cmd/govulncheck/testdata/source_subdir_text.ct - vuln - Git at Google

 #####
 # Test govulncheck runs on the subdirectory of a module
 $ govulncheck -C ${moddir}/vuln/subdir . --> FAIL 3
 Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

 Scanning your code and P packages across M dependent module for known vulnerabilities...

 Vulnerability #1: GO-2021-0113
     Due to improper index calculation, an incorrectly formatted language tag can
     cause Parse to panic via an out of bounds read. If Parse is used to process
     untrusted user inputs, this may be used as a vector for a denial of service
     attack.
   More info: https://pkg.go.dev/vuln/GO-2021-0113
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
     Example traces found:
       #1: .../subdir.go:8:16: subdir.Foo calls language.Parse

 Your code is affected by 1 vulnerability from 1 module.

 Share feedback at https://go.dev/s/govulncheck-feedback.

 #####
 # Test govulncheck runs on the subdirectory of a module
 $ govulncheck -C ${moddir}/vuln/subdir -show=traces . --> FAIL 3
 Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

 Scanning your code and P packages across M dependent module for known vulnerabilities...

 Vulnerability #1: GO-2021-0113
     Due to improper index calculation, an incorrectly formatted language tag can
     cause Parse to panic via an out of bounds read. If Parse is used to process
     untrusted user inputs, this may be used as a vector for a denial of service
     attack.
   More info: https://pkg.go.dev/vuln/GO-2021-0113
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
     Example traces found:
       #1: for function golang.org/x/text/language.Parse
         .../subdir.go:8:16: golang.org/vuln/subdir.Foo
         golang.org/x/text/language.Parse

 Your code is affected by 1 vulnerability from 1 module.

 Share feedback at https://go.dev/s/govulncheck-feedback.
	#####
	# Test govulncheck runs on the subdirectory of a module
	$ govulncheck -C ${moddir}/vuln/subdir . --> FAIL 3
	Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

	Scanning your code and P packages across M dependent module for known vulnerabilities...

	Vulnerability #1: GO-2021-0113
	Due to improper index calculation, an incorrectly formatted language tag can
	cause Parse to panic via an out of bounds read. If Parse is used to process
	untrusted user inputs, this may be used as a vector for a denial of service
	attack.
	More info: https://pkg.go.dev/vuln/GO-2021-0113
	Module: golang.org/x/text
	Found in: golang.org/x/text@v0.3.0
	Fixed in: golang.org/x/text@v0.3.7
	Example traces found:
	#1: .../subdir.go:8:16: subdir.Foo calls language.Parse

	Your code is affected by 1 vulnerability from 1 module.

	Share feedback at https://go.dev/s/govulncheck-feedback.

	#####
	# Test govulncheck runs on the subdirectory of a module
	$ govulncheck -C ${moddir}/vuln/subdir -show=traces . --> FAIL 3
	Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

	Scanning your code and P packages across M dependent module for known vulnerabilities...

	Vulnerability #1: GO-2021-0113
	Due to improper index calculation, an incorrectly formatted language tag can
	cause Parse to panic via an out of bounds read. If Parse is used to process
	untrusted user inputs, this may be used as a vector for a denial of service
	attack.
	More info: https://pkg.go.dev/vuln/GO-2021-0113
	Module: golang.org/x/text
	Found in: golang.org/x/text@v0.3.0
	Fixed in: golang.org/x/text@v0.3.7
	Example traces found:
	#1: for function golang.org/x/text/language.Parse
	.../subdir.go:8:16: golang.org/vuln/subdir.Foo
	golang.org/x/text/language.Parse

	Your code is affected by 1 vulnerability from 1 module.

	Share feedback at https://go.dev/s/govulncheck-feedback.