Google Git
Sign in
go / vuln / 8579d869f8890e79cd4578c003badc724a440488 / . / cmd / govulncheck / testdata / common / testfiles / source-call / source_call_text.ct
blob: 7ad1c52daf14c2da8d738bda369933615da860b1 [file] [log] [blame]
#####
# Test of basic govulncheck in source mode
$ govulncheck -C ${moddir}/vuln ./... --> FAIL 3
=== Symbol Results ===
Vulnerability #1: GO-2021-0265
A maliciously crafted path can cause Get and other query functions to
consume excessive amounts of CPU and time.
More info: https://pkg.go.dev/vuln/GO-2021-0265
Module: github.com/tidwall/gjson
Found in: github.com/tidwall/gjson@v1.6.5
Fixed in: github.com/tidwall/gjson@v1.9.3
Example traces found:
#1: vuln.go:14:20: vuln.main calls gjson.Result.Get
Vulnerability #2: GO-2021-0054
Due to improper bounds checking, maliciously crafted JSON objects can cause
an out-of-bounds panic. If parsing user input, this may be used as a denial
of service vector.
More info: https://pkg.go.dev/vuln/GO-2021-0054
Module: github.com/tidwall/gjson
Found in: github.com/tidwall/gjson@v1.6.5
Fixed in: github.com/tidwall/gjson@v1.6.6
Example traces found:
#1: vuln.go:14:20: vuln.main calls gjson.Result.Get, which eventually calls gjson.Result.ForEach
Your code is affected by 2 vulnerabilities from 1 module.
This scan also found 1 vulnerability in packages you import and 1 vulnerability
in modules you require, but your code doesn't appear to call these
vulnerabilities.
Use '-show verbose' for more details.
#####
# Test of basic govulncheck in source mode with expanded traces
$ govulncheck -C ${moddir}/vuln -show=traces ./... --> FAIL 3
=== Symbol Results ===
Vulnerability #1: GO-2021-0265
A maliciously crafted path can cause Get and other query functions to
consume excessive amounts of CPU and time.
More info: https://pkg.go.dev/vuln/GO-2021-0265
Module: github.com/tidwall/gjson
Found in: github.com/tidwall/gjson@v1.6.5
Fixed in: github.com/tidwall/gjson@v1.9.3
Example traces found:
#1: for function github.com/tidwall/gjson.Result.Get
vuln.go:14:20: golang.org/vuln.main
gjson.go:296:17: github.com/tidwall/gjson.Result.Get
Vulnerability #2: GO-2021-0054
Due to improper bounds checking, maliciously crafted JSON objects can cause
an out-of-bounds panic. If parsing user input, this may be used as a denial
of service vector.
More info: https://pkg.go.dev/vuln/GO-2021-0054
Module: github.com/tidwall/gjson
Found in: github.com/tidwall/gjson@v1.6.5
Fixed in: github.com/tidwall/gjson@v1.6.6
Example traces found:
#1: for function github.com/tidwall/gjson.Result.ForEach
vuln.go:14:20: golang.org/vuln.main
gjson.go:297:12: github.com/tidwall/gjson.Result.Get
gjson.go:1881:36: github.com/tidwall/gjson.Get
gjson.go:2587:21: github.com/tidwall/gjson.execModifier
gjson.go:2631:21: github.com/tidwall/gjson.modPretty
gjson.go:220:17: github.com/tidwall/gjson.Result.ForEach
Your code is affected by 2 vulnerabilities from 1 module.
This scan also found 1 vulnerability in packages you import and 1 vulnerability
in modules you require, but your code doesn't appear to call these
vulnerabilities.
Use '-show verbose' for more details.
#####
# Test of basic govulncheck in source mode with the -show verbose flag
$ govulncheck -C ${moddir}/vuln -show verbose ./... --> FAIL 3
Scanning your code and P packages across M dependent modules for known vulnerabilities...
Fetching vulnerabilities from the database...
Checking the code against the vulnerabilities...
=== Symbol Results ===
Vulnerability #1: GO-2021-0265
A maliciously crafted path can cause Get and other query functions to
consume excessive amounts of CPU and time.
More info: https://pkg.go.dev/vuln/GO-2021-0265
Module: github.com/tidwall/gjson
Found in: github.com/tidwall/gjson@v1.6.5
Fixed in: github.com/tidwall/gjson@v1.9.3
Example traces found:
#1: vuln.go:14:20: vuln.main calls gjson.Result.Get
Vulnerability #2: GO-2021-0054
Due to improper bounds checking, maliciously crafted JSON objects can cause
an out-of-bounds panic. If parsing user input, this may be used as a denial
of service vector.
More info: https://pkg.go.dev/vuln/GO-2021-0054
Module: github.com/tidwall/gjson
Found in: github.com/tidwall/gjson@v1.6.5
Fixed in: github.com/tidwall/gjson@v1.6.6
Example traces found:
#1: vuln.go:14:20: vuln.main calls gjson.Result.Get, which eventually calls gjson.Result.ForEach
=== Package Results ===
Vulnerability #1: GO-2021-0113
Due to improper index calculation, an incorrectly formatted language tag can
cause Parse to panic via an out of bounds read. If Parse is used to process
untrusted user inputs, this may be used as a vector for a denial of service
attack.
More info: https://pkg.go.dev/vuln/GO-2021-0113
Module: golang.org/x/text
Found in: golang.org/x/text@v0.3.0
Fixed in: golang.org/x/text@v0.3.7
=== Module Results ===
Vulnerability #1: GO-2020-0015
Infinite loop when decoding some inputs in golang.org/x/text
More info: https://pkg.go.dev/vuln/GO-2020-0015
Module: golang.org/x/text
Found in: golang.org/x/text@v0.3.0
Fixed in: golang.org/x/text@v0.3.3
Your code is affected by 2 vulnerabilities from 1 module.
This scan also found 1 vulnerability in packages you import and 1 vulnerability
in modules you require, but your code doesn't appear to call these
vulnerabilities.