| ##### |
| # Test for multiple call stacks in source mode with expanded traces |
| $ govulncheck -C ${moddir}/multientry . --> FAIL 3 |
| govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback. |
| |
| Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with |
| vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC). |
| |
| Scanning your code and P packages across M dependent module for known vulnerabilities... |
| Your code is affected by 1 vulnerability from 1 module. |
| |
| Vulnerability #1: GO-2021-0113 |
| Due to improper index calculation, an incorrectly formatted |
| language tag can cause Parse to panic via an out of bounds read. |
| If Parse is used to process untrusted user inputs, this may be |
| used as a vector for a denial of service attack. |
| More info: https://pkg.go.dev/vuln/GO-2021-0113 |
| Module: golang.org/x/text |
| Found in: golang.org/x/text@v0.3.5 |
| Fixed in: golang.org/x/text@v0.3.7 |
| Call stacks in your code: |
| .../main.go:99:20: golang.org/multientry.foobar calls golang.org/x/text/language.MustParse |
| .../main.go:44:23: golang.org/multientry.C calls golang.org/x/text/language.Parse |
| |
| ##### |
| # Test for multple call stacks in source mode with expanded traces |
| $ govulncheck -C ${moddir}/multientry -show=traces ./... --> FAIL 3 |
| govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback. |
| |
| Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with |
| vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC). |
| |
| Scanning your code and P packages across M dependent module for known vulnerabilities... |
| Your code is affected by 1 vulnerability from 1 module. |
| |
| Vulnerability #1: GO-2021-0113 |
| Due to improper index calculation, an incorrectly formatted |
| language tag can cause Parse to panic via an out of bounds read. |
| If Parse is used to process untrusted user inputs, this may be |
| used as a vector for a denial of service attack. |
| More info: https://pkg.go.dev/vuln/GO-2021-0113 |
| Module: golang.org/x/text |
| Found in: golang.org/x/text@v0.3.5 |
| Fixed in: golang.org/x/text@v0.3.7 |
| Call stacks in your code: |
| #1: for function MustParse |
| golang.org/multientry.main |
| .../main.go:26:3 |
| golang.org/multientry.D |
| .../main.go:48:8 |
| golang.org/multientry.foobar |
| .../main.go:99:20 |
| golang.org/x/text/language.MustParse |
| #2: for function Parse |
| golang.org/multientry.main |
| .../main.go:22:3 |
| golang.org/multientry.C |
| .../main.go:44:23 |
| golang.org/x/text/language.Parse |