cmd/govulncheck/integration/stackrox-scanner/scanner.go - vuln - Git at Google

 // Copyright 2022 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package main

 import (
 	"encoding/json"
 	"log"
 	"os"

 	"github.com/google/go-cmp/cmp"
 	"golang.org/x/vuln/vulncheck"
 )

 const usage = `test helper for examining the output of running govulncheck on
 stackrox-io/scanner binary (https://quay.io/repository/stackrox-io/scanner).

 Example usage: ./stackrox-scanner [path to output file]
 `

 func main() {
 	if len(os.Args) != 2 {
 		log.Fatal("Incorrect number of expected command line arguments", usage)
 	}
 	out := os.Args[1]

 	outJson, err := os.ReadFile(out)
 	if err != nil {
 		log.Fatal("Failed to read:", out)
 	}

 	var r vulncheck.Result
 	if err := json.Unmarshal(outJson, &r); err != nil {
 		log.Fatal("Failed to load json into vulncheck.Result:", err)
 	}

 	if len(r.Vulns) != 36 {
 		log.Fatalf("want 36 vulns; got %d", len(r.Vulns))
 	}

 	type vuln struct {
 		pkg    string
 		symbol string
 	}
 	symbolVulns := make(map[vuln]bool)
 	for _, v := range r.Vulns {
 		symbolVulns[vuln{v.PkgPath, v.Symbol}] = true
 	}

 	want := map[vuln]bool{
 		{pkg: "net/http", symbol: "Server.ListenAndServe"}:                          true,
 		{pkg: "net/http", symbol: "Server.ListenAndServeTLS"}:                       true,
 		{pkg: "net/http", symbol: "Server.Serve"}:                                   true,
 		{pkg: "net/http", symbol: "Server.ServeTLS"}:                                true,
 		{pkg: "net/http", symbol: "http2Server.ServeConn"}:                          true,
 		{pkg: "net/http", symbol: "http2serverConn.goAway"}:                         true,
 		{pkg: "net/http", symbol: "transferReader.parseTransferEncoding"}:           true,
 		{pkg: "path/filepath", symbol: "Glob"}:                                      true,
 		{pkg: "regexp/syntax", symbol: "Parse"}:                                     true,
 		{pkg: "regexp/syntax", symbol: "parse"}:                                     true,
 		{pkg: "regexp/syntax", symbol: "parser.factor"}:                             true,
 		{pkg: "regexp/syntax", symbol: "parser.push"}:                               true,
 		{pkg: "regexp/syntax", symbol: "parser.repeat"}:                             true,
 		{pkg: "archive/tar", symbol: "Reader.Next"}:                                 true,
 		{pkg: "archive/tar", symbol: "Reader.next"}:                                 true,
 		{pkg: "archive/tar", symbol: "parsePAX"}:                                    true,
 		{pkg: "compress/gzip", symbol: "Reader.Read"}:                               true,
 		{pkg: "crypto/tls", symbol: "serverHandshakeStateTLS13.sendSessionTickets"}: true,
 		{pkg: "encoding/pem", symbol: "Decode"}:                                     true,
 		{pkg: "encoding/xml", symbol: "Decoder.DecodeElement"}:                      true,
 		{pkg: "encoding/xml", symbol: "Decoder.Skip"}:                               true,
 		{pkg: "encoding/xml", symbol: "Decoder.unmarshal"}:                          true,
 		{pkg: "encoding/xml", symbol: "Decoder.unmarshalPath"}:                      true,
 		{pkg: "net/http", symbol: "Header.Clone"}:                                   true,
 	}

 	if diff := cmp.Diff(want, symbolVulns); diff != "" {
 		log.Fatalf("present vulnerable symbols mismatch (-want, +got):\n%s", diff)
 	}
 }
	// Copyright 2022 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package main

	import (
	"encoding/json"
	"log"
	"os"

	"github.com/google/go-cmp/cmp"
	"golang.org/x/vuln/vulncheck"
	)

	const usage = `test helper for examining the output of running govulncheck on
	stackrox-io/scanner binary (https://quay.io/repository/stackrox-io/scanner).

	Example usage: ./stackrox-scanner [path to output file]
	`

	func main() {
	if len(os.Args) != 2 {
	log.Fatal("Incorrect number of expected command line arguments", usage)
	}
	out := os.Args[1]

	outJson, err := os.ReadFile(out)
	if err != nil {
	log.Fatal("Failed to read:", out)
	}

	var r vulncheck.Result
	if err := json.Unmarshal(outJson, &r); err != nil {
	log.Fatal("Failed to load json into vulncheck.Result:", err)
	}

	if len(r.Vulns) != 36 {
	log.Fatalf("want 36 vulns; got %d", len(r.Vulns))
	}

	type vuln struct {
	pkg string
	symbol string
	}
	symbolVulns := make(map[vuln]bool)
	for _, v := range r.Vulns {
	symbolVulns[vuln{v.PkgPath, v.Symbol}] = true
	}

	want := map[vuln]bool{
	{pkg: "net/http", symbol: "Server.ListenAndServe"}: true,
	{pkg: "net/http", symbol: "Server.ListenAndServeTLS"}: true,
	{pkg: "net/http", symbol: "Server.Serve"}: true,
	{pkg: "net/http", symbol: "Server.ServeTLS"}: true,
	{pkg: "net/http", symbol: "http2Server.ServeConn"}: true,
	{pkg: "net/http", symbol: "http2serverConn.goAway"}: true,
	{pkg: "net/http", symbol: "transferReader.parseTransferEncoding"}: true,
	{pkg: "path/filepath", symbol: "Glob"}: true,
	{pkg: "regexp/syntax", symbol: "Parse"}: true,
	{pkg: "regexp/syntax", symbol: "parse"}: true,
	{pkg: "regexp/syntax", symbol: "parser.factor"}: true,
	{pkg: "regexp/syntax", symbol: "parser.push"}: true,
	{pkg: "regexp/syntax", symbol: "parser.repeat"}: true,
	{pkg: "archive/tar", symbol: "Reader.Next"}: true,
	{pkg: "archive/tar", symbol: "Reader.next"}: true,
	{pkg: "archive/tar", symbol: "parsePAX"}: true,
	{pkg: "compress/gzip", symbol: "Reader.Read"}: true,
	{pkg: "crypto/tls", symbol: "serverHandshakeStateTLS13.sendSessionTickets"}: true,
	{pkg: "encoding/pem", symbol: "Decode"}: true,
	{pkg: "encoding/xml", symbol: "Decoder.DecodeElement"}: true,
	{pkg: "encoding/xml", symbol: "Decoder.Skip"}: true,
	{pkg: "encoding/xml", symbol: "Decoder.unmarshal"}: true,
	{pkg: "encoding/xml", symbol: "Decoder.unmarshalPath"}: true,
	{pkg: "net/http", symbol: "Header.Clone"}: true,
	}

	if diff := cmp.Diff(want, symbolVulns); diff != "" {
	log.Fatalf("present vulnerable symbols mismatch (-want, +got):\n%s", diff)
	}
	}