cmd/govulncheck/testdata/verbose.ct - vuln - Git at Google

 # Test of verbose mode.

 # No vulnerabilities, no output.
 $ govulncheck -dir ${moddir}/novuln -v .
 govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

 Scanning for dependencies with known vulnerabilities...
 No vulnerabilities found.

 $ govulncheck -dir ${moddir}/vuln -v . --> FAIL 3
 govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

 Scanning for dependencies with known vulnerabilities...
 Found 1 known vulnerability.

 Vulnerability #1: GO-2021-0113
   Due to improper index calculation, an incorrectly formatted
   language tag can cause Parse to panic via an out of bounds read.
   If Parse is used to process untrusted user inputs, this may be
   used as a vector for a denial of service attack.

   Call stacks in your code:
       #1: for function Parse
         golang.org/vuln.main
             .../vuln.go:12:16
         golang.org/x/text/language.Parse

   Found in: golang.org/x/text/language@v0.3.0
   Fixed in: golang.org/x/text/language@v0.3.7
   More info: https://pkg.go.dev/vuln/GO-2021-0113

 === Informational ===

 The vulnerabilities below are in packages that you import, but your code
 doesn't appear to call any vulnerable functions. You may not need to take any
 action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
 for details.

 Vulnerability #1: GO-2022-0592
   A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.
   Found in: github.com/tidwall/gjson@v1.9.2
   Fixed in: github.com/tidwall/gjson@v1.9.3
   More info: https://pkg.go.dev/vuln/GO-2022-0592

 Vulnerability #2: GO-2021-0265
   GJSON allowed a ReDoS (regular expression denial of service) attack.
   Found in: github.com/tidwall/gjson@v1.9.2
   Fixed in: github.com/tidwall/gjson@v1.9.3
   Platforms: linux/amd64, windows/amd64
   More info: https://pkg.go.dev/vuln/GO-2021-0265
	# Test of verbose mode.

	# No vulnerabilities, no output.
	$ govulncheck -dir ${moddir}/novuln -v .
	govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

	Scanning for dependencies with known vulnerabilities...
	No vulnerabilities found.

	$ govulncheck -dir ${moddir}/vuln -v . --> FAIL 3
	govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

	Scanning for dependencies with known vulnerabilities...
	Found 1 known vulnerability.

	Vulnerability #1: GO-2021-0113
	Due to improper index calculation, an incorrectly formatted
	language tag can cause Parse to panic via an out of bounds read.
	If Parse is used to process untrusted user inputs, this may be
	used as a vector for a denial of service attack.

	Call stacks in your code:
	#1: for function Parse
	golang.org/vuln.main
	.../vuln.go:12:16
	golang.org/x/text/language.Parse

	Found in: golang.org/x/text/language@v0.3.0
	Fixed in: golang.org/x/text/language@v0.3.7
	More info: https://pkg.go.dev/vuln/GO-2021-0113

	=== Informational ===

	The vulnerabilities below are in packages that you import, but your code
	doesn't appear to call any vulnerable functions. You may not need to take any
	action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
	for details.

	Vulnerability #1: GO-2022-0592
	A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.
	Found in: github.com/tidwall/gjson@v1.9.2
	Fixed in: github.com/tidwall/gjson@v1.9.3
	More info: https://pkg.go.dev/vuln/GO-2022-0592

	Vulnerability #2: GO-2021-0265
	GJSON allowed a ReDoS (regular expression denial of service) attack.
	Found in: github.com/tidwall/gjson@v1.9.2
	Fixed in: github.com/tidwall/gjson@v1.9.3
	Platforms: linux/amd64, windows/amd64
	More info: https://pkg.go.dev/vuln/GO-2021-0265