x/vulndb: add reports/GO-2022-0385.yaml for GHSA-5gjg-jgh4-gppm
Fixes golang/vulndb#0385
Change-Id: I6cc6fb16fde3cd567378261c4f678a750a9542f5
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/414823
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
diff --git a/reports/GO-2022-0385.yaml b/reports/GO-2022-0385.yaml
new file mode 100644
index 0000000..63829b5
--- /dev/null
+++ b/reports/GO-2022-0385.yaml
@@ -0,0 +1,21 @@
+packages:
+ - module: github.com/ecnepsnai/web
+ symbols:
+ - Server.socketHandler
+ derived_symbols:
+ - Server.Socket
+ versions:
+ - introduced: 1.4.0
+ fixed: 1.5.2
+ vulnerable_at: 1.5.1
+description: |
+ The AuthenticateMethod authentication hook is not called for WebSocket
+ connections, allowing unauthenticated access.
+
+ This issue only affects WebSockets with an AuthenticateMethod hook.
+ Request handlers that do not explicitly use WebSockets are not
+ vulnerable.
+ghsas:
+ - GHSA-5gjg-jgh4-gppm
+links:
+ commit: https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f