cmd/govulncheck/testdata/source_multientry_json.ct

#####
# Test for multiple call stacks in source mode
$ govulncheck -json -C ${moddir}/multientry .
{
  "config": {
    "protocol_version": "v0.1.0",
    "scanner_name": "govulncheck",
    "scanner_version": "v0.0.0-00000000000-20000101010101",
    "db": "testdata/vulndb-v1",
    "db_last_modified": "2023-04-03T15:57:51Z",
    "go_version": "go1.18"
  }
}
{
  "progress": {
    "message": "Scanning your code and P packages across M dependent module for known vulnerabilities..."
  }
}
{
  "osv": {
    "schema_version": "1.3.1",
    "id": "GO-2021-0113",
    "modified": "2023-04-03T15:57:51Z",
    "published": "2021-10-06T17:51:21Z",
    "aliases": [
      "CVE-2021-38561",
      "GHSA-ppp9-7jff-5vj2"
    ],
    "details": "Due to improper index calculation, an incorrectly formatted language tag can cause Parse to panic via an out of bounds read. If Parse is used to process untrusted user inputs, this may be used as a vector for a denial of service attack.",
    "affected": [
      {
        "package": {
          "name": "golang.org/x/text",
          "ecosystem": "Go"
        },
        "ranges": [
          {
            "type": "SEMVER",
            "events": [
              {
                "introduced": "0"
              },
              {
                "fixed": "0.3.7"
              }
            ]
          }
        ],
        "ecosystem_specific": {
          "imports": [
            {
              "path": "golang.org/x/text/language",
              "symbols": [
                "MatchStrings",
                "MustParse",
                "Parse",
                "ParseAcceptLanguage"
              ]
            }
          ]
        }
      }
    ],
    "references": [
      {
        "type": "FIX",
        "url": "https://go.dev/cl/340830"
      },
      {
        "type": "FIX",
        "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f"
      }
    ],
    "credits": [
      {
        "name": "Guido Vranken"
      }
    ],
    "database_specific": {
      "url": "https://pkg.go.dev/vuln/GO-2021-0113"
    }
  }
}
{
  "finding": {
    "osv": "GO-2021-0113",
    "fixed_version": "v0.3.7",
    "trace": [
      {
        "module": "golang.org/x/text",
        "version": "v0.3.5",
        "package": "golang.org/x/text/language",
        "function": "MustParse"
      },
      {
        "module": "golang.org/multientry",
        "package": "golang.org/multientry",
        "function": "foobar",
        "position": {
          "filename": ".../main.go",
          "offset": 1694,
          "line": 99,
          "column": 20
        }
      },
      {
        "module": "golang.org/multientry",
        "package": "golang.org/multientry",
        "function": "D",
        "position": {
          "filename": ".../main.go",
          "offset": 705,
          "line": 48,
          "column": 8
        }
      },
      {
        "module": "golang.org/multientry",
        "package": "golang.org/multientry",
        "function": "main",
        "position": {
          "filename": ".../main.go",
          "offset": 441,
          "line": 26,
          "column": 3
        }
      }
    ]
  }
}
{
  "finding": {
    "osv": "GO-2021-0113",
    "fixed_version": "v0.3.7",
    "trace": [
      {
        "module": "golang.org/x/text",
        "version": "v0.3.5",
        "package": "golang.org/x/text/language",
        "function": "Parse"
      },
      {
        "module": "golang.org/multientry",
        "package": "golang.org/multientry",
        "function": "C",
        "position": {
          "filename": ".../main.go",
          "offset": 679,
          "line": 44,
          "column": 23
        }
      },
      {
        "module": "golang.org/multientry",
        "package": "golang.org/multientry",
        "function": "main",
        "position": {
          "filename": ".../main.go",
          "offset": 340,
          "line": 22,
          "column": 3
        }
      }
    ]
  }
}