cmd/govulncheck/testdata/source_multientry_text.ct - vuln - Git at Google

 #####
 # Test for multiple call stacks in source mode with expanded traces
 $ govulncheck -C ${moddir}/multientry . --> FAIL 3
 govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

 Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
 vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

 Scanning your code and P packages across M dependent module for known vulnerabilities...
 Your code is affected by 1 vulnerability from 1 module.

 Vulnerability #1: GO-2021-0113
     Due to improper index calculation, an incorrectly formatted
     language tag can cause Parse to panic via an out of bounds read.
     If Parse is used to process untrusted user inputs, this may be
     used as a vector for a denial of service attack.
   More info: https://pkg.go.dev/vuln/GO-2021-0113
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.5
     Fixed in: golang.org/x/text@v0.3.7
     Call stacks in your code:
       .../main.go:99:20: golang.org/multientry.foobar calls golang.org/x/text/language.MustParse
       .../main.go:44:23: golang.org/multientry.C calls golang.org/x/text/language.Parse

 #####
 # Test for multple call stacks in source mode with expanded traces
 $ govulncheck -C ${moddir}/multientry -show=traces ./... --> FAIL 3
 govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

 Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
 vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

 Scanning your code and P packages across M dependent module for known vulnerabilities...
 Your code is affected by 1 vulnerability from 1 module.

 Vulnerability #1: GO-2021-0113
     Due to improper index calculation, an incorrectly formatted
     language tag can cause Parse to panic via an out of bounds read.
     If Parse is used to process untrusted user inputs, this may be
     used as a vector for a denial of service attack.
   More info: https://pkg.go.dev/vuln/GO-2021-0113
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.5
     Fixed in: golang.org/x/text@v0.3.7
     Call stacks in your code:
       #1: for function MustParse
         golang.org/multientry.main
             .../main.go:26:3
         golang.org/multientry.D
             .../main.go:48:8
         golang.org/multientry.foobar
             .../main.go:99:20
         golang.org/x/text/language.MustParse
       #2: for function Parse
         golang.org/multientry.main
             .../main.go:22:3
         golang.org/multientry.C
             .../main.go:44:23
         golang.org/x/text/language.Parse
	#####
	# Test for multiple call stacks in source mode with expanded traces
	$ govulncheck -C ${moddir}/multientry . --> FAIL 3
	govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

	Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
	vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

	Scanning your code and P packages across M dependent module for known vulnerabilities...
	Your code is affected by 1 vulnerability from 1 module.

	Vulnerability #1: GO-2021-0113
	Due to improper index calculation, an incorrectly formatted
	language tag can cause Parse to panic via an out of bounds read.
	If Parse is used to process untrusted user inputs, this may be
	used as a vector for a denial of service attack.
	More info: https://pkg.go.dev/vuln/GO-2021-0113
	Module: golang.org/x/text
	Found in: golang.org/x/text@v0.3.5
	Fixed in: golang.org/x/text@v0.3.7
	Call stacks in your code:
	.../main.go:99:20: golang.org/multientry.foobar calls golang.org/x/text/language.MustParse
	.../main.go:44:23: golang.org/multientry.C calls golang.org/x/text/language.Parse

	#####
	# Test for multple call stacks in source mode with expanded traces
	$ govulncheck -C ${moddir}/multientry -show=traces ./... --> FAIL 3
	govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

	Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
	vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

	Scanning your code and P packages across M dependent module for known vulnerabilities...
	Your code is affected by 1 vulnerability from 1 module.

	Vulnerability #1: GO-2021-0113
	Due to improper index calculation, an incorrectly formatted
	language tag can cause Parse to panic via an out of bounds read.
	If Parse is used to process untrusted user inputs, this may be
	used as a vector for a denial of service attack.
	More info: https://pkg.go.dev/vuln/GO-2021-0113
	Module: golang.org/x/text
	Found in: golang.org/x/text@v0.3.5
	Fixed in: golang.org/x/text@v0.3.7
	Call stacks in your code:
	#1: for function MustParse
	golang.org/multientry.main
	.../main.go:26:3
	golang.org/multientry.D
	.../main.go:48:8
	golang.org/multientry.foobar
	.../main.go:99:20
	golang.org/x/text/language.MustParse
	#2: for function Parse
	golang.org/multientry.main
	.../main.go:22:3
	golang.org/multientry.C
	.../main.go:44:23
	golang.org/x/text/language.Parse