internal/ghsarepo/testdata/repo.txtar

# Copyright 2023 The Go Authors. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.

# Test repo in the shape of github.com/github/advisory-database

-- advisories/github-reviewed/2022/12/GHSA-abcd-efgh-b123.json --
{
  "schema_version": "1.3.0",
  "id": "GHSA-abcd-efgh-b123",
  "aliases": [
    "CVE-20YY-XXXX"
  ],
  "summary": "Summary",
  "details": "Longer form details.",
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "example/package"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.1"
            }
          ]
        }
      ]
    }
  ],
  "database_specific": {
    "cwe_ids": [
    ],
    "severity": "MODERATE",
    "github_reviewed": true
  }
}
-- advisories/github-reviewed/2021/10/GHSA-test-part-a123.json --
{
  "schema_version": "1.3.0",
  "id": "GHSA-test-part-a123",
  "aliases": [
    "CVE-2020-XXXX"
  ],
  "summary": "Short summary",
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "golang.org/x/example"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-202"
            }
          ]
        }
      ],
      "database_specific": {
        "last_known_affected_version_range": "<= 0.0.0-202"
      }
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://example.com/example/link"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "severity": "MODERATE",
    "github_reviewed": true
  }
}

-- advisories/github-reviewed/2022/10/GHSA-qwer-tyui-0987.json --
{
  "schema_version": "1.3.0",
  "id": "GHSA-qwer-tyui-0987",
  "aliases": [
    "CVE-2022-XXXXX"
  ],
  "summary": "An example report that isn't in the go ecosystem",
  "details": "The longer description of the example",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.example.subexample"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.4"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-XXXXX"
    },
    {
      "type": "PACKAGE",
      "url": "https://example.com/package"
    },
    {
      "type": "WEB",
      "url": "https://example.org/news.html"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true
  }
}

-- advisories/unreviewed/2023/01/GHSA-abcd-untouched.json --
{
  "schema_version": "1.3.0",
  "id": "GHSA-abcd-untouched",
  "aliases": [
    "CVE-2022-XXXX"
  ],
  "details": "Because this is unreveiwed, it shouldn't even be considered",
  "severity": [
  ],
  "affected": [
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4099"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/a282dd39-926d-406b-b8f5-e4c6e0c2c028"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "severity": null,
    "github_reviewed": false
  }
}

-- README.md --
This should be ignored