client: add GetByAlias
Add a method to get a list of entries that share the
same CVE or GHSA.
Updates golang/go#54465.
Change-Id: I395c1790cfb394c88b1283e17c7808585922237d
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/427079
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
diff --git a/client/client.go b/client/client.go
index b82c06b..d633a2a 100644
--- a/client/client.go
+++ b/client/client.go
@@ -10,7 +10,7 @@
// The expected database layout is the same for both HTTP and local
// databases. The database index is located at the root of the
// database, and contains a list of all of the vulnerable modules
-// documented in the databse and the time the most recent vulnerability
+// documented in the database and the time the most recent vulnerability
// was added. The index file is called index.json, and has the
// following format:
//
@@ -62,6 +62,10 @@
// one.
GetByID(context.Context, string) (*osv.Entry, error)
+ // GetByAlias returns the entries that have the given aliases, or (nil, nil)
+ // if there are none.
+ GetByAlias(context.Context, string) ([]*osv.Entry, error)
+
// ListIDs returns the IDs of all entries in the database.
ListIDs(context.Context) ([]string, error)
@@ -118,6 +122,32 @@
return &e, nil
}
+func (ls *localSource) GetByAlias(ctx context.Context, alias string) (entries []*osv.Entry, err error) {
+ defer derrors.Wrap(&err, "localSource.GetByAlias(%q)", alias)
+
+ aliasToIDs, err := localReadJSON[map[string][]string](ctx, ls, "aliases.json")
+ if err != nil {
+ return nil, err
+ }
+ ids := aliasToIDs[alias]
+ if len(ids) == 0 {
+ return nil, nil
+ }
+ return getByIDs(ctx, ls, ids)
+}
+
+func getByIDs(ctx context.Context, s source, ids []string) ([]*osv.Entry, error) {
+ var entries []*osv.Entry
+ for _, id := range ids {
+ e, err := s.GetByID(ctx, id)
+ if err != nil {
+ return nil, err
+ }
+ entries = append(entries, e)
+ }
+ return entries, nil
+}
+
func (ls *localSource) ListIDs(ctx context.Context) (_ []string, err error) {
defer derrors.Wrap(&err, "ListIDs()")
@@ -304,6 +334,20 @@
return httpReadJSON[*osv.Entry](ctx, hs, fmt.Sprintf("%s/%s.json", internal.IDDirectory, id))
}
+func (hs *httpSource) GetByAlias(ctx context.Context, alias string) (entries []*osv.Entry, err error) {
+ defer derrors.Wrap(&err, "httpSource.GetByAlias(%q)", alias)
+
+ aliasToIDs, err := httpReadJSON[map[string][]string](ctx, hs, "aliases.json")
+ if err != nil {
+ return nil, err
+ }
+ ids := aliasToIDs[alias]
+ if len(ids) == 0 {
+ return nil, nil
+ }
+ return getByIDs(ctx, hs, ids)
+}
+
func (hs *httpSource) ListIDs(ctx context.Context) (_ []string, err error) {
defer derrors.Wrap(&err, "ListIDs()")
@@ -422,15 +466,35 @@
func (*client) unexported() {}
func (c *client) GetByModule(ctx context.Context, module string) (_ []*osv.Entry, err error) {
- defer derrors.Wrap(&err, "client.GetByModule(%q)", module)
+ defer derrors.Wrap(&err, "GetByModule(%q)", module)
+ return c.unionEntries(ctx, func(c Client) ([]*osv.Entry, error) {
+ return c.GetByModule(ctx, module)
+ })
+}
+
+func (c *client) GetByAlias(ctx context.Context, alias string) (entries []*osv.Entry, err error) {
+ defer derrors.Wrap(&err, "GetByAlias(%q)", alias)
+ return c.unionEntries(ctx, func(c Client) ([]*osv.Entry, error) {
+ return c.GetByAlias(ctx, alias)
+ })
+}
+
+// unionEntries returns the union of all entries obtained by calling get on the client's sources.
+func (c *client) unionEntries(ctx context.Context, get func(Client) ([]*osv.Entry, error)) ([]*osv.Entry, error) {
var entries []*osv.Entry
// probably should be parallelized
+ seen := map[string]bool{}
for _, s := range c.sources {
- e, err := s.GetByModule(ctx, module)
+ es, err := get(s)
if err != nil {
return nil, err // be failure tolerant?
}
- entries = append(entries, e...)
+ for _, e := range es {
+ if !seen[e.ID] {
+ entries = append(entries, e)
+ seen[e.ID] = true
+ }
+ }
}
return entries, nil
}
diff --git a/client/client_test.go b/client/client_test.go
index 14d7cdb..2469642 100644
--- a/client/client_test.go
+++ b/client/client_test.go
@@ -270,15 +270,7 @@
}
const vulnID = "GO-2022-0463"
- var want *osv.Entry
- wantData, err := os.ReadFile(filepath.Join("testdata", "vulndb", internal.IDDirectory, vulnID+".json"))
- if err != nil {
- t.Fatal(err)
- }
- if err := json.Unmarshal(wantData, &want); err != nil {
- t.Fatal(err)
- }
-
+ want := mustReadEntry(t, vulnID)
srv := newTestServer()
defer srv.Close()
@@ -309,6 +301,50 @@
}
}
+func mustReadEntry(t *testing.T, vulnID string) *osv.Entry {
+ t.Helper()
+ data, err := os.ReadFile(filepath.Join("testdata", "vulndb", internal.IDDirectory, vulnID+".json"))
+ if err != nil {
+ t.Fatal(err)
+ }
+ var e *osv.Entry
+ if err := json.Unmarshal(data, &e); err != nil {
+ t.Fatal(err)
+ }
+ return e
+}
+
+func TestClientByAlias(t *testing.T) {
+ if runtime.GOOS == "js" {
+ t.Skip("skipping test: no network on js")
+ }
+ const alias = "CVE-2015-5739"
+ want := []*osv.Entry{mustReadEntry(t, "GO-2021-0157"), mustReadEntry(t, "GO-2021-0159")}
+ srv := newTestServer()
+ defer srv.Close()
+ for _, test := range []struct {
+ name string
+ source string
+ }{
+ {name: "http", source: srv.URL},
+ {name: "file", source: localURL},
+ } {
+ t.Run(test.name, func(t *testing.T) {
+ client, err := NewClient([]string{test.source}, Options{})
+ if err != nil {
+ t.Fatal(err)
+ }
+ got, err := client.GetByAlias(context.Background(), alias)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if !cmp.Equal(got, want) {
+ t.Errorf("got\n%+v\nwant\n%+v", got, want)
+ }
+ })
+ }
+}
+
func TestListIDs(t *testing.T) {
if runtime.GOOS == "js" {
t.Skip("skipping test: no network on js")
diff --git a/client/testdata/vulndb/ID/GO-2021-0157.json b/client/testdata/vulndb/ID/GO-2021-0157.json
new file mode 100644
index 0000000..3862d70
--- /dev/null
+++ b/client/testdata/vulndb/ID/GO-2021-0157.json
@@ -0,0 +1 @@
+{"id":"GO-2021-0157","published":"2022-01-05T20:00:00Z","modified":"2022-08-29T16:50:59Z","aliases":["CVE-2015-5739"],"details":"The MIME header parser treated spaces and hyphens\nas equivalent, which can permit HTTP request smuggling.\n","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.4.3"}]}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0157"},"ecosystem_specific":{"imports":[{"path":"net/textproto","symbols":["CanonicalMIMEHeaderKey","canonicalMIMEHeaderKey"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/11772"},{"type":"FIX","url":"https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9"},{"type":"REPORT","url":"https://go.dev/issue/53035"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ"}]}
diff --git a/client/testdata/vulndb/ID/GO-2021-0159.json b/client/testdata/vulndb/ID/GO-2021-0159.json
new file mode 100644
index 0000000..edb0189
--- /dev/null
+++ b/client/testdata/vulndb/ID/GO-2021-0159.json
@@ -0,0 +1 @@
+{"id":"GO-2021-0159","published":"2022-01-05T21:39:14Z","modified":"2022-08-29T16:50:59Z","aliases":["CVE-2015-5739","CVE-2015-5740","CVE-2015-5741"],"details":"HTTP headers were not properly parsed, which allows remote attackers to\nconduct HTTP request smuggling attacks via a request that contains\nContent-Length and Transfer-Encoding header fields.\n","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.4.3"}]}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0159"},"ecosystem_specific":{"imports":[{"path":"net/http","symbols":["CanonicalMIMEHeaderKey","body.readLocked","canonicalMIMEHeaderKey","chunkWriter.writeHeader","fixLength","fixTransferEncoding","readTransfer","transferWriter.shouldSendContentLength","validHeaderFieldByte"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/13148"},{"type":"FIX","url":"https://go.googlesource.com/go/+/26049f6f9171d1190f3bbe05ec304845cfe6399f"},{"type":"FIX","url":"https://go.dev/cl/11772"},{"type":"FIX","url":"https://go.dev/cl/11810"},{"type":"FIX","url":"https://go.dev/cl/12865"},{"type":"FIX","url":"https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9"},{"type":"FIX","url":"https://go.googlesource.com/go/+/300d9a21583e7cf0149a778a0611e76ff7c6680f"},{"type":"FIX","url":"https://go.googlesource.com/go/+/c2db5f4ccc61ba7df96a747e268a277b802cbb87"},{"type":"REPORT","url":"https://go.dev/issue/12027"},{"type":"REPORT","url":"https://go.dev/issue/11930"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ"}]}
diff --git a/client/testdata/vulndb/aliases.json b/client/testdata/vulndb/aliases.json
new file mode 100644
index 0000000..2ba6987
--- /dev/null
+++ b/client/testdata/vulndb/aliases.json
@@ -0,0 +1,1204 @@
+{
+ "CVE-2013-10005": [
+ "GO-2020-0024"
+ ],
+ "CVE-2014-125026": [
+ "GO-2020-0022"
+ ],
+ "CVE-2014-7189": [
+ "GO-2021-0154"
+ ],
+ "CVE-2014-8681": [
+ "GO-2020-0021"
+ ],
+ "CVE-2015-10004": [
+ "GO-2020-0023"
+ ],
+ "CVE-2015-1340": [
+ "GO-2021-0071"
+ ],
+ "CVE-2015-5305": [
+ "GO-2022-0701"
+ ],
+ "CVE-2015-5739": [
+ "GO-2021-0157",
+ "GO-2021-0159"
+ ],
+ "CVE-2015-5740": [
+ "GO-2021-0159"
+ ],
+ "CVE-2015-5741": [
+ "GO-2021-0159"
+ ],
+ "CVE-2015-8618": [
+ "GO-2021-0160"
+ ],
+ "CVE-2016-15005": [
+ "GO-2020-0045"
+ ],
+ "CVE-2016-3697": [
+ "GO-2021-0070"
+ ],
+ "CVE-2016-3958": [
+ "GO-2021-0163"
+ ],
+ "CVE-2016-3959": [
+ "GO-2022-0166"
+ ],
+ "CVE-2016-5386": [
+ "GO-2022-0761"
+ ],
+ "CVE-2016-9121": [
+ "GO-2020-0010"
+ ],
+ "CVE-2016-9122": [
+ "GO-2020-0011",
+ "GO-2022-0945"
+ ],
+ "CVE-2016-9123": [
+ "GO-2020-0009"
+ ],
+ "CVE-2017-1000097": [
+ "GO-2022-0171"
+ ],
+ "CVE-2017-1000098": [
+ "GO-2021-0172"
+ ],
+ "CVE-2017-11468": [
+ "GO-2021-0072"
+ ],
+ "CVE-2017-11480": [
+ "GO-2022-0643"
+ ],
+ "CVE-2017-15041": [
+ "GO-2022-0177"
+ ],
+ "CVE-2017-15042": [
+ "GO-2021-0178"
+ ],
+ "CVE-2017-15133": [
+ "GO-2020-0006"
+ ],
+ "CVE-2017-17831": [
+ "GO-2021-0073"
+ ],
+ "CVE-2017-18367": [
+ "GO-2020-0007"
+ ],
+ "CVE-2017-20146": [
+ "GO-2020-0020"
+ ],
+ "CVE-2017-3204": [
+ "GO-2020-0013"
+ ],
+ "CVE-2017-8932": [
+ "GO-2022-0187"
+ ],
+ "CVE-2018-1103": [
+ "GO-2020-0026"
+ ],
+ "CVE-2018-12018": [
+ "GO-2021-0075"
+ ],
+ "CVE-2018-14632": [
+ "GO-2021-0076"
+ ],
+ "CVE-2018-16873": [
+ "GO-2022-0189"
+ ],
+ "CVE-2018-16874": [
+ "GO-2022-0190"
+ ],
+ "CVE-2018-16875": [
+ "GO-2022-0191"
+ ],
+ "CVE-2018-16886": [
+ "GO-2021-0077"
+ ],
+ "CVE-2018-17075": [
+ "GO-2021-0078"
+ ],
+ "CVE-2018-17142": [
+ "GO-2022-0192"
+ ],
+ "CVE-2018-17143": [
+ "GO-2022-0193"
+ ],
+ "CVE-2018-17419": [
+ "GO-2020-0028"
+ ],
+ "CVE-2018-17846": [
+ "GO-2020-0014"
+ ],
+ "CVE-2018-17847": [
+ "GO-2022-0197"
+ ],
+ "CVE-2018-17848": [
+ "GO-2022-0197"
+ ],
+ "CVE-2018-18206": [
+ "GO-2021-0079"
+ ],
+ "CVE-2018-21246": [
+ "GO-2020-0043"
+ ],
+ "CVE-2018-25046": [
+ "GO-2020-0025"
+ ],
+ "CVE-2018-6558": [
+ "GO-2020-0027"
+ ],
+ "CVE-2018-6574": [
+ "GO-2022-0201"
+ ],
+ "CVE-2018-7187": [
+ "GO-2022-0203"
+ ],
+ "CVE-2019-0210": [
+ "GO-2021-0101"
+ ],
+ "CVE-2019-10214": [
+ "GO-2021-0081"
+ ],
+ "CVE-2019-10223": [
+ "GO-2022-0621"
+ ],
+ "CVE-2019-11250": [
+ "GO-2021-0065"
+ ],
+ "CVE-2019-11254": [
+ "GO-2020-0036"
+ ],
+ "CVE-2019-11289": [
+ "GO-2021-0102"
+ ],
+ "CVE-2019-11840": [
+ "GO-2022-0209"
+ ],
+ "CVE-2019-11939": [
+ "GO-2021-0082"
+ ],
+ "CVE-2019-12496": [
+ "GO-2021-0083"
+ ],
+ "CVE-2019-13209": [
+ "GO-2022-0755"
+ ],
+ "CVE-2019-14809": [
+ "GO-2022-0211"
+ ],
+ "CVE-2019-16276": [
+ "GO-2022-0212"
+ ],
+ "CVE-2019-16354": [
+ "GO-2021-0084"
+ ],
+ "CVE-2019-16884": [
+ "GO-2021-0085"
+ ],
+ "CVE-2019-17110": [
+ "GO-2022-0621"
+ ],
+ "CVE-2019-17596": [
+ "GO-2022-0213"
+ ],
+ "CVE-2019-19619": [
+ "GO-2021-0086"
+ ],
+ "CVE-2019-19794": [
+ "GO-2020-0008"
+ ],
+ "CVE-2019-19921": [
+ "GO-2021-0087"
+ ],
+ "CVE-2019-20786": [
+ "GO-2020-0038"
+ ],
+ "CVE-2019-25072": [
+ "GO-2020-0037"
+ ],
+ "CVE-2019-25073": [
+ "GO-2020-0032"
+ ],
+ "CVE-2019-3564": [
+ "GO-2021-0088"
+ ],
+ "CVE-2019-6486": [
+ "GO-2022-0217"
+ ],
+ "CVE-2019-9512": [
+ "GO-2022-0536"
+ ],
+ "CVE-2019-9514": [
+ "GO-2022-0536"
+ ],
+ "CVE-2019-9634": [
+ "GO-2022-0220"
+ ],
+ "CVE-2020-0601": [
+ "GO-2022-0535"
+ ],
+ "CVE-2020-10675": [
+ "GO-2021-0089"
+ ],
+ "CVE-2020-12666": [
+ "GO-2020-0039"
+ ],
+ "CVE-2020-14039": [
+ "GO-2021-0223"
+ ],
+ "CVE-2020-14040": [
+ "GO-2020-0015"
+ ],
+ "CVE-2020-15091": [
+ "GO-2021-0090"
+ ],
+ "CVE-2020-15106": [
+ "GO-2020-0005"
+ ],
+ "CVE-2020-15111": [
+ "GO-2021-0091",
+ "GO-2021-0108"
+ ],
+ "CVE-2020-15112": [
+ "GO-2020-0005"
+ ],
+ "CVE-2020-15216": [
+ "GO-2020-0050"
+ ],
+ "CVE-2020-15222": [
+ "GO-2021-0092",
+ "GO-2021-0110"
+ ],
+ "CVE-2020-15223": [
+ "GO-2021-0109"
+ ],
+ "CVE-2020-15586": [
+ "GO-2021-0224"
+ ],
+ "CVE-2020-16845": [
+ "GO-2021-0142"
+ ],
+ "CVE-2020-24553": [
+ "GO-2021-0226"
+ ],
+ "CVE-2020-25614": [
+ "GO-2020-0048"
+ ],
+ "CVE-2020-26160": [
+ "GO-2020-0017"
+ ],
+ "CVE-2020-26242": [
+ "GO-2021-0103"
+ ],
+ "CVE-2020-26264": [
+ "GO-2021-0063"
+ ],
+ "CVE-2020-26265": [
+ "GO-2021-0105"
+ ],
+ "CVE-2020-26290": [
+ "GO-2020-0050"
+ ],
+ "CVE-2020-26521": [
+ "GO-2022-0402"
+ ],
+ "CVE-2020-26892": [
+ "GO-2022-0380"
+ ],
+ "CVE-2020-27813": [
+ "GO-2020-0019"
+ ],
+ "CVE-2020-27846": [
+ "GO-2021-0058"
+ ],
+ "CVE-2020-27847": [
+ "GO-2020-0050"
+ ],
+ "CVE-2020-28362": [
+ "GO-2021-0069"
+ ],
+ "CVE-2020-28366": [
+ "GO-2022-0475"
+ ],
+ "CVE-2020-28367": [
+ "GO-2022-0476"
+ ],
+ "CVE-2020-28483": [
+ "GO-2020-0029",
+ "GO-2021-0052"
+ ],
+ "CVE-2020-29242": [
+ "GO-2021-0097"
+ ],
+ "CVE-2020-29243": [
+ "GO-2021-0097"
+ ],
+ "CVE-2020-29244": [
+ "GO-2021-0097"
+ ],
+ "CVE-2020-29245": [
+ "GO-2021-0097"
+ ],
+ "CVE-2020-29509": [
+ "GO-2021-0060"
+ ],
+ "CVE-2020-29529": [
+ "GO-2021-0094"
+ ],
+ "CVE-2020-29652": [
+ "GO-2021-0227"
+ ],
+ "CVE-2020-35380": [
+ "GO-2021-0059"
+ ],
+ "CVE-2020-35381": [
+ "GO-2021-0057"
+ ],
+ "CVE-2020-36066": [
+ "GO-2022-0957"
+ ],
+ "CVE-2020-36067": [
+ "GO-2021-0054"
+ ],
+ "CVE-2020-36559": [
+ "GO-2020-0033"
+ ],
+ "CVE-2020-36560": [
+ "GO-2020-0034"
+ ],
+ "CVE-2020-36561": [
+ "GO-2020-0035"
+ ],
+ "CVE-2020-36562": [
+ "GO-2020-0040"
+ ],
+ "CVE-2020-36563": [
+ "GO-2020-0047"
+ ],
+ "CVE-2020-36564": [
+ "GO-2020-0049"
+ ],
+ "CVE-2020-36565": [
+ "GO-2021-0051"
+ ],
+ "CVE-2020-36566": [
+ "GO-2021-0106"
+ ],
+ "CVE-2020-36567": [
+ "GO-2020-0001"
+ ],
+ "CVE-2020-36568": [
+ "GO-2020-0003"
+ ],
+ "CVE-2020-36569": [
+ "GO-2020-0004"
+ ],
+ "CVE-2020-7664": [
+ "GO-2021-0228"
+ ],
+ "CVE-2020-7667": [
+ "GO-2020-0042"
+ ],
+ "CVE-2020-7668": [
+ "GO-2020-0041"
+ ],
+ "CVE-2020-7711": [
+ "GO-2020-0046"
+ ],
+ "CVE-2020-7919": [
+ "GO-2022-0229"
+ ],
+ "CVE-2020-8564": [
+ "GO-2021-0066"
+ ],
+ "CVE-2020-8565": [
+ "GO-2021-0064"
+ ],
+ "CVE-2020-8568": [
+ "GO-2022-0629"
+ ],
+ "CVE-2020-8911": [
+ "GO-2022-0646"
+ ],
+ "CVE-2020-8918": [
+ "GO-2021-0095"
+ ],
+ "CVE-2020-8945": [
+ "GO-2020-0002",
+ "GO-2020-0031",
+ "GO-2021-0096"
+ ],
+ "CVE-2020-9283": [
+ "GO-2020-0012"
+ ],
+ "CVE-2021-20206": [
+ "GO-2022-0230"
+ ],
+ "CVE-2021-20291": [
+ "GO-2021-0100"
+ ],
+ "CVE-2021-20329": [
+ "GO-2021-0111",
+ "GO-2021-0112"
+ ],
+ "CVE-2021-21237": [
+ "GO-2021-0098"
+ ],
+ "CVE-2021-21272": [
+ "GO-2021-0099"
+ ],
+ "CVE-2021-22133": [
+ "GO-2022-0706"
+ ],
+ "CVE-2021-23409": [
+ "GO-2022-0233"
+ ],
+ "CVE-2021-23772": [
+ "GO-2022-0272"
+ ],
+ "CVE-2021-27918": [
+ "GO-2021-0234"
+ ],
+ "CVE-2021-27919": [
+ "GO-2021-0067"
+ ],
+ "CVE-2021-28681": [
+ "GO-2021-0104"
+ ],
+ "CVE-2021-29272": [
+ "GO-2022-0762"
+ ],
+ "CVE-2021-29482": [
+ "GO-2020-0016"
+ ],
+ "CVE-2021-30080": [
+ "GO-2022-0572"
+ ],
+ "CVE-2021-3114": [
+ "GO-2021-0235"
+ ],
+ "CVE-2021-3115": [
+ "GO-2021-0068"
+ ],
+ "CVE-2021-3121": [
+ "GO-2021-0053"
+ ],
+ "CVE-2021-3127": [
+ "GO-2022-0386"
+ ],
+ "CVE-2021-31525": [
+ "GO-2022-0236"
+ ],
+ "CVE-2021-32690": [
+ "GO-2022-0384"
+ ],
+ "CVE-2021-32721": [
+ "GO-2021-0237"
+ ],
+ "CVE-2021-33194": [
+ "GO-2021-0238"
+ ],
+ "CVE-2021-33195": [
+ "GO-2021-0239"
+ ],
+ "CVE-2021-33196": [
+ "GO-2021-0240"
+ ],
+ "CVE-2021-33197": [
+ "GO-2021-0241"
+ ],
+ "CVE-2021-33198": [
+ "GO-2021-0242"
+ ],
+ "CVE-2021-34558": [
+ "GO-2021-0243"
+ ],
+ "CVE-2021-3538": [
+ "GO-2020-0018",
+ "GO-2022-0244"
+ ],
+ "CVE-2021-3602": [
+ "GO-2022-0345"
+ ],
+ "CVE-2021-36221": [
+ "GO-2021-0245"
+ ],
+ "CVE-2021-3761": [
+ "GO-2022-0246"
+ ],
+ "CVE-2021-3762": [
+ "GO-2022-0346"
+ ],
+ "CVE-2021-38297": [
+ "GO-2022-0247"
+ ],
+ "CVE-2021-38561": [
+ "GO-2021-0113"
+ ],
+ "CVE-2021-3907": [
+ "GO-2022-0248"
+ ],
+ "CVE-2021-3910": [
+ "GO-2022-0251"
+ ],
+ "CVE-2021-3911": [
+ "GO-2022-0252"
+ ],
+ "CVE-2021-3912": [
+ "GO-2022-0253"
+ ],
+ "CVE-2021-39137": [
+ "GO-2022-0254"
+ ],
+ "CVE-2021-39293": [
+ "GO-2022-0273"
+ ],
+ "CVE-2021-41173": [
+ "GO-2022-0256"
+ ],
+ "CVE-2021-41230": [
+ "GO-2021-0258"
+ ],
+ "CVE-2021-41771": [
+ "GO-2021-0263"
+ ],
+ "CVE-2021-41772": [
+ "GO-2021-0264"
+ ],
+ "CVE-2021-42248": [
+ "GO-2021-0265"
+ ],
+ "CVE-2021-4235": [
+ "GO-2021-0061"
+ ],
+ "CVE-2021-4236": [
+ "GO-2021-0107"
+ ],
+ "CVE-2021-4238": [
+ "GO-2022-0411"
+ ],
+ "CVE-2021-4239": [
+ "GO-2022-0425"
+ ],
+ "CVE-2021-42576": [
+ "GO-2022-0588"
+ ],
+ "CVE-2021-42836": [
+ "GO-2021-0265"
+ ],
+ "CVE-2021-43784": [
+ "GO-2022-0274"
+ ],
+ "CVE-2021-44716": [
+ "GO-2022-0288"
+ ],
+ "CVE-2021-44717": [
+ "GO-2022-0289"
+ ],
+ "CVE-2021-46398": [
+ "GO-2022-0563"
+ ],
+ "CVE-2022-0317": [
+ "GO-2022-0294"
+ ],
+ "CVE-2022-1227": [
+ "GO-2022-0558"
+ ],
+ "CVE-2022-1705": [
+ "GO-2022-0525"
+ ],
+ "CVE-2022-1962": [
+ "GO-2022-0515"
+ ],
+ "CVE-2022-1996": [
+ "GO-2022-0619"
+ ],
+ "CVE-2022-21221": [
+ "GO-2022-0355"
+ ],
+ "CVE-2022-21235": [
+ "GO-2022-0414"
+ ],
+ "CVE-2022-21698": [
+ "GO-2022-0322"
+ ],
+ "CVE-2022-21708": [
+ "GO-2022-0300"
+ ],
+ "CVE-2022-23628": [
+ "GO-2022-0316"
+ ],
+ "CVE-2022-23772": [
+ "GO-2021-0317"
+ ],
+ "CVE-2022-23773": [
+ "GO-2022-0318"
+ ],
+ "CVE-2022-23806": [
+ "GO-2021-0319"
+ ],
+ "CVE-2022-24675": [
+ "GO-2022-0433"
+ ],
+ "CVE-2022-24778": [
+ "GO-2021-0412"
+ ],
+ "CVE-2022-24912": [
+ "GO-2022-0534"
+ ],
+ "CVE-2022-24921": [
+ "GO-2021-0347"
+ ],
+ "CVE-2022-24968": [
+ "GO-2021-0321",
+ "GO-2022-0370",
+ "GO-2022-0947"
+ ],
+ "CVE-2022-2582": [
+ "GO-2022-0391"
+ ],
+ "CVE-2022-2583": [
+ "GO-2022-0400"
+ ],
+ "CVE-2022-2584": [
+ "GO-2022-0422"
+ ],
+ "CVE-2022-25856": [
+ "GO-2022-0492"
+ ],
+ "CVE-2022-25891": [
+ "GO-2022-0528"
+ ],
+ "CVE-2022-26945": [
+ "GO-2022-0586"
+ ],
+ "CVE-2022-27191": [
+ "GO-2021-0356"
+ ],
+ "CVE-2022-27536": [
+ "GO-2022-0434"
+ ],
+ "CVE-2022-27651": [
+ "GO-2022-0417"
+ ],
+ "CVE-2022-28131": [
+ "GO-2022-0521"
+ ],
+ "CVE-2022-28327": [
+ "GO-2022-0435"
+ ],
+ "CVE-2022-28946": [
+ "GO-2022-0587"
+ ],
+ "CVE-2022-28948": [
+ "GO-2022-0603"
+ ],
+ "CVE-2022-29173": [
+ "GO-2022-0444"
+ ],
+ "CVE-2022-29189": [
+ "GO-2022-0461"
+ ],
+ "CVE-2022-29190": [
+ "GO-2022-0460"
+ ],
+ "CVE-2022-29222": [
+ "GO-2022-0462"
+ ],
+ "CVE-2022-29526": [
+ "GO-2022-0493"
+ ],
+ "CVE-2022-29804": [
+ "GO-2022-0533"
+ ],
+ "CVE-2022-29810": [
+ "GO-2022-0438"
+ ],
+ "CVE-2022-30321": [
+ "GO-2022-0586"
+ ],
+ "CVE-2022-30322": [
+ "GO-2022-0586"
+ ],
+ "CVE-2022-30323": [
+ "GO-2022-0586"
+ ],
+ "CVE-2022-30580": [
+ "GO-2022-0532"
+ ],
+ "CVE-2022-30629": [
+ "GO-2022-0531"
+ ],
+ "CVE-2022-30630": [
+ "GO-2022-0527"
+ ],
+ "CVE-2022-30631": [
+ "GO-2022-0524"
+ ],
+ "CVE-2022-30632": [
+ "GO-2022-0522"
+ ],
+ "CVE-2022-30633": [
+ "GO-2022-0523"
+ ],
+ "CVE-2022-30634": [
+ "GO-2022-0477"
+ ],
+ "CVE-2022-30635": [
+ "GO-2022-0526"
+ ],
+ "CVE-2022-3064": [
+ "GO-2022-0956"
+ ],
+ "CVE-2022-31022": [
+ "GO-2022-0470"
+ ],
+ "CVE-2022-31053": [
+ "GO-2022-0564"
+ ],
+ "CVE-2022-31145": [
+ "GO-2022-0519"
+ ],
+ "CVE-2022-31259": [
+ "GO-2022-0463"
+ ],
+ "CVE-2022-31836": [
+ "GO-2022-0569"
+ ],
+ "CVE-2022-32148": [
+ "GO-2022-0520"
+ ],
+ "CVE-2022-32189": [
+ "GO-2022-0537"
+ ],
+ "CVE-2022-33082": [
+ "GO-2022-0574"
+ ],
+ "CVE-2022-36009": [
+ "GO-2022-0952"
+ ],
+ "CVE-2022-37315": [
+ "GO-2022-0942"
+ ],
+ "GHSA-25xm-hr59-7c27": [
+ "GO-2020-0016"
+ ],
+ "GHSA-27rq-4943-qcwp": [
+ "GO-2022-0438"
+ ],
+ "GHSA-28r2-q6m8-9hpx": [
+ "GO-2022-0586"
+ ],
+ "GHSA-28r6-jm5h-mrgg": [
+ "GO-2022-0572"
+ ],
+ "GHSA-2c64-vj8g-vwrq": [
+ "GO-2022-0380"
+ ],
+ "GHSA-2m4x-4q9j-w97g": [
+ "GO-2022-0574"
+ ],
+ "GHSA-2v6x-frw8-7r7f": [
+ "GO-2022-0621"
+ ],
+ "GHSA-2x32-jm95-2cpx": [
+ "GO-2020-0050"
+ ],
+ "GHSA-3fx4-7f69-5mmg": [
+ "GO-2020-0009"
+ ],
+ "GHSA-3x58-xr87-2fcj": [
+ "GO-2022-0762"
+ ],
+ "GHSA-3xh2-74w9-5vxm": [
+ "GO-2020-0019"
+ ],
+ "GHSA-44r7-7p62-q3fr": [
+ "GO-2020-0008"
+ ],
+ "GHSA-477v-w82m-634j": [
+ "GO-2022-0528"
+ ],
+ "GHSA-4hq8-gmxx-h6w9": [
+ "GO-2021-0058"
+ ],
+ "GHSA-4w5x-x539-ppf5": [
+ "GO-2022-0380"
+ ],
+ "GHSA-56hp-xqp3-w2jf": [
+ "GO-2022-0384"
+ ],
+ "GHSA-5796-p3m6-9qj4": [
+ "GO-2021-0102"
+ ],
+ "GHSA-58v3-j75h-xr49": [
+ "GO-2020-0007"
+ ],
+ "GHSA-59hh-656j-3p7v": [
+ "GO-2022-0256"
+ ],
+ "GHSA-5cgx-vhfp-6cf9": [
+ "GO-2022-0629"
+ ],
+ "GHSA-5gjg-jgh4-gppm": [
+ "GO-2021-0107"
+ ],
+ "GHSA-5mxh-2qfv-4g7j": [
+ "GO-2022-0251"
+ ],
+ "GHSA-5rcv-m4m3-hfh7": [
+ "GO-2020-0015"
+ ],
+ "GHSA-5x29-3hr9-6wpw": [
+ "GO-2021-0095"
+ ],
+ "GHSA-62mh-w5cv-p88c": [
+ "GO-2022-0386"
+ ],
+ "GHSA-6635-c626-vj4r": [
+ "GO-2022-0414"
+ ],
+ "GHSA-66vw-v2x9-hw75": [
+ "GO-2022-0558"
+ ],
+ "GHSA-66x3-6cw3-v5gj": [
+ "GO-2022-0444"
+ ],
+ "GHSA-6jqj-f58p-mrw3": [
+ "GO-2021-0090"
+ ],
+ "GHSA-72wf-hwcq-65h9": [
+ "GO-2022-0563"
+ ],
+ "GHSA-733f-44f3-3frw": [
+ "GO-2020-0039"
+ ],
+ "GHSA-74xm-qj29-cq8p": [
+ "GO-2021-0104"
+ ],
+ "GHSA-75rw-34q6-72cr": [
+ "GO-2022-0564"
+ ],
+ "GHSA-7638-r9r3-rmjj": [
+ "GO-2022-0345"
+ ],
+ "GHSA-76wf-9vgp-pj7w": [
+ "GO-2022-0391"
+ ],
+ "GHSA-77gc-fj98-665h": [
+ "GO-2020-0011",
+ "GO-2022-0945"
+ ],
+ "GHSA-7gfg-6934-mqq2": [
+ "GO-2020-0038"
+ ],
+ "GHSA-7jr6-prv4-5wf5": [
+ "GO-2022-0384"
+ ],
+ "GHSA-7mqr-2v3q-v2wm": [
+ "GO-2021-0109"
+ ],
+ "GHSA-7qw8-847f-pggm": [
+ "GO-2021-0100"
+ ],
+ "GHSA-85p9-j7c9-v4gr": [
+ "GO-2021-0081"
+ ],
+ "GHSA-86r9-39j9-99wp": [
+ "GO-2020-0010"
+ ],
+ "GHSA-88jf-7rch-32qc": [
+ "GO-2020-0041"
+ ],
+ "GHSA-8c26-wmh5-6g9v": [
+ "GO-2021-0356"
+ ],
+ "GHSA-8v99-48m9-c8pm": [
+ "GO-2021-0412"
+ ],
+ "GHSA-8vrw-m3j9-j27c": [
+ "GO-2021-0057"
+ ],
+ "GHSA-9423-6c93-gpp8": [
+ "GO-2020-0042"
+ ],
+ "GHSA-95f9-94vc-665h": [
+ "GO-2022-0569"
+ ],
+ "GHSA-9856-9gg9-qcmq": [
+ "GO-2022-0254"
+ ],
+ "GHSA-99cg-575x-774p": [
+ "GO-2022-0294"
+ ],
+ "GHSA-9cx9-x2gp-9qvh": [
+ "GO-2021-0091",
+ "GO-2021-0108"
+ ],
+ "GHSA-9jcx-pr2f-qvq5": [
+ "GO-2020-0028"
+ ],
+ "GHSA-9q3g-m353-cp4p": [
+ "GO-2022-0643"
+ ],
+ "GHSA-9r5x-fjv3-q6h4": [
+ "GO-2022-0386"
+ ],
+ "GHSA-9w9f-6mg8-jp7w": [
+ "GO-2022-0470"
+ ],
+ "GHSA-9x4h-8wgm-8xfg": [
+ "GO-2022-0503"
+ ],
+ "GHSA-c3g4-w6cv-6v7h": [
+ "GO-2022-0417"
+ ],
+ "GHSA-c3h9-896r-86jm": [
+ "GO-2021-0053"
+ ],
+ "GHSA-c8xp-8mf3-62h9": [
+ "GO-2022-0246"
+ ],
+ "GHSA-c9gm-7rfj-8w5h": [
+ "GO-2021-0265"
+ ],
+ "GHSA-cg3q-j54f-5p7p": [
+ "GO-2022-0322"
+ ],
+ "GHSA-cjjc-xp8v-855w": [
+ "GO-2022-0229"
+ ],
+ "GHSA-cjr4-fv6c-f3mv": [
+ "GO-2022-0586"
+ ],
+ "GHSA-cm8f-h6j3-p25c": [
+ "GO-2022-0460"
+ ],
+ "GHSA-cqh2-vc2f-q4fh": [
+ "GO-2022-0248"
+ ],
+ "GHSA-cx3w-xqmc-84g5": [
+ "GO-2021-0098"
+ ],
+ "GHSA-cx94-mrg9-rq4j": [
+ "GO-2022-0461"
+ ],
+ "GHSA-f5pg-7wfw-84q9": [
+ "GO-2022-0646"
+ ],
+ "GHSA-f6mq-5m25-4r72": [
+ "GO-2021-0111",
+ "GO-2021-0112"
+ ],
+ "GHSA-f6px-w8rh-7r89": [
+ "GO-2021-0084"
+ ],
+ "GHSA-fcgg-rvwg-jv58": [
+ "GO-2022-0586"
+ ],
+ "GHSA-ffhg-7mh4-33c4": [
+ "GO-2020-0012"
+ ],
+ "GHSA-fgv8-vj5c-2ppq": [
+ "GO-2021-0085"
+ ],
+ "GHSA-fh74-hm69-rqjw": [
+ "GO-2021-0087"
+ ],
+ "GHSA-fx95-883v-4q4h": [
+ "GO-2022-0355"
+ ],
+ "GHSA-g3vv-g2j5-45f2": [
+ "GO-2022-0422"
+ ],
+ "GHSA-g5v4-5x39-vwhx": [
+ "GO-2021-0099"
+ ],
+ "GHSA-g9mp-8g3h-3c5c": [
+ "GO-2022-0425"
+ ],
+ "GHSA-g9wh-3vrx-r7hg": [
+ "GO-2022-0253"
+ ],
+ "GHSA-h289-x5wc-xcv8": [
+ "GO-2022-0370"
+ ],
+ "GHSA-h2fg-54x9-5qhq": [
+ "GO-2022-0402"
+ ],
+ "GHSA-h2x7-2ff6-v32p": [
+ "GO-2022-0400"
+ ],
+ "GHSA-h395-qcrw-5vmq": [
+ "GO-2020-0029",
+ "GO-2021-0052"
+ ],
+ "GHSA-h3qm-jrrf-cgj3": [
+ "GO-2022-0942"
+ ],
+ "GHSA-h6xx-pmxh-3wgp": [
+ "GO-2021-0077"
+ ],
+ "GHSA-hcw3-j74m-qc58": [
+ "GO-2022-0316"
+ ],
+ "GHSA-hmm9-r2m2-qg9w": [
+ "GO-2022-0402"
+ ],
+ "GHSA-hp87-p4gw-j4gq": [
+ "GO-2022-0603"
+ ],
+ "GHSA-j6wp-3859-vxfg": [
+ "GO-2021-0258"
+ ],
+ "GHSA-j756-f273-xhp4": [
+ "GO-2022-0386"
+ ],
+ "GHSA-jcxc-rh6w-wf49": [
+ "GO-2022-0272"
+ ],
+ "GHSA-jm5c-rv3w-w83m": [
+ "GO-2021-0103"
+ ],
+ "GHSA-jp32-vmm6-3vf5": [
+ "GO-2022-0701"
+ ],
+ "GHSA-jq7p-26h5-w78r": [
+ "GO-2021-0101"
+ ],
+ "GHSA-jxqv-jcvh-7gr4": [
+ "GO-2022-0534"
+ ],
+ "GHSA-m658-p24x-p74r": [
+ "GO-2021-0321",
+ "GO-2022-0370",
+ "GO-2022-0947"
+ ],
+ "GHSA-m6wg-2mwg-4rfq": [
+ "GO-2020-0002",
+ "GO-2020-0031",
+ "GO-2021-0096"
+ ],
+ "GHSA-m9hp-7r99-94h5": [
+ "GO-2020-0050"
+ ],
+ "GHSA-mh3m-8c74-74xh": [
+ "GO-2022-0300"
+ ],
+ "GHSA-mj9r-wwm8-7q52": [
+ "GO-2021-0237"
+ ],
+ "GHSA-mq47-6wwv-v79w": [
+ "GO-2022-0346"
+ ],
+ "GHSA-mr6h-chqp-p9g2": [
+ "GO-2020-0021"
+ ],
+ "GHSA-p55x-7x9v-q8m4": [
+ "GO-2020-0006"
+ ],
+ "GHSA-ppj4-34rq-v8j9": [
+ "GO-2021-0265"
+ ],
+ "GHSA-q3j5-32m5-58c2": [
+ "GO-2021-0070"
+ ],
+ "GHSA-q547-gmf8-8jr7": [
+ "GO-2020-0050"
+ ],
+ "GHSA-q6gq-997w-f55g": [
+ "GO-2021-0142"
+ ],
+ "GHSA-qj26-7grj-whg3": [
+ "GO-2020-0027"
+ ],
+ "GHSA-qpgx-64h2-gc3c": [
+ "GO-2022-0492"
+ ],
+ "GHSA-qq97-vm5h-rrhg": [
+ "GO-2022-0379"
+ ],
+ "GHSA-qqc5-rgcc-cjqh": [
+ "GO-2022-0706"
+ ],
+ "GHSA-qwrj-9hmp-gpxh": [
+ "GO-2022-0519"
+ ],
+ "GHSA-qx32-f6g6-fcfr": [
+ "GO-2022-0463"
+ ],
+ "GHSA-r33q-22hv-j29q": [
+ "GO-2021-0063"
+ ],
+ "GHSA-r48q-9g5r-8q2h": [
+ "GO-2022-0619"
+ ],
+ "GHSA-rmh2-65xw-9m6q": [
+ "GO-2021-0089"
+ ],
+ "GHSA-v3q9-2p3m-7g43": [
+ "GO-2021-0092",
+ "GO-2021-0110"
+ ],
+ "GHSA-v95c-p5hm-xq8f": [
+ "GO-2022-0274"
+ ],
+ "GHSA-vc3x-gx6c-g99f": [
+ "GO-2021-0079"
+ ],
+ "GHSA-vpx7-vm66-qx8r": [
+ "GO-2021-0228"
+ ],
+ "GHSA-w45j-f832-hxvh": [
+ "GO-2022-0462"
+ ],
+ "GHSA-w6ww-fmfx-2x22": [
+ "GO-2022-0252"
+ ],
+ "GHSA-w73w-5m7g-f7qc": [
+ "GO-2020-0017"
+ ],
+ "GHSA-w942-gw6m-p62c": [
+ "GO-2021-0059"
+ ],
+ "GHSA-wjm3-fq3r-5x46": [
+ "GO-2022-0957"
+ ],
+ "GHSA-wmwp-pggc-h4mj": [
+ "GO-2021-0086"
+ ],
+ "GHSA-wxc4-f4m6-wwqv": [
+ "GO-2020-0036"
+ ],
+ "GHSA-x24g-9w7v-vprh": [
+ "GO-2022-0586"
+ ],
+ "GHSA-x4rg-4545-4w7w": [
+ "GO-2021-0088"
+ ],
+ "GHSA-x7f3-62pm-9p38": [
+ "GO-2022-0587"
+ ],
+ "GHSA-x95h-979x-cf3j": [
+ "GO-2022-0588"
+ ],
+ "GHSA-xcf7-q56x-78gh": [
+ "GO-2022-0233"
+ ],
+ "GHSA-xg2h-wx96-xgxr": [
+ "GO-2022-0411"
+ ],
+ "GHSA-xhg2-rvm8-w2jh": [
+ "GO-2022-0755"
+ ],
+ "GHSA-xhqq-x44f-9fgg": [
+ "GO-2021-0060"
+ ],
+ "GHSA-xjqr-g762-pxwp": [
+ "GO-2022-0230"
+ ],
+ "GHSA-xw37-57qp-9mm4": [
+ "GO-2021-0105"
+ ]
+}