cmd/govulncheck/testdata/json-summary.ct

# Test of the -json flag.
# TODO(zpavlinovic): add test for stdlib that works
# on all underlying Go build systems.

$ govulncheck -dir ${moddir}/novuln -summary-json .
{
	"Affecting": null,
	"NonAffecting": null
}

$ govulncheck -dir ${moddir}/vuln -summary-json .
{
	"Affecting": [
		{
			"OSV": {
				"id": "GO-2021-0113",
				"published": "2021-10-06T17:51:21Z",
				"modified": "2021-10-06T17:51:21Z",
				"aliases": [
					"CVE-2021-38561"
				],
				"details": "Due to improper index calculation, an incorrectly formatted language tag can cause Parse\nto panic via an out of bounds read. If Parse is used to process untrusted user inputs,\nthis may be used as a vector for a denial of service attack.\n",
				"affected": [
					{
						"package": {
							"name": "golang.org/x/text",
							"ecosystem": "Go"
						},
						"ranges": [
							{
								"type": "SEMVER",
								"events": [
									{
										"introduced": "0"
									},
									{
										"fixed": "0.3.7"
									}
								]
							}
						],
						"database_specific": {
							"url": "https://pkg.go.dev/vuln/GO-2021-0113"
						},
						"ecosystem_specific": {
							"imports": [
								{
									"path": "golang.org/x/text/language",
									"symbols": [
										"MatchStrings",
										"MustParse",
										"Parse",
										"ParseAcceptLanguage"
									]
								}
							]
						}
					}
				],
				"references": [
					{
						"type": "FIX",
						"url": "https://go.dev/cl/340830"
					},
					{
						"type": "FIX",
						"url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f"
					},
					{
						"type": "WEB",
						"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
					}
				]
			},
			"PkgPath": "golang.org/x/text/language",
			"ModPath": "golang.org/x/text",
			"FoundIn": "v0.3.0",
			"FixedIn": "v0.3.7",
			"Trace": [
				{
					"Symbol": "Parse",
					"Desc": ".../vuln.go:12:16: golang.org/vuln.main calls golang.org/x/text/language.Parse",
					"Stack": [
						{
							"FuncName": "golang.org/vuln.main",
							"CallSite": ".../vuln.go:12:16"
						},
						{
							"FuncName": "golang.org/x/text/language.Parse",
							"CallSite": ""
						}
					],
					"Seen": 1
				}
			]
		}
	],
	"NonAffecting": [
		{
			"OSV": {
				"id": "GO-2022-0592",
				"published": "2022-08-15T18:06:07Z",
				"modified": "2022-08-19T22:21:47Z",
				"aliases": [
					"CVE-2021-42248",
					"GHSA-c9gm-7rfj-8w5h"
				],
				"details": "A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.",
				"affected": [
					{
						"package": {
							"name": "github.com/tidwall/gjson",
							"ecosystem": "Go"
						},
						"ranges": [
							{
								"type": "SEMVER",
								"events": [
									{
										"introduced": "0"
									},
									{
										"fixed": "1.9.3"
									}
								]
							}
						],
						"database_specific": {
							"url": "https://pkg.go.dev/vuln/GO-2022-0592"
						},
						"ecosystem_specific": {
							"imports": [
								{
									"path": "github.com/tidwall/gjson",
									"symbols": [
										"Get",
										"GetBytes",
										"GetMany",
										"GetManyBytes",
										"Result.Get",
										"queryMatches"
									]
								}
							]
						}
					}
				],
				"references": [
					{
						"type": "FIX",
						"url": "https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96"
					},
					{
						"type": "WEB",
						"url": "https://github.com/tidwall/gjson/issues/237"
					},
					{
						"type": "WEB",
						"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42248"
					},
					{
						"type": "WEB",
						"url": "https://github.com/advisories/GHSA-c9gm-7rfj-8w5h"
					}
				]
			},
			"PkgPath": "github.com/tidwall/gjson",
			"ModPath": "github.com/tidwall/gjson",
			"FoundIn": "v1.9.2",
			"FixedIn": "v1.9.3",
			"Trace": null
		},
		{
			"OSV": {
				"id": "GO-2021-0265",
				"published": "2022-01-14T17:30:24Z",
				"modified": "2022-08-19T22:21:47Z",
				"aliases": [
					"CVE-2020-36066",
					"CVE-2021-42836",
					"GHSA-ppj4-34rq-v8j9",
					"GHSA-wjm3-fq3r-5x46"
				],
				"details": "GJSON allowed a ReDoS (regular expression denial of service) attack.",
				"affected": [
					{
						"package": {
							"name": "github.com/tidwall/gjson",
							"ecosystem": "Go"
						},
						"ranges": [
							{
								"type": "SEMVER",
								"events": [
									{
										"introduced": "0"
									},
									{
										"fixed": "1.9.3"
									}
								]
							}
						],
						"database_specific": {
							"url": "https://pkg.go.dev/vuln/GO-2021-0265"
						},
						"ecosystem_specific": {
							"imports": [
								{
									"path": "github.com/tidwall/gjson",
									"goos": [
										"linux",
										"windows"
									],
									"goarch": [
										"amd64"
									],
									"symbols": [
										"match.Match"
									]
								}
							]
						}
					}
				],
				"references": [
					{
						"type": "FIX",
						"url": "https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944"
					},
					{
						"type": "WEB",
						"url": "https://github.com/tidwall/gjson/compare/v1.9.2...v1.9.3"
					},
					{
						"type": "WEB",
						"url": "https://github.com/tidwall/gjson/issues/236"
					},
					{
						"type": "WEB",
						"url": "https://github.com/tidwall/gjson/issues/237"
					},
					{
						"type": "WEB",
						"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36066"
					},
					{
						"type": "WEB",
						"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42836"
					},
					{
						"type": "WEB",
						"url": "https://github.com/advisories/GHSA-ppj4-34rq-v8j9"
					},
					{
						"type": "WEB",
						"url": "https://github.com/advisories/GHSA-wjm3-fq3r-5x46"
					}
				]
			},
			"PkgPath": "github.com/tidwall/gjson",
			"ModPath": "github.com/tidwall/gjson",
			"FoundIn": "v1.9.2",
			"FixedIn": "v1.9.3",
			"Trace": null
		}
	]
}