ "CVE-2021-3762": [
+ "GO-2022-0346"
+ ],
+ "CVE-2021-38297": [
+ "GO-2022-0247"
+ ],
+ "CVE-2021-38561": [
+ "GO-2021-0113"
+ ],
+ "CVE-2021-3907": [
+ "GO-2022-0248"
+ ],
+ "CVE-2021-3910": [
+ "GO-2022-0251"
+ ],
+ "CVE-2021-3911": [
+ "GO-2022-0252"
+ ],
+ "CVE-2021-3912": [
+ "GO-2022-0253"
+ ],
+ "CVE-2021-39137": [
+ "GO-2022-0254"
+ ],
+ "CVE-2021-39293": [
+ "GO-2022-0273"
+ ],
+ "CVE-2021-41173": [
+ "GO-2022-0256"
+ ],
+ "CVE-2021-41230": [
+ "GO-2021-0258"
+ ],
+ "CVE-2021-41771": [
+ "GO-2021-0263"
+ ],
+ "CVE-2021-41772": [
+ "GO-2021-0264"
+ ],
+ "CVE-2021-42248": [
+ "GO-2021-0265"
+ ],
+ "CVE-2021-4235": [
+ "GO-2021-0061"
+ ],
+ "CVE-2021-4236": [
+ "GO-2021-0107"
+ ],
+ "CVE-2021-4238": [
+ "GO-2022-0411"
+ ],
+ "CVE-2021-4239": [
+ "GO-2022-0425"
+ ],
+ "CVE-2021-42576": [
+ "GO-2022-0588"
+ ],
+ "CVE-2021-42836": [
+ "GO-2021-0265"
+ ],
+ "CVE-2021-43784": [
+ "GO-2022-0274"
+ ],
+ "CVE-2021-44716": [
+ "GO-2022-0288"
+ ],
+ "CVE-2021-44717": [
+ "GO-2022-0289"
+ ],
+ "CVE-2021-46398": [
+ "GO-2022-0563"
+ ],
+ "CVE-2022-0317": [
+ "GO-2022-0294"
+ ],
+ "CVE-2022-1227": [
+ "GO-2022-0558"
+ ],
+ "CVE-2022-1705": [
+ "GO-2022-0525"
+ ],
+ "CVE-2022-1962": [
+ "GO-2022-0515"
+ ],
+ "CVE-2022-1996": [
+ "GO-2022-0619"
+ ],
+ "CVE-2022-21221": [
+ "GO-2022-0355"
+ ],
+ "CVE-2022-21235": [
+ "GO-2022-0414"
+ ],
+ "CVE-2022-21698": [
+ "GO-2022-0322"
+ ],
+ "CVE-2022-21708": [
+ "GO-2022-0300"
+ ],
+ "CVE-2022-23628": [
+ "GO-2022-0316"
+ ],
+ "CVE-2022-23772": [
+ "GO-2021-0317"
+ ],
+ "CVE-2022-23773": [
+ "GO-2022-0318"
+ ],
+ "CVE-2022-23806": [
+ "GO-2021-0319"
+ ],
+ "CVE-2022-24675": [
+ "GO-2022-0433"
+ ],
+ "CVE-2022-24778": [
+ "GO-2021-0412"
+ ],
+ "CVE-2022-24912": [
+ "GO-2022-0534"
+ ],
+ "CVE-2022-24921": [
+ "GO-2021-0347"
+ ],
+ "CVE-2022-24968": [
+ "GO-2021-0321",
+ "GO-2022-0370",
+ "GO-2022-0947"
+ ],
+ "CVE-2022-2582": [
+ "GO-2022-0391"
+ ],
+ "CVE-2022-2583": [
+ "GO-2022-0400"
+ ],
+ "CVE-2022-2584": [
+ "GO-2022-0422"
+ ],
+ "CVE-2022-25856": [
+ "GO-2022-0492"
+ ],
+ "CVE-2022-25891": [
+ "GO-2022-0528"
+ ],
+ "CVE-2022-26945": [
+ "GO-2022-0586"
+ ],
+ "CVE-2022-27191": [
+ "GO-2021-0356"
+ ],
+ "CVE-2022-27536": [
+ "GO-2022-0434"
+ ],
+ "CVE-2022-27651": [
+ "GO-2022-0417"
+ ],
+ "CVE-2022-28131": [
+ "GO-2022-0521"
+ ],
+ "CVE-2022-28327": [
+ "GO-2022-0435"
+ ],
+ "CVE-2022-28946": [
+ "GO-2022-0587"
+ ],
+ "CVE-2022-28948": [
+ "GO-2022-0603"
+ ],
+ "CVE-2022-29173": [
+ "GO-2022-0444"
+ ],
+ "CVE-2022-29189": [
+ "GO-2022-0461"
+ ],
+ "CVE-2022-29190": [
+ "GO-2022-0460"
+ ],
+ "CVE-2022-29222": [
+ "GO-2022-0462"
+ ],
+ "CVE-2022-29526": [
+ "GO-2022-0493"
+ ],
+ "CVE-2022-29804": [
+ "GO-2022-0533"
+ ],
+ "CVE-2022-29810": [
+ "GO-2022-0438"
+ ],
+ "CVE-2022-30321": [
+ "GO-2022-0586"
+ ],
+ "CVE-2022-30322": [
+ "GO-2022-0586"
+ ],
+ "CVE-2022-30323": [
+ "GO-2022-0586"
+ ],
+ "CVE-2022-30580": [
+ "GO-2022-0532"
+ ],
+ "CVE-2022-30629": [
+ "GO-2022-0531"
+ ],
+ "CVE-2022-30630": [
+ "GO-2022-0527"
+ ],
+ "CVE-2022-30631": [
+ "GO-2022-0524"
+ ],
+ "CVE-2022-30632": [
+ "GO-2022-0522"
+ ],
+ "CVE-2022-30633": [
+ "GO-2022-0523"
+ ],
+ "CVE-2022-30634": [
+ "GO-2022-0477"
+ ],
+ "CVE-2022-30635": [
+ "GO-2022-0526"
+ ],
+ "CVE-2022-3064": [
+ "GO-2022-0956"
+ ],
+ "CVE-2022-31022": [
+ "GO-2022-0470"
+ ],
+ "CVE-2022-31053": [
+ "GO-2022-0564"
+ ],
+ "CVE-2022-31145": [
+ "GO-2022-0519"
+ ],
+ "CVE-2022-31259": [
+ "GO-2022-0463"
+ ],
+ "CVE-2022-31836": [
+ "GO-2022-0569"
+ ],
+ "CVE-2022-32148": [
+ "GO-2022-0520"
+ ],
+ "CVE-2022-32189": [
+ "GO-2022-0537"
+ ],
+ "CVE-2022-33082": [
+ "GO-2022-0574"
+ ],
+ "CVE-2022-36009": [
+ "GO-2022-0952"
+ ],
+ "CVE-2022-37315": [
+ "GO-2022-0942"
+ ],
+ "GHSA-25xm-hr59-7c27": [
+ "GO-2020-0016"
+ ],
+ "GHSA-27rq-4943-qcwp": [
+ "GO-2022-0438"
+ ],
+ "GHSA-28r2-q6m8-9hpx": [
+ "GO-2022-0586"
+ ],
+ "GHSA-28r6-jm5h-mrgg": [
+ "GO-2022-0572"
+ ],
+ "GHSA-2c64-vj8g-vwrq": [
+ "GO-2022-0380"
+ ],
+ "GHSA-2m4x-4q9j-w97g": [
+ "GO-2022-0574"
+ ],
+ "GHSA-2v6x-frw8-7r7f": [
+ "GO-2022-0621"
+ ],
+ "GHSA-2x32-jm95-2cpx": [
+ "GO-2020-0050"
+ ],
+ "GHSA-3fx4-7f69-5mmg": [
+ "GO-2020-0009"
+ ],
+ "GHSA-3x58-xr87-2fcj": [
+ "GO-2022-0762"
+ ],
+ "GHSA-3xh2-74w9-5vxm": [
+ "GO-2020-0019"
+ ],
+ "GHSA-44r7-7p62-q3fr": [
+ "GO-2020-0008"
+ ],
+ "GHSA-477v-w82m-634j": [
+ "GO-2022-0528"
+ ],
+ "GHSA-4hq8-gmxx-h6w9": [
+ "GO-2021-0058"
+ ],
+ "GHSA-4w5x-x539-ppf5": [
+ "GO-2022-0380"
+ ],
+ "GHSA-56hp-xqp3-w2jf": [
+ "GO-2022-0384"
+ ],
+ "GHSA-5796-p3m6-9qj4": [
+ "GO-2021-0102"
+ ],
+ "GHSA-58v3-j75h-xr49": [
+ "GO-2020-0007"
+ ],
+ "GHSA-59hh-656j-3p7v": [
+ "GO-2022-0256"
+ ],
+ "GHSA-5cgx-vhfp-6cf9": [
+ "GO-2022-0629"
+ ],
+ "GHSA-5gjg-jgh4-gppm": [
+ "GO-2021-0107"
+ ],
+ "GHSA-5mxh-2qfv-4g7j": [
+ "GO-2022-0251"
+ ],
+ "GHSA-5rcv-m4m3-hfh7": [
+ "GO-2020-0015"
+ ],
+ "GHSA-5x29-3hr9-6wpw": [
+ "GO-2021-0095"
+ ],
+ "GHSA-62mh-w5cv-p88c": [
+ "GO-2022-0386"
+ ],
+ "GHSA-6635-c626-vj4r": [
+ "GO-2022-0414"
+ ],
+ "GHSA-66vw-v2x9-hw75": [
+ "GO-2022-0558"
+ ],
+ "GHSA-66x3-6cw3-v5gj": [
+ "GO-2022-0444"
+ ],
+ "GHSA-6jqj-f58p-mrw3": [
+ "GO-2021-0090"
+ ],
+ "GHSA-72wf-hwcq-65h9": [
+ "GO-2022-0563"
+ ],
+ "GHSA-733f-44f3-3frw": [
+ "GO-2020-0039"
+ ],
+ "GHSA-74xm-qj29-cq8p": [
+ "GO-2021-0104"
+ ],
+ "GHSA-75rw-34q6-72cr": [
+ "GO-2022-0564"
+ ],
+ "GHSA-7638-r9r3-rmjj": [
+ "GO-2022-0345"
+ ],
+ "GHSA-76wf-9vgp-pj7w": [
+ "GO-2022-0391"
+ ],
+ "GHSA-77gc-fj98-665h": [
+ "GO-2020-0011",
+ "GO-2022-0945"
+ ],
+ "GHSA-7gfg-6934-mqq2": [
+ "GO-2020-0038"
+ ],
+ "GHSA-7jr6-prv4-5wf5": [
+ "GO-2022-0384"
+ ],
+ "GHSA-7mqr-2v3q-v2wm": [
+ "GO-2021-0109"
+ ],
+ "GHSA-7qw8-847f-pggm": [
+ "GO-2021-0100"
+ ],
+ "GHSA-85p9-j7c9-v4gr": [
+ "GO-2021-0081"
+ ],
+ "GHSA-86r9-39j9-99wp": [
+ "GO-2020-0010"
+ ],
+ "GHSA-88jf-7rch-32qc": [
+ "GO-2020-0041"
+ ],
+ "GHSA-8c26-wmh5-6g9v": [
+ "GO-2021-0356"
+ ],
+ "GHSA-8v99-48m9-c8pm": [
+ "GO-2021-0412"
+ ],
+ "GHSA-8vrw-m3j9-j27c": [
+ "GO-2021-0057"
+ ],
+ "GHSA-9423-6c93-gpp8": [
+ "GO-2020-0042"
+ ],
+ "GHSA-95f9-94vc-665h": [
+ "GO-2022-0569"
+ ],
+ "GHSA-9856-9gg9-qcmq": [
+ "GO-2022-0254"
+ ],
+ "GHSA-99cg-575x-774p": [
+ "GO-2022-0294"
+ ],
+ "GHSA-9cx9-x2gp-9qvh": [
+ "GO-2021-0091",
+ "GO-2021-0108"
+ ],
+ "GHSA-9jcx-pr2f-qvq5": [
+ "GO-2020-0028"
+ ],
+ "GHSA-9q3g-m353-cp4p": [
+ "GO-2022-0643"
+ ],
+ "GHSA-9r5x-fjv3-q6h4": [
+ "GO-2022-0386"
+ ],
+ "GHSA-9w9f-6mg8-jp7w": [
+ "GO-2022-0470"
+ ],
+ "GHSA-9x4h-8wgm-8xfg": [
+ "GO-2022-0503"
+ ],
+ "GHSA-c3g4-w6cv-6v7h": [
+ "GO-2022-0417"
+ ],
+ "GHSA-c3h9-896r-86jm": [
+ "GO-2021-0053"
+ ],
+ "GHSA-c8xp-8mf3-62h9": [
+ "GO-2022-0246"
+ ],
+ "GHSA-c9gm-7rfj-8w5h": [
+ "GO-2021-0265"
+ ],
+ "GHSA-cg3q-j54f-5p7p": [
+ "GO-2022-0322"
+ ],
+ "GHSA-cjjc-xp8v-855w": [
+ "GO-2022-0229"
+ ],
+ "GHSA-cjr4-fv6c-f3mv": [
+ "GO-2022-0586"
+ ],
+ "GHSA-cm8f-h6j3-p25c": [
+ "GO-2022-0460"
+ ],
+ "GHSA-cqh2-vc2f-q4fh": [
+ "GO-2022-0248"
+ ],
+ "GHSA-cx3w-xqmc-84g5": [
+ "GO-2021-0098"
+ ],
+ "GHSA-cx94-mrg9-rq4j": [
+ "GO-2022-0461"
+ ],
+ "GHSA-f5pg-7wfw-84q9": [
+ "GO-2022-0646"
+ ],
+ "GHSA-f6mq-5m25-4r72": [
+ "GO-2021-0111",
+ "GO-2021-0112"
+ ],
+ "GHSA-f6px-w8rh-7r89": [
+ "GO-2021-0084"
+ ],
+ "GHSA-fcgg-rvwg-jv58": [
+ "GO-2022-0586"
+ ],
+ "GHSA-ffhg-7mh4-33c4": [
+ "GO-2020-0012"
+ ],
+ "GHSA-fgv8-vj5c-2ppq": [
+ "GO-2021-0085"
+ ],
+ "GHSA-fh74-hm69-rqjw": [
+ "GO-2021-0087"
+ ],
+ "GHSA-fx95-883v-4q4h": [
+ "GO-2022-0355"
+ ],
+ "GHSA-g3vv-g2j5-45f2": [
+ "GO-2022-0422"
+ ],
+ "GHSA-g5v4-5x39-vwhx": [
+ "GO-2021-0099"
+ ],
+ "GHSA-g9mp-8g3h-3c5c": [
+ "GO-2022-0425"
+ ],
+ "GHSA-g9wh-3vrx-r7hg": [
+ "GO-2022-0253"
+ ],
+ "GHSA-h289-x5wc-xcv8": [
+ "GO-2022-0370"
+ ],
+ "GHSA-h2fg-54x9-5qhq": [
+ "GO-2022-0402"
+ ],
+ "GHSA-h2x7-2ff6-v32p": [
+ "GO-2022-0400"
+ ],
+ "GHSA-h395-qcrw-5vmq": [
+ "GO-2020-0029",
+ "GO-2021-0052"
+ ],
+ "GHSA-h3qm-jrrf-cgj3": [
+ "GO-2022-0942"
+ ],
+ "GHSA-h6xx-pmxh-3wgp": [
+ "GO-2021-0077"
+ ],
+ "GHSA-hcw3-j74m-qc58": [
+ "GO-2022-0316"
+ ],
+ "GHSA-hmm9-r2m2-qg9w": [
+ "GO-2022-0402"
+ ],
+ "GHSA-hp87-p4gw-j4gq": [
+ "GO-2022-0603"
+ ],
+ "GHSA-j6wp-3859-vxfg": [
+ "GO-2021-0258"
+ ],
+ "GHSA-j756-f273-xhp4": [
+ "GO-2022-0386"
+ ],
+ "GHSA-jcxc-rh6w-wf49": [
+ "GO-2022-0272"
+ ],
+ "GHSA-jm5c-rv3w-w83m": [
+ "GO-2021-0103"
+ ],
+ "GHSA-jp32-vmm6-3vf5": [
+ "GO-2022-0701"
+ ],
+ "GHSA-jq7p-26h5-w78r": [
+ "GO-2021-0101"
+ ],
+ "GHSA-jxqv-jcvh-7gr4": [
+ "GO-2022-0534"
+ ],
+ "GHSA-m658-p24x-p74r": [
+ "GO-2021-0321",
+ "GO-2022-0370",
+ "GO-2022-0947"
+ ],
+ "GHSA-m6wg-2mwg-4rfq": [
+ "GO-2020-0002",
+ "GO-2020-0031",
+ "GO-2021-0096"
+ ],
+ "GHSA-m9hp-7r99-94h5": [
+ "GO-2020-0050"
+ ],
+ "GHSA-mh3m-8c74-74xh": [
+ "GO-2022-0300"
+ ],
+ "GHSA-mj9r-wwm8-7q52": [
+ "GO-2021-0237"
+ ],
+ "GHSA-mq47-6wwv-v79w": [
+ "GO-2022-0346"
+ ],
+ "GHSA-mr6h-chqp-p9g2": [
+ "GO-2020-0021"
+ ],
+ "GHSA-p55x-7x9v-q8m4": [
+ "GO-2020-0006"
+ ],
+ "GHSA-ppj4-34rq-v8j9": [
+ "GO-2021-0265"
+ ],
+ "GHSA-q3j5-32m5-58c2": [
+ "GO-2021-0070"
+ ],
+ "GHSA-q547-gmf8-8jr7": [
+ "GO-2020-0050"
+ ],
+ "GHSA-q6gq-997w-f55g": [
+ "GO-2021-0142"
+ ],
+ "GHSA-qj26-7grj-whg3": [
+ "GO-2020-0027"
+ ],
+ "GHSA-qpgx-64h2-gc3c": [
+ "GO-2022-0492"
+ ],
+ "GHSA-qq97-vm5h-rrhg": [
+ "GO-2022-0379"
+ ],
+ "GHSA-qqc5-rgcc-cjqh": [
+ "GO-2022-0706"
+ ],
+ "GHSA-qwrj-9hmp-gpxh": [
+ "GO-2022-0519"
+ ],
+ "GHSA-qx32-f6g6-fcfr": [
+ "GO-2022-0463"
+ ],
+ "GHSA-r33q-22hv-j29q": [
+ "GO-2021-0063"
+ ],
+ "GHSA-r48q-9g5r-8q2h": [
+ "GO-2022-0619"
+ ],
+ "GHSA-rmh2-65xw-9m6q": [
+ "GO-2021-0089"
+ ],
+ "GHSA-v3q9-2p3m-7g43": [
+ "GO-2021-0092",
+ "GO-2021-0110"
+ ],
+ "GHSA-v95c-p5hm-xq8f": [
+ "GO-2022-0274"
+ ],
+ "GHSA-vc3x-gx6c-g99f": [
+ "GO-2021-0079"
+ ],
+ "GHSA-vpx7-vm66-qx8r": [
+ "GO-2021-0228"
+ ],
+ "GHSA-w45j-f832-hxvh": [
+ "GO-2022-0462"
+ ],
+ "GHSA-w6ww-fmfx-2x22": [
+ "GO-2022-0252"
+ ],
+ "GHSA-w73w-5m7g-f7qc": [
+ "GO-2020-0017"
+ ],
+ "GHSA-w942-gw6m-p62c": [
+ "GO-2021-0059"
+ ],
+ "GHSA-wjm3-fq3r-5x46": [
+ "GO-2022-0957"
+ ],
+ "GHSA-wmwp-pggc-h4mj": [
+ "GO-2021-0086"
+ ],
+ "GHSA-wxc4-f4m6-wwqv": [
+ "GO-2020-0036"
+ ],
+ "GHSA-x24g-9w7v-vprh": [
+ "GO-2022-0586"
+ ],
+ "GHSA-x4rg-4545-4w7w": [
+ "GO-2021-0088"
+ ],
+ "GHSA-x7f3-62pm-9p38": [
+ "GO-2022-0587"
+ ],
+ "GHSA-x95h-979x-cf3j": [
+ "GO-2022-0588"
+ ],
+ "GHSA-xcf7-q56x-78gh": [
+ "GO-2022-0233"
+ ],
+ "GHSA-xg2h-wx96-xgxr": [
+ "GO-2022-0411"
+ ],
+ "GHSA-xhg2-rvm8-w2jh": [
+ "GO-2022-0755"
+ ],
+ "GHSA-xhqq-x44f-9fgg": [
+ "GO-2021-0060"
+ ],
+ "GHSA-xjqr-g762-pxwp": [
+ "GO-2022-0230"
+ ],
+ "GHSA-xw37-57qp-9mm4": [
+ "GO-2021-0105"
+ ]
+}
diff --git "a/tests/screentest/testdata/vulndb/github.com/\041bee\041go/beego.json" "b/tests/screentest/testdata/vulndb/github.com/\041bee\041go/beego.json"
new file mode 100644
index 0000000..47932a7
--- /dev/null
+++ "b/tests/screentest/testdata/vulndb/github.com/\041bee\041go/beego.json"
@@ -0,0 +1,480 @@
+[
+ {
+ "id": "GO-2022-0463",
+ "published": "2022-07-01T20:06:59Z",
+ "modified": "2022-08-19T22:21:47Z",
+ "aliases": [
+ "CVE-2022-31259",
+ "GHSA-qx32-f6g6-fcfr"
+ ],
+ "details": "Routes in the beego HTTP router can match unintended patterns.\nThis overly-broad matching may permit an attacker to bypass access\ncontrols.\n\nFor example, the pattern \"/a/b/:name\" can match the URL \"/a.xml/b/\".\nThis may bypass access control applied to the prefix \"/a/\".\n",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/beego/beego",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.12.9"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0463"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/beego/beego",
+ "symbols": [
+ "App.Run",
+ "ControllerRegister.FindPolicy",
+ "ControllerRegister.FindRouter",
+ "ControllerRegister.ServeHTTP",
+ "FilterRouter.ValidRouter",
+ "InitBeegoBeforeTest",
+ "Run",
+ "RunWithMiddleWares",
+ "TestBeegoInit",
+ "Tree.Match",
+ "Tree.match",
+ "adminApp.Run"
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "package": {
+ "name": "github.com/beego/beego/v2",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "2.0.3"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0463"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/beego/beego/v2/server/web",
+ "symbols": [
+ "AddNamespace",
+ "Any",
+ "AutoPrefix",
+ "AutoRouter",
+ "Compare",
+ "CompareNot",
+ "Controller.Bind",
+ "Controller.BindForm",
+ "Controller.BindXML",
+ "Controller.BindYAML",
+ "Controller.GetSecureCookie",
+ "Controller.ParseForm",
+ "Controller.Render",
+ "Controller.RenderBytes",
+ "Controller.RenderString",
+ "Controller.Resp",
+ "Controller.SaveToFile",
+ "Controller.ServeFormatted",
+ "Controller.ServeXML",
+ "Controller.ServeYAML",
+ "Controller.SetSecureCookie",
+ "Controller.Trace",
+ "Controller.URLFor",
+ "Controller.XMLResp",
+ "Controller.XSRFFormHTML",
+ "Controller.XSRFToken",
+ "Controller.YamlResp",
+ "ControllerRegister.Add",
+ "ControllerRegister.AddAuto",
+ "ControllerRegister.AddAutoPrefix",
+ "ControllerRegister.AddMethod",
+ "ControllerRegister.AddRouterMethod",
+ "ControllerRegister.Any",
+ "ControllerRegister.CtrlAny",
+ "ControllerRegister.CtrlDelete",
+ "ControllerRegister.CtrlGet",
+ "ControllerRegister.CtrlHead",
+ "ControllerRegister.CtrlOptions",
+ "ControllerRegister.CtrlPatch",
+ "ControllerRegister.CtrlPost",
+ "ControllerRegister.CtrlPut",
+ "ControllerRegister.Delete",
+ "ControllerRegister.FindPolicy",
+ "ControllerRegister.FindRouter",
+ "ControllerRegister.Get",
+ "ControllerRegister.Handler",
+ "ControllerRegister.Head",
+ "ControllerRegister.Include",
+ "ControllerRegister.Init",
+ "ControllerRegister.InsertFilter",
+ "ControllerRegister.Options",
+ "ControllerRegister.Patch",
+ "ControllerRegister.Post",
+ "ControllerRegister.Put",
+ "ControllerRegister.ServeHTTP",
+ "ControllerRegister.URLFor",
+ "CtrlAny",
+ "CtrlDelete",
+ "CtrlGet",
+ "CtrlHead",
+ "CtrlOptions",
+ "CtrlPatch",
+ "CtrlPost",
+ "CtrlPut",
+ "Date",
+ "DateParse",
+ "Delete",
+ "Exception",
+ "ExecuteTemplate",
+ "ExecuteViewPathTemplate",
+ "FilterRouter.ValidRouter",
+ "FlashData.Error",
+ "FlashData.Notice",
+ "FlashData.Set",
+ "FlashData.Store",
+ "FlashData.Success",
+ "FlashData.Warning",
+ "Get",
+ "GetConfig",
+ "HTML2str",
+ "Handler",
+ "Head",
+ "Htmlquote",
+ "Htmlunquote",
+ "HttpServer.Any",
+ "HttpServer.AutoPrefix",
+ "HttpServer.AutoRouter",
+ "HttpServer.CtrlAny",
+ "HttpServer.CtrlDelete",
+ "HttpServer.CtrlGet",
+ "HttpServer.CtrlHead",
+ "HttpServer.CtrlOptions",
+ "HttpServer.CtrlPatch",
+ "HttpServer.CtrlPost",
+ "HttpServer.CtrlPut",
+ "HttpServer.Delete",
+ "HttpServer.Get",
+ "HttpServer.Handler",
+ "HttpServer.Head",
+ "HttpServer.Include",
+ "HttpServer.InsertFilter",
+ "HttpServer.Options",
+ "HttpServer.Patch",
+ "HttpServer.Post",
+ "HttpServer.PrintTree",
+ "HttpServer.Put",
+ "HttpServer.RESTRouter",
+ "HttpServer.Router",
+ "HttpServer.RouterWithOpts",
+ "HttpServer.Run",
+ "Include",
+ "InitBeegoBeforeTest",
+ "InsertFilter",
+ "LoadAppConfig",
+ "MapGet",
+ "Namespace.Any",
+ "Namespace.AutoPrefix",
+ "Namespace.AutoRouter",
+ "Namespace.Cond",
+ "Namespace.CtrlAny",
+ "Namespace.CtrlDelete",
+ "Namespace.CtrlGet",
+ "Namespace.CtrlHead",
+ "Namespace.CtrlOptions",
+ "Namespace.CtrlPatch",
+ "Namespace.CtrlPost",
+ "Namespace.CtrlPut",
+ "Namespace.Delete",
+ "Namespace.Filter",
+ "Namespace.Get",
+ "Namespace.Handler",
+ "Namespace.Head",
+ "Namespace.Include",
+ "Namespace.Namespace",
+ "Namespace.Options",
+ "Namespace.Patch",
+ "Namespace.Post",
+ "Namespace.Put",
+ "Namespace.Router",
+ "NewControllerRegister",
+ "NewControllerRegisterWithCfg",
+ "NewHttpServerWithCfg",
+ "NewHttpSever",
+ "NewNamespace",
+ "NotNil",
+ "Options",
+ "ParseForm",
+ "Patch",
+ "Policy",
+ "Post",
+ "PrintTree",
+ "Put",
+ "RESTRouter",
+ "ReadFromRequest",
+ "RenderForm",
+ "Router",
+ "RouterWithOpts",
+ "Run",
+ "RunWithMiddleWares",
+ "TestBeegoInit",
+ "Tree.AddRouter",
+ "Tree.AddTree",
+ "Tree.Match",
+ "Tree.match",
+ "URLFor",
+ "URLMap.GetMap",
+ "URLMap.GetMapData",
+ "adminApp.Run",
+ "adminController.AdminIndex",
+ "adminController.Healthcheck",
+ "adminController.ListConf",
+ "adminController.ProfIndex",
+ "adminController.PrometheusMetrics",
+ "adminController.QpsIndex",
+ "adminController.TaskStatus",
+ "beegoAppConfig.Bool",
+ "beegoAppConfig.DefaultBool"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "FIX",
+ "url": "https://github.com/beego/beego/pull/4958"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/beego/beego/commit/64cf44d725c8cc35d782327d333df9cbeb1bf2dd"
+ },
+ {
+ "type": "WEB",
+ "url": "https://beego.vip"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/beego/beego/issues/4946"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/beego/beego/pull/4954"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31259"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/advisories/GHSA-qx32-f6g6-fcfr"
+ }
+ ]
+ },
+ {
+ "id": "GO-2022-0569",
+ "published": "2022-08-23T13:24:17Z",
+ "modified": "2022-08-23T13:24:17Z",
+ "aliases": [
+ "CVE-2022-31836",
+ "GHSA-95f9-94vc-665h"
+ ],
+ "details": "The leafInfo.match() function uses path.join()\nto deal with wildcard values which can lead to cross directory risk.\n",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/beego/beego",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.12.11"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0569"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/beego/beego",
+ "symbols": [
+ "Tree.Match"
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "package": {
+ "name": "github.com/beego/beego/v2",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "2.0.0"
+ },
+ {
+ "fixed": "2.0.4"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0569"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/beego/beego/v2/server/web",
+ "symbols": [
+ "Tree.Match"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "FIX",
+ "url": "https://github.com/beego/beego/pull/5025"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/beego/beego/pull/5025/commits/ea5ae58d40589d249cf577a053e490509de2bf57"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31836"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/advisories/GHSA-95f9-94vc-665h"
+ }
+ ]
+ },
+ {
+ "id": "GO-2022-0572",
+ "published": "2022-08-22T17:56:17Z",
+ "modified": "2022-08-23T19:54:38Z",
+ "aliases": [
+ "CVE-2021-30080",
+ "GHSA-28r6-jm5h-mrgg"
+ ],
+ "details": "An issue was discovered in the route lookup process in\nbeego which attackers to bypass access control.\n",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/beego/beego",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0572"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/beego/beego",
+ "symbols": [
+ "Tree.Match"
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "package": {
+ "name": "github.com/beego/beego/v2",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "2.0.0"
+ },
+ {
+ "fixed": "2.0.3"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0572"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/beego/beego/v2/server/web",
+ "symbols": [
+ "Tree.Match"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "FIX",
+ "url": "https://github.com/beego/beego/pull/4459"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/beego/beego/commit/d5df5e470d0a8ed291930ae802fd7e6b95226519"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30080"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/advisories/GHSA-28r6-jm5h-mrgg"
+ }
+ ]
+ }
+]
\ No newline at end of file
diff --git a/tests/screentest/testdata/vulndb/github.com/tidwall/gjson.json b/tests/screentest/testdata/vulndb/github.com/tidwall/gjson.json
new file mode 100644
index 0000000..b682d88
--- /dev/null
+++ b/tests/screentest/testdata/vulndb/github.com/tidwall/gjson.json
@@ -0,0 +1,268 @@
+[
+ {"id": "GO-2021-0054",
+ "published": "2021-04-14T20:04:52Z",
+ "modified": "2022-08-19T22:21:47Z",
+ "aliases": [
+ "CVE-2020-36067"
+ ],
+ "details": "Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/tidwall/gjson",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.6.6"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0054"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/tidwall/gjson",
+ "symbols": [
+ "Result.ForEach",
+ "unwrap"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "FIX",
+ "url": "https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/tidwall/gjson/issues/196"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36067"
+ }
+ ]
+ },
+ {
+ "id": "GO-2021-0059",
+ "published": "2021-04-14T20:04:52Z",
+ "modified": "2022-08-19T22:21:47Z",
+ "aliases": [
+ "CVE-2020-35380",
+ "GHSA-w942-gw6m-p62c"
+ ],
+ "details": "Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/tidwall/gjson",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.6.4"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0059"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/tidwall/gjson",
+ "symbols": [
+ "sqaush"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "FIX",
+ "url": "https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/tidwall/gjson/issues/192"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35380"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/advisories/GHSA-w942-gw6m-p62c"
+ }
+ ]
+ },
+ {
+ "id": "GO-2021-0265",
+ "published": "2022-01-14T17:30:24Z",
+ "modified": "2022-08-19T22:21:47Z",
+ "aliases": [
+ "CVE-2020-36066",
+ "CVE-2021-42836",
+ "GHSA-ppj4-34rq-v8j9",
+ "GHSA-wjm3-fq3r-5x46"
+ ],
+ "details": "GJSON allowed a ReDoS (regular expression denial of service) attack.",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/tidwall/gjson",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.9.3"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0265"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/tidwall/gjson",
+ "symbols": [
+ "match.Match"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "FIX",
+ "url": "https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/tidwall/gjson/compare/v1.9.2...v1.9.3"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/tidwall/gjson/issues/236"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/tidwall/gjson/issues/237"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36066"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42836"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/advisories/GHSA-ppj4-34rq-v8j9"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/advisories/GHSA-wjm3-fq3r-5x46"
+ }
+ ]
+ },
+ {
+ "id": "GO-2022-0592",
+ "published": "2022-08-15T18:06:07Z",
+ "modified": "2022-08-19T22:21:47Z",
+ "aliases": [
+ "CVE-2021-42248",
+ "GHSA-c9gm-7rfj-8w5h"
+ ],
+ "details": "A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/tidwall/gjson",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.9.3"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0592"
+ },
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/tidwall/gjson",
+ "symbols": [
+ "Get",
+ "GetBytes",
+ "GetMany",
+ "GetManyBytes",
+ "Result.Get",
+ "queryMatches"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "FIX",
+ "url": "https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/tidwall/gjson/issues/237"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42248"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/advisories/GHSA-c9gm-7rfj-8w5h"
+ }
+ ]
+ }
+]
diff --git a/tests/screentest/testdata/vulndb/index.json b/tests/screentest/testdata/vulndb/index.json
new file mode 100644
index 0000000..c197360
--- /dev/null
+++ b/tests/screentest/testdata/vulndb/index.json
@@ -0,0 +1,4 @@
+{
+ "github.com/BeeGo/beego": "2022-08-23T19:54:38Z",
+ "github.com/tidwall/gjson": "2022-08-23T19:54:38Z"
+}
diff --git a/tests/screentest/testdata/vulndb/stdlib.json b/tests/screentest/testdata/vulndb/stdlib.json
new file mode 100644
index 0000000..2b904b2
--- /dev/null
+++ b/tests/screentest/testdata/vulndb/stdlib.json
@@ -0,0 +1,36 @@
+[
+ {
+ "id": "GO-2021-0240",
+ "published": "2022-02-17T17:33:25Z",
+ "modified": "2022-08-29T16:50:59Z",
+ "aliases": ["CVE-2021-33196"],
+ "details": "NewReader and OpenReader can cause a panic or an unrecoverable\nfatal error when reading an archive that claims to contain a large\nnumber of files, regardless of its actual size.\n",
+ "affected": [
+ {
+ "package": { "name": "stdlib", "ecosystem": "Go" },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ { "introduced": "0" },
+ { "fixed": "1.15.13" },
+ { "introduced": "1.16.0" },
+ { "fixed": "1.16.5" }
+ ]
+ }
+ ],
+ "database_specific": { "url": "https://pkg.go.dev/vuln/GO-2021-0240" },
+ "ecosystem_specific": { "imports": [{ "path": "archive/zip", "symbols": ["Reader.init"] }] }
+ }
+ ],
+ "references": [
+ { "type": "FIX", "url": "https://go.dev/cl/318909" },
+ {
+ "type": "FIX",
+ "url": "https://go.googlesource.com/go/+/74242baa4136c7a9132a8ccd9881354442788c8c"
+ },
+ { "type": "WEB", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" },
+ { "type": "REPORT", "url": "https://go.dev/issue/46242" }
+ ]
+ }
+]
diff --git a/tests/screentest/testdata/vulndb/toolchain.json b/tests/screentest/testdata/vulndb/toolchain.json
new file mode 100644
index 0000000..2354d3b
--- /dev/null
+++ b/tests/screentest/testdata/vulndb/toolchain.json
@@ -0,0 +1,83 @@
+[
+ {
+ "id": "GO-2022-0475",
+ "published": "2022-07-28T17:24:30Z",
+ "modified": "2022-08-29T16:50:59Z",
+ "aliases": ["CVE-2020-28366"],
+ "details": "The go command may execute arbitrary code at build time when cgo is in use.\nThis may occur when running go get on a malicious package, or any other\ncommand that builds untrusted code.\n\nThis can be caused by malicious unquoted symbol name in a linked object\nfile.\n",
+ "affected": [
+ {
+ "package": { "name": "toolchain", "ecosystem": "Go" },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ { "introduced": "0" },
+ { "fixed": "1.14.12" },
+ { "introduced": "1.15.0" },
+ { "fixed": "1.15.5" }
+ ]
+ }
+ ],
+ "database_specific": { "url": "https://pkg.go.dev/vuln/GO-2022-0475" },
+ "ecosystem_specific": {
+ "imports": [
+ { "path": "cmd/go", "symbols": ["Builder.cgo"] },
+ { "path": "cmd/cgo", "symbols": ["dynimport"] }
+ ]
+ }
+ }
+ ],
+ "references": [
+ { "type": "FIX", "url": "https://go.dev/cl/269658" },
+ {
+ "type": "FIX",
+ "url": "https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292"
+ },
+ { "type": "REPORT", "url": "https://go.dev/issue/42559" },
+ { "type": "WEB", "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM" }
+ ]
+ },
+ {
+ "id": "GO-2021-0068",
+ "published": "2021-04-14T20:04:52Z",
+ "modified": "2022-08-29T16:50:59Z",
+ "aliases": ["CVE-2021-3115"],
+ "details": "The go command may execute arbitrary code at build time when using cgo on Windows.\nThis can be triggered by running go get on a malicious module, or any other time\nthe code is built.\n",
+ "affected": [
+ {
+ "package": { "name": "toolchain", "ecosystem": "Go" },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ { "introduced": "0" },
+ { "fixed": "1.14.14" },
+ { "introduced": "1.15.0" },
+ { "fixed": "1.15.7" }
+ ]
+ }
+ ],
+ "database_specific": { "url": "https://pkg.go.dev/vuln/GO-2021-0068" },
+ "ecosystem_specific": { "imports": [{ "path": "cmd/go", "goos": ["windows"] }] }
+ }
+ ],
+ "references": [
+ { "type": "FIX", "url": "https://go.dev/cl/284783" },
+ {
+ "type": "FIX",
+ "url": "https://go.googlesource.com/go/+/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0"
+ },
+ { "type": "REPORT", "url": "https://go.dev/issue/43783" },
+ {
+ "type": "WEB",
+ "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w/m/yo5W5wnvAAAJ"
+ },
+ { "type": "FIX", "url": "https://go.dev/cl/284780" },
+ {
+ "type": "FIX",
+ "url": "https://go.googlesource.com/go/+/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0"
+ }
+ ]
+ }
+]
