x/vulndb: add reports/GO-2022-0385.yaml for GHSA-5gjg-jgh4-gppm Fixes golang/vulndb#0385 Change-Id: I6cc6fb16fde3cd567378261c4f678a750a9542f5 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/414823 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org>

commit: 4d0239a5a039caba0d44bf2182a122eab002a867 [log] [tgz]
author: Damien Neil <dneil@google.com> Tue Jun 28 16:31:37 2022 -0700
committer: Damien Neil <dneil@google.com> Fri Jul 01 20:11:02 2022 +0000
tree: 5770f237833cec16a71656137ff98af0d01853d4
parent: 0c7624f8c0a3a4043c58a7a3b19750b3746b983a [diff]
diff --git a/reports/GO-2022-0385.yaml b/reports/GO-2022-0385.yaml
new file mode 100644
index 0000000..63829b5
--- /dev/null
+++ b/reports/GO-2022-0385.yaml

@@ -0,0 +1,21 @@
+packages:
+  - module: github.com/ecnepsnai/web
+    symbols:
+      - Server.socketHandler
+    derived_symbols:
+      - Server.Socket
+    versions:
+      - introduced: 1.4.0
+        fixed: 1.5.2
+    vulnerable_at: 1.5.1
+description: |
+    The AuthenticateMethod authentication hook is not called for WebSocket
+    connections, allowing unauthenticated access.
+
+    This issue only affects WebSockets with an AuthenticateMethod hook.
+    Request handlers that do not explicitly use WebSockets are not
+    vulnerable.
+ghsas:
+  - GHSA-5gjg-jgh4-gppm
+links:
+    commit: https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f
commit	4d0239a5a039caba0d44bf2182a122eab002a867	[log] [tgz]
author	Damien Neil <dneil@google.com>	Tue Jun 28 16:31:37 2022 -0700
committer	Damien Neil <dneil@google.com>	Fri Jul 01 20:11:02 2022 +0000
tree	5770f237833cec16a71656137ff98af0d01853d4
parent	0c7624f8c0a3a4043c58a7a3b19750b3746b983a [diff]