| ##### |
| # Test verbose scanning with text output for a binary built |
| # with an ancient Go version |
| $ govulncheck -mode binary -show verbose ${moddir}/stdlib/old_dont_run_me --> FAIL 3 |
| Scanning your binary for known vulnerabilities... |
| |
| Fetching vulnerabilities from the database... |
| |
| Checking the binary against the vulnerabilities... |
| |
| warning: binary built with Go version go1.12.10, only standard library vulnerabilities will be checked |
| |
| warning: failed to extract build system specification GOOS: GOARCH: |
| |
| |
| === Symbol Results === |
| |
| Vulnerability #1: GO-2022-0969 |
| HTTP/2 server connections can hang forever waiting for a clean shutdown that |
| was preempted by a fatal error. This condition can be exploited by a |
| malicious client to cause a denial of service. |
| More info: https://pkg.go.dev/vuln/GO-2022-0969 |
| Standard library |
| Found in: net/http@go1.12.10 |
| Fixed in: net/http@go1.18.6 |
| Vulnerable symbols found: |
| #1: http.ListenAndServe |
| #2: http.ListenAndServeTLS |
| #3: http.Serve |
| #4: http.ServeTLS |
| #5: http.Server.ListenAndServe |
| Use '-show traces' to see the other 4 found symbols |
| |
| === Package Results === |
| |
| No other vulnerabilities found. |
| |
| === Module Results === |
| |
| No other vulnerabilities found. |
| |
| Your code is affected by 1 vulnerability from the Go standard library. |
| This scan found no other vulnerabilities in packages you import or modules you |
| require. |
