data/reports: update GO-2023-1295.yaml
Add missing symbols
Fixes golang/vulndb#1295
Change-Id: I76718ce23a11c2ea4dc64fee322ebea67e9f11bd
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/464537
Auto-Submit: Julie Qiu <julieqiu@google.com>
Run-TryBot: Julie Qiu <julieqiu@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
diff --git a/data/osv/GO-2023-1295.json b/data/osv/GO-2023-1295.json
index 9690388..d25ea50 100644
--- a/data/osv/GO-2023-1295.json
+++ b/data/osv/GO-2023-1295.json
@@ -34,11 +34,94 @@
{
"path": "github.com/square/squalor",
"symbols": [
+ "AliasedTableExpr.Serialize",
+ "AndExpr.Serialize",
+ "BinaryExpr.Serialize",
+ "ColName.Serialize",
+ "Columns.Serialize",
+ "ComparisonExpr.Serialize",
"DB.BindModel",
+ "DB.Delete",
+ "DB.DeleteContext",
+ "DB.Exec",
+ "DB.ExecContext",
+ "DB.Get",
+ "DB.GetContext",
+ "DB.Insert",
+ "DB.InsertContext",
+ "DB.InsertIgnore",
+ "DB.InsertIgnoreContext",
"DB.MustBindModel",
+ "DB.Query",
+ "DB.QueryContext",
+ "DB.QueryRow",
+ "DB.QueryRowContext",
+ "DB.Replace",
+ "DB.ReplaceContext",
+ "DB.Select",
+ "DB.SelectContext",
+ "DB.Update",
+ "DB.UpdateContext",
+ "DB.Upsert",
+ "DB.UpsertContext",
+ "Delete.Serialize",
+ "FuncExpr.Serialize",
+ "GroupBy.Serialize",
+ "Insert.Serialize",
+ "JoinTableExpr.Serialize",
+ "Limit.Serialize",
"LoadTable",
+ "NonStarExpr.Serialize",
+ "NotExpr.Serialize",
+ "NullCheck.Serialize",
+ "OnDup.Serialize",
+ "OnJoinCond.Serialize",
+ "OrExpr.Serialize",
+ "Order.Serialize",
+ "OrderBy.Serialize",
+ "ParenBoolExpr.Serialize",
+ "RangeCond.Serialize",
+ "Select.Serialize",
+ "SelectExprs.Serialize",
+ "Serialize",
+ "StandardLogger.Log",
+ "StarExpr.Serialize",
"Table.loadColumns",
- "Table.loadKeys"
+ "Table.loadKeys",
+ "TableExprs.Serialize",
+ "TableName.Serialize",
+ "TableNames.Serialize",
+ "Tx.Delete",
+ "Tx.DeleteContext",
+ "Tx.Exec",
+ "Tx.ExecContext",
+ "Tx.Get",
+ "Tx.GetContext",
+ "Tx.Insert",
+ "Tx.InsertContext",
+ "Tx.InsertIgnore",
+ "Tx.InsertIgnoreContext",
+ "Tx.Query",
+ "Tx.QueryContext",
+ "Tx.QueryRow",
+ "Tx.QueryRowContext",
+ "Tx.Replace",
+ "Tx.ReplaceContext",
+ "Tx.Select",
+ "Tx.SelectContext",
+ "Tx.Update",
+ "Tx.UpdateContext",
+ "Tx.Upsert",
+ "Tx.UpsertContext",
+ "Update.Serialize",
+ "UpdateExpr.Serialize",
+ "UpdateExprs.Serialize",
+ "UsingJoinCond.Serialize",
+ "ValExprs.Serialize",
+ "ValTuple.Serialize",
+ "Values.Serialize",
+ "Where.Serialize",
+ "quoteName"
]
}
]
diff --git a/data/reports/GO-2023-1295.yaml b/data/reports/GO-2023-1295.yaml
index 922dab0..e8137d8 100644
--- a/data/reports/GO-2023-1295.yaml
+++ b/data/reports/GO-2023-1295.yaml
@@ -6,12 +6,95 @@
packages:
- package: github.com/square/squalor
symbols:
+ - quoteName
- Table.loadColumns
- Table.loadKeys
derived_symbols:
+ - AliasedTableExpr.Serialize
+ - AndExpr.Serialize
+ - BinaryExpr.Serialize
+ - ColName.Serialize
+ - Columns.Serialize
+ - ComparisonExpr.Serialize
- DB.BindModel
+ - DB.Delete
+ - DB.DeleteContext
+ - DB.Exec
+ - DB.ExecContext
+ - DB.Get
+ - DB.GetContext
+ - DB.Insert
+ - DB.InsertContext
+ - DB.InsertIgnore
+ - DB.InsertIgnoreContext
- DB.MustBindModel
+ - DB.Query
+ - DB.QueryContext
+ - DB.QueryRow
+ - DB.QueryRowContext
+ - DB.Replace
+ - DB.ReplaceContext
+ - DB.Select
+ - DB.SelectContext
+ - DB.Update
+ - DB.UpdateContext
+ - DB.Upsert
+ - DB.UpsertContext
+ - Delete.Serialize
+ - FuncExpr.Serialize
+ - GroupBy.Serialize
+ - Insert.Serialize
+ - JoinTableExpr.Serialize
+ - Limit.Serialize
- LoadTable
+ - NonStarExpr.Serialize
+ - NotExpr.Serialize
+ - NullCheck.Serialize
+ - OnDup.Serialize
+ - OnJoinCond.Serialize
+ - OrExpr.Serialize
+ - Order.Serialize
+ - OrderBy.Serialize
+ - ParenBoolExpr.Serialize
+ - RangeCond.Serialize
+ - Select.Serialize
+ - SelectExprs.Serialize
+ - Serialize
+ - StandardLogger.Log
+ - StarExpr.Serialize
+ - TableExprs.Serialize
+ - TableName.Serialize
+ - TableNames.Serialize
+ - Tx.Delete
+ - Tx.DeleteContext
+ - Tx.Exec
+ - Tx.ExecContext
+ - Tx.Get
+ - Tx.GetContext
+ - Tx.Insert
+ - Tx.InsertContext
+ - Tx.InsertIgnore
+ - Tx.InsertIgnoreContext
+ - Tx.Query
+ - Tx.QueryContext
+ - Tx.QueryRow
+ - Tx.QueryRowContext
+ - Tx.Replace
+ - Tx.ReplaceContext
+ - Tx.Select
+ - Tx.SelectContext
+ - Tx.Update
+ - Tx.UpdateContext
+ - Tx.Upsert
+ - Tx.UpsertContext
+ - Update.Serialize
+ - UpdateExpr.Serialize
+ - UpdateExprs.Serialize
+ - UsingJoinCond.Serialize
+ - ValExprs.Serialize
+ - ValTuple.Serialize
+ - Values.Serialize
+ - Where.Serialize
description: There is a potential for SQL injection in the table name parameter.
cves:
- CVE-2020-36645
