| // Copyright 2021 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| // Program to generate false-positive CVE records. |
| |
| // This requires a local copy of the cvelist repo: |
| // git clone https://github.com/CVEProject/cvelist |
| // |
| // You may also have to "go get github.com/jba/printsrc", |
| // because go mod tidy removes it. |
| // |
| // Then run this program with the path to the repo as argument. |
| |
| //go:build ignore |
| // +build ignore |
| |
| package main |
| |
| import ( |
| "bytes" |
| "context" |
| "fmt" |
| "go/format" |
| "log" |
| "os" |
| "strings" |
| "text/template" |
| |
| "github.com/go-git/go-git/v5" |
| "github.com/go-git/go-git/v5/plumbing" |
| "github.com/jba/printsrc" |
| "golang.org/x/vulndb/internal/gitrepo" |
| "golang.org/x/vulndb/internal/worker" |
| "golang.org/x/vulndb/internal/worker/store" |
| ) |
| |
| // The CVEs marked "false-positive" in triaged-cve-list and elswhere, including |
| // both true false positives and CVEs that are covered by a Go vulndb report. |
| var falsePositiveIDs = []struct { |
| source string |
| commit string |
| ids []string |
| }{ |
| { |
| source: "triaged-cve-list file in this repo", |
| // Last commit to github.com/CVEProject/cvelist on April 12, 2021. |
| // The triaged-cve-list file was last edited the next day. |
| commit: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a", |
| ids: []string{ |
| "CVE-2013-2124", "CVE-2013-2233", "CVE-2014-0177", "CVE-2014-3498", "CVE-2014-3971", |
| "CVE-2014-4657", "CVE-2014-4658", "CVE-2014-4659", "CVE-2014-4660", "CVE-2014-4678", |
| "CVE-2014-4966", "CVE-2014-4967", "CVE-2014-8178", "CVE-2014-8179", "CVE-2014-8682", |
| "CVE-2014-9938", "CVE-2015-5237", "CVE-2015-5250", "CVE-2015-6240", "CVE-2015-7082", |
| "CVE-2015-7528", "CVE-2015-7545", "CVE-2015-7561", "CVE-2015-8222", "CVE-2015-8945", |
| "CVE-2015-9258", "CVE-2015-9259", "CVE-2015-9282", "CVE-2016-0216", "CVE-2016-1133", |
| "CVE-2016-1544", "CVE-2016-1587", "CVE-2016-1905", "CVE-2016-1906", "CVE-2016-2160", |
| "CVE-2016-2183", "CVE-2016-2315", "CVE-2016-2324", "CVE-2016-3096", "CVE-2016-3711", |
| "CVE-2016-4817", "CVE-2016-4864", "CVE-2016-6349", "CVE-2016-6494", "CVE-2016-7063", |
| "CVE-2016-7064", "CVE-2016-7075", "CVE-2016-7569", "CVE-2016-7835", "CVE-2016-8579", |
| "CVE-2016-9274", "CVE-2016-9962", "CVE-2017-1000056", "CVE-2017-1000069", "CVE-2017-1000070", |
| "CVE-2017-1000420", "CVE-2017-1000459", "CVE-2017-1000492", "CVE-2017-1002100", "CVE-2017-1002101", |
| "CVE-2017-1002102", "CVE-2017-10868", "CVE-2017-10869", "CVE-2017-10872", "CVE-2017-10908", |
| "CVE-2017-14178", "CVE-2017-14623", "CVE-2017-14992", "CVE-2017-15104", "CVE-2017-16539", |
| "CVE-2017-17697", "CVE-2017-2428", "CVE-2017-7297", "CVE-2017-7481", "CVE-2017-7550", |
| "CVE-2017-7860", "CVE-2017-7861", "CVE-2017-8359", "CVE-2017-9431", "CVE-2018-0608", |
| "CVE-2018-1000400", "CVE-2018-1000538", "CVE-2018-1000803", "CVE-2018-1000816", "CVE-2018-1002100", |
| "CVE-2018-1002101", "CVE-2018-1002102", "CVE-2018-1002103", "CVE-2018-1002104", "CVE-2018-1002105", |
| "CVE-2018-1002207", "CVE-2018-10055", "CVE-2018-10856", "CVE-2018-10892", "CVE-2018-10937", |
| "CVE-2018-1098", "CVE-2018-1099", "CVE-2018-12099", "CVE-2018-12608", "CVE-2018-12678", |
| "CVE-2018-12976", "CVE-2018-14474", "CVE-2018-15178", "CVE-2018-15192", "CVE-2018-15193", |
| "CVE-2018-15598", "CVE-2018-15664", "CVE-2018-15747", "CVE-2018-15869", "CVE-2018-16316", |
| "CVE-2018-16359", "CVE-2018-16398", "CVE-2018-16409", "CVE-2018-16733", "CVE-2018-16859", |
| "CVE-2018-16876", "CVE-2018-17031", "CVE-2018-17456", "CVE-2018-17572", "CVE-2018-18264", |
| "CVE-2018-18553", "CVE-2018-18623", "CVE-2018-18624", "CVE-2018-18625", "CVE-2018-18925", |
| "CVE-2018-18926", "CVE-2018-19114", "CVE-2018-19148", "CVE-2018-19184", "CVE-2018-19295", |
| "CVE-2018-19333", "CVE-2018-19367", "CVE-2018-19466", "CVE-2018-19653", "CVE-2018-19786", |
| "CVE-2018-19793", "CVE-2018-20303", "CVE-2018-20421", "CVE-2018-20699", "CVE-2018-20744", |
| "CVE-2018-21034", "CVE-2018-21233", "CVE-2018-7575", "CVE-2018-7576", "CVE-2018-7577", |
| "CVE-2018-8825", "CVE-2018-9057", "CVE-2019-1000002", "CVE-2019-1002100", "CVE-2019-1002101", |
| "CVE-2019-1010003", "CVE-2019-1010261", "CVE-2019-1010275", "CVE-2019-1010314", "CVE-2019-10152", |
| "CVE-2019-10156", "CVE-2019-10165", "CVE-2019-10200", "CVE-2019-1020009", "CVE-2019-1020014", |
| "CVE-2019-1020015", "CVE-2019-10217", "CVE-2019-10223", "CVE-2019-10743", "CVE-2019-11043", |
| "CVE-2019-11228", "CVE-2019-11229", "CVE-2019-11243", "CVE-2019-11244", "CVE-2019-11245", |
| "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249", "CVE-2019-11251", |
| "CVE-2019-11252", "CVE-2019-11255", "CVE-2019-11328", "CVE-2019-11405", "CVE-2019-11471", |
| "CVE-2019-11502", "CVE-2019-11503", "CVE-2019-11576", "CVE-2019-11641", "CVE-2019-11881", |
| "CVE-2019-11938", "CVE-2019-12291", "CVE-2019-12452", "CVE-2019-12494", "CVE-2019-12618", |
| "CVE-2019-12995", "CVE-2019-12999", "CVE-2019-13068", "CVE-2019-13126", "CVE-2019-13139", |
| "CVE-2019-13915", "CVE-2019-14243", "CVE-2019-14255", "CVE-2019-14271", "CVE-2019-14544", |
| "CVE-2019-14846", "CVE-2019-14864", "CVE-2019-14904", "CVE-2019-14940", "CVE-2019-14993", |
| "CVE-2019-15043", "CVE-2019-15119", "CVE-2019-15225", "CVE-2019-15226", "CVE-2019-15562", |
| "CVE-2019-15716", "CVE-2019-16060", "CVE-2019-16097", "CVE-2019-16146", "CVE-2019-16214", |
| "CVE-2019-16355", "CVE-2019-16778", "CVE-2019-16919", "CVE-2019-18466", "CVE-2019-18657", |
| "CVE-2019-18801", "CVE-2019-18802", "CVE-2019-18817", "CVE-2019-18836", "CVE-2019-18838", |
| "CVE-2019-18923", "CVE-2019-19023", "CVE-2019-19025", "CVE-2019-19026", "CVE-2019-19029", |
| "CVE-2019-19316", "CVE-2019-19335", "CVE-2019-19349", "CVE-2019-19350", "CVE-2019-19724", |
| "CVE-2019-19922", "CVE-2019-20329", "CVE-2019-20372", "CVE-2019-20377", "CVE-2019-20894", |
| "CVE-2019-20933", "CVE-2019-25014", "CVE-2019-3552", "CVE-2019-3553", "CVE-2019-3558", |
| "CVE-2019-3559", "CVE-2019-3565", "CVE-2019-3826", "CVE-2019-3828", "CVE-2019-3841", |
| "CVE-2019-3990", "CVE-2019-5736", "CVE-2019-6035", "CVE-2019-8336", "CVE-2019-8400", |
| "CVE-2019-9547", "CVE-2019-9635", "CVE-2019-9764", "CVE-2019-9900", "CVE-2019-9901", |
| "CVE-2019-9946", "CVE-2020-10660", "CVE-2020-10661", "CVE-2020-10685", "CVE-2020-10691", |
| "CVE-2020-10696", "CVE-2020-10706", "CVE-2020-10712", "CVE-2020-10715", "CVE-2020-10749", |
| "CVE-2020-10750", "CVE-2020-10752", "CVE-2020-10763", "CVE-2020-10944", "CVE-2020-11008", |
| "CVE-2020-11012", "CVE-2020-11013", "CVE-2020-11053", "CVE-2020-11080", "CVE-2020-11091", |
| "CVE-2020-11110", "CVE-2020-11498", "CVE-2020-11576", "CVE-2020-11710", "CVE-2020-11767", |
| "CVE-2020-12118", "CVE-2020-12245", "CVE-2020-12278", "CVE-2020-12279", "CVE-2020-12283", |
| "CVE-2020-12458", "CVE-2020-12459", "CVE-2020-12603", "CVE-2020-12604", "CVE-2020-12605", |
| "CVE-2020-12757", "CVE-2020-12758", "CVE-2020-12797", "CVE-2020-13170", "CVE-2020-13223", |
| "CVE-2020-13246", "CVE-2020-13250", "CVE-2020-13401", "CVE-2020-13430", "CVE-2020-13449", |
| "CVE-2020-13450", "CVE-2020-13451", "CVE-2020-13452", "CVE-2020-13597", "CVE-2020-13788", |
| "CVE-2020-13794", "CVE-2020-14144", "CVE-2020-14306", "CVE-2020-14330", "CVE-2020-14332", |
| "CVE-2020-14958", "CVE-2020-15104", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-15114", |
| "CVE-2020-15115", "CVE-2020-15127", "CVE-2020-15129", "CVE-2020-15136", "CVE-2020-15157", |
| "CVE-2020-15184", "CVE-2020-15185", "CVE-2020-15186", "CVE-2020-15187", "CVE-2020-15190", |
| "CVE-2020-15191", "CVE-2020-15192", "CVE-2020-15193", "CVE-2020-15194", "CVE-2020-15195", |
| "CVE-2020-15196", "CVE-2020-15197", "CVE-2020-15198", "CVE-2020-15199", "CVE-2020-15200", |
| "CVE-2020-15201", "CVE-2020-15202", "CVE-2020-15203", "CVE-2020-15204", "CVE-2020-15205", |
| "CVE-2020-15206", "CVE-2020-15207", "CVE-2020-15208", "CVE-2020-15209", "CVE-2020-15210", |
| "CVE-2020-15211", "CVE-2020-15212", "CVE-2020-15213", "CVE-2020-15214", "CVE-2020-15223", |
| "CVE-2020-15233", "CVE-2020-15234", "CVE-2020-15254", "CVE-2020-15257", "CVE-2020-15265", |
| "CVE-2020-15266", "CVE-2020-15391", "CVE-2020-16248", "CVE-2020-16250", "CVE-2020-16251", |
| "CVE-2020-16844", "CVE-2020-1733", "CVE-2020-1734", "CVE-2020-1735", "CVE-2020-1736", |
| "CVE-2020-1737", "CVE-2020-1738", "CVE-2020-1739", "CVE-2020-1740", "CVE-2020-1746", |
| "CVE-2020-2023", "CVE-2020-2024", "CVE-2020-2025", "CVE-2020-2026", "CVE-2020-24263", |
| "CVE-2020-24264", "CVE-2020-24303", "CVE-2020-24356", "CVE-2020-24359", "CVE-2020-24707", |
| "CVE-2020-24708", "CVE-2020-24710", "CVE-2020-24711", "CVE-2020-24712", "CVE-2020-25017", |
| "CVE-2020-25018", "CVE-2020-25201", "CVE-2020-25816", "CVE-2020-25989", "CVE-2020-26222", |
| "CVE-2020-26240", "CVE-2020-26241", "CVE-2020-26242", "CVE-2020-26265", "CVE-2020-26266", |
| "CVE-2020-26267", "CVE-2020-26268", "CVE-2020-26269", "CVE-2020-26270", "CVE-2020-26271", |
| "CVE-2020-26276", "CVE-2020-26277", "CVE-2020-26278", "CVE-2020-26279", "CVE-2020-26283", |
| "CVE-2020-26284", "CVE-2020-26290", "CVE-2020-26294", "CVE-2020-26521", "CVE-2020-26892", |
| "CVE-2020-27151", "CVE-2020-27195", "CVE-2020-27534", "CVE-2020-27955", "CVE-2020-28053", |
| "CVE-2020-28348", "CVE-2020-28349", "CVE-2020-28466", "CVE-2020-28914", "CVE-2020-28924", |
| "CVE-2020-28991", "CVE-2020-29243", "CVE-2020-29244", "CVE-2020-29245", "CVE-2020-29510", |
| "CVE-2020-29511", "CVE-2020-29662", "CVE-2020-35137", "CVE-2020-35138", "CVE-2020-35177", |
| "CVE-2020-35453", "CVE-2020-35470", "CVE-2020-35471", "CVE-2020-36066", "CVE-2020-3996", |
| "CVE-2020-4037", "CVE-2020-4053", "CVE-2020-5215", "CVE-2020-5233", "CVE-2020-5260", |
| "CVE-2020-5300", "CVE-2020-5303", "CVE-2020-5415", "CVE-2020-6016", "CVE-2020-6017", |
| "CVE-2020-6018", "CVE-2020-6019", "CVE-2020-7218", "CVE-2020-7219", "CVE-2020-7220", |
| "CVE-2020-7665", "CVE-2020-7666", "CVE-2020-7669", "CVE-2020-7955", "CVE-2020-7956", |
| "CVE-2020-8551", "CVE-2020-8552", "CVE-2020-8553", "CVE-2020-8554", "CVE-2020-8555", |
| "CVE-2020-8557", "CVE-2020-8558", "CVE-2020-8559", "CVE-2020-8563", "CVE-2020-8566", |
| "CVE-2020-8569", "CVE-2020-8595", "CVE-2020-8659", "CVE-2020-8660", "CVE-2020-8661", |
| "CVE-2020-8663", "CVE-2020-8664", "CVE-2020-8826", "CVE-2020-8827", "CVE-2020-8828", |
| "CVE-2020-8843", "CVE-2020-8927", "CVE-2020-8929", "CVE-2020-9321", "CVE-2020-9329", |
| "CVE-2021-20198", "CVE-2021-20199", "CVE-2021-20218", "CVE-2021-20291", "CVE-2021-21271", |
| "CVE-2021-21284", "CVE-2021-21285", "CVE-2021-21287", "CVE-2021-21291", "CVE-2021-21296", |
| "CVE-2021-21300", "CVE-2021-21303", "CVE-2021-21334", "CVE-2021-21362", "CVE-2021-21363", |
| "CVE-2021-21364", "CVE-2021-21378", "CVE-2021-21390", "CVE-2021-21404", "CVE-2021-21411", |
| "CVE-2021-21432", "CVE-2021-22538", "CVE-2021-23345", "CVE-2021-23347", "CVE-2021-23351", |
| "CVE-2021-23357", "CVE-2021-23827", "CVE-2021-25313", "CVE-2021-25834", "CVE-2021-25835", |
| "CVE-2021-25836", "CVE-2021-25837", "CVE-2021-26921", "CVE-2021-26923", "CVE-2021-26924", |
| "CVE-2021-27098", "CVE-2021-27099", "CVE-2021-27358", "CVE-2021-27375", "CVE-2021-27935", |
| "CVE-2021-27940", "CVE-2021-28361", "CVE-2021-28378", "CVE-2021-28681", "CVE-2021-28954", |
| "CVE-2021-28955", "CVE-2021-29136", "CVE-2021-29271", "CVE-2021-29272", "CVE-2021-29417", |
| "CVE-2021-29651", "CVE-2021-29652", "CVE-2021-3344", "CVE-2021-3382", "CVE-2021-3391", |
| }, |
| }, |
| { |
| source: "internal doc of Nov 7, 2021", |
| commit: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88", |
| ids: []string{ |
| "CVE-2020-27847", "CVE-2020-7731", "CVE-2020-28851", "CVE-2020-28852", "CVE-2020-10729", |
| "CVE-2020-10808", "CVE-2020-18032", "CVE-2020-19498", "CVE-2020-19499", "CVE-2020-23109", |
| "CVE-2020-27386", "CVE-2020-27387", "CVE-2020-28347", "CVE-2020-36404", "CVE-2020-36405", |
| "CVE-2020-7350", "CVE-2020-7351", "CVE-2020-7352", "CVE-2020-7356", "CVE-2020-7357", |
| "CVE-2020-7361", "CVE-2020-7373", "CVE-2020-7374", "CVE-2020-7376", "CVE-2020-7377", |
| "CVE-2020-7384", "CVE-2020-7385", "CVE-2021-20178", "CVE-2021-20228", "CVE-2021-20286", |
| "CVE-2021-21414", "CVE-2021-21428", "CVE-2021-21429", "CVE-2021-21430", "CVE-2021-24028", |
| "CVE-2021-28682", "CVE-2021-28683", "CVE-2021-29133", "CVE-2021-29258", "CVE-2021-29492", |
| "CVE-2021-32777", "CVE-2021-32778", "CVE-2021-32779", "CVE-2021-32780", "CVE-2021-32781", |
| "CVE-2021-32810", "CVE-2021-36753", "CVE-2021-36979", "CVE-2021-39204", "CVE-2021-39206", |
| "CVE-2021-40330", "CVE-2021-42840", "CVE-2021-29923", "CVE-2020-13310", "CVE-2020-13327", |
| "CVE-2020-13347", "CVE-2020-13353", "CVE-2020-13845", "CVE-2020-13846", "CVE-2020-13847", |
| "CVE-2020-14160", "CVE-2020-14161", "CVE-2020-15167", "CVE-2020-15229", "CVE-2020-24130", |
| "CVE-2020-25039", "CVE-2020-25040", "CVE-2020-26213", "CVE-2020-27519", "CVE-2020-28366", |
| "CVE-2020-28367", "CVE-2020-8561", "CVE-2021-21405", "CVE-2021-22171", "CVE-2021-23135", |
| "CVE-2021-23365", "CVE-2021-25735", "CVE-2021-25737", "CVE-2021-25740", "CVE-2021-25741", |
| "CVE-2021-25742", "CVE-2021-25938", "CVE-2021-28484", "CVE-2021-29453", "CVE-2021-29456", |
| "CVE-2021-29499", "CVE-2021-29622", "CVE-2021-30465", "CVE-2021-30476", "CVE-2021-31232", |
| "CVE-2021-31856", "CVE-2021-32574", "CVE-2021-32635", "CVE-2021-32637", "CVE-2021-32690", |
| "CVE-2021-32699", "CVE-2021-32701", "CVE-2021-32753", "CVE-2021-32760", "CVE-2021-32783", |
| "CVE-2021-32787", "CVE-2021-32813", "CVE-2021-32825", "CVE-2021-33359", "CVE-2021-33496", |
| "CVE-2021-33497", "CVE-2021-33708", "CVE-2021-34824", "CVE-2021-35206", "CVE-2021-36156", |
| "CVE-2021-36157", "CVE-2021-3619", "CVE-2021-36213", "CVE-2021-36371", "CVE-2021-37794", |
| "CVE-2021-37914", "CVE-2021-38197", "CVE-2021-38599", "CVE-2021-39155", "CVE-2021-39156", |
| "CVE-2021-39162", "CVE-2021-39226", "CVE-2021-39391", "CVE-2021-41087", "CVE-2021-41088", |
| "CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103", "CVE-2021-41137", |
| "CVE-2021-41174", "CVE-2021-41232", "CVE-2021-41323", "CVE-2021-41324", "CVE-2021-41325", |
| "CVE-2021-41393", "CVE-2021-41394", "CVE-2021-41395", "CVE-2021-41593", "CVE-2021-42650", |
| "CVE-2020-22741", "CVE-2020-26772", "CVE-2021-36605", "CVE-2021-29512", "CVE-2021-29513", |
| "CVE-2021-29514", "CVE-2021-29515", "CVE-2021-29516", "CVE-2021-29517", "CVE-2021-29518", |
| "CVE-2021-29519", "CVE-2021-29520", "CVE-2021-29521", "CVE-2021-29522", "CVE-2021-29523", |
| "CVE-2021-29524", "CVE-2021-29525", "CVE-2021-29526", "CVE-2021-29527", "CVE-2021-29528", |
| "CVE-2021-29529", "CVE-2021-29530", "CVE-2021-29531", "CVE-2021-29532", "CVE-2021-29533", |
| "CVE-2021-29534", "CVE-2021-29535", "CVE-2021-29536", "CVE-2021-29537", "CVE-2021-29538", |
| "CVE-2021-29539", "CVE-2021-29540", "CVE-2021-29541", "CVE-2021-29542", "CVE-2021-29543", |
| "CVE-2021-29544", "CVE-2021-29545", "CVE-2021-29546", "CVE-2021-29547", "CVE-2021-29548", |
| "CVE-2021-29549", "CVE-2021-29550", "CVE-2021-29551", "CVE-2021-29552", "CVE-2021-29553", |
| "CVE-2021-29554", "CVE-2021-29555", "CVE-2021-29556", "CVE-2021-29557", "CVE-2021-29558", |
| "CVE-2021-29559", "CVE-2021-29560", "CVE-2021-29561", "CVE-2021-29562", "CVE-2021-29563", |
| "CVE-2021-29564", "CVE-2021-29565", "CVE-2021-29566", "CVE-2021-29567", "CVE-2021-29568", |
| "CVE-2021-29569", "CVE-2021-29570", "CVE-2021-29571", "CVE-2021-29572", "CVE-2021-29573", |
| "CVE-2021-29574", "CVE-2021-29575", "CVE-2021-29576", "CVE-2021-29577", "CVE-2021-29578", |
| "CVE-2021-29579", "CVE-2021-29580", "CVE-2021-29581", "CVE-2021-29582", "CVE-2021-29583", |
| "CVE-2021-29584", "CVE-2021-29585", "CVE-2021-29586", "CVE-2021-29587", "CVE-2021-29588", |
| "CVE-2021-29589", "CVE-2021-29590", "CVE-2021-29591", "CVE-2021-29592", "CVE-2021-29593", |
| "CVE-2021-29594", "CVE-2021-29595", "CVE-2021-29596", "CVE-2021-29597", "CVE-2021-29598", |
| "CVE-2021-29599", "CVE-2021-29600", "CVE-2021-29601", "CVE-2021-29602", "CVE-2021-29603", |
| "CVE-2021-29604", "CVE-2021-29605", "CVE-2021-29606", "CVE-2021-29607", "CVE-2021-29608", |
| "CVE-2021-29609", "CVE-2021-29610", "CVE-2021-29611", "CVE-2021-29612", "CVE-2021-29613", |
| "CVE-2021-29614", "CVE-2021-29615", "CVE-2021-29616", "CVE-2021-29617", "CVE-2021-29618", |
| "CVE-2021-29619", "CVE-2021-35958", "CVE-2021-37635", "CVE-2021-37636", "CVE-2021-37637", |
| "CVE-2021-37638", "CVE-2021-37639", "CVE-2021-37640", "CVE-2021-37641", "CVE-2021-37642", |
| "CVE-2021-37643", "CVE-2021-37644", "CVE-2021-37645", "CVE-2021-37646", "CVE-2021-37647", |
| "CVE-2021-37648", "CVE-2021-37649", "CVE-2021-37650", "CVE-2021-37651", "CVE-2021-37652", |
| "CVE-2021-37653", "CVE-2021-37654", "CVE-2021-37655", "CVE-2021-37656", "CVE-2021-37657", |
| "CVE-2021-37658", "CVE-2021-37659", "CVE-2021-37660", "CVE-2021-37661", "CVE-2021-37662", |
| "CVE-2021-37663", "CVE-2021-37664", "CVE-2021-37665", "CVE-2021-37666", "CVE-2021-37667", |
| "CVE-2021-37668", "CVE-2021-37669", "CVE-2021-37670", "CVE-2021-37671", "CVE-2021-37672", |
| "CVE-2021-37673", "CVE-2021-37674", "CVE-2021-37675", "CVE-2021-37676", "CVE-2021-37677", |
| "CVE-2021-37678", "CVE-2021-37679", "CVE-2021-37680", "CVE-2021-37681", "CVE-2021-37682", |
| "CVE-2021-37683", "CVE-2021-37684", "CVE-2021-37685", "CVE-2021-37686", "CVE-2021-37687", |
| "CVE-2021-37688", "CVE-2021-37689", "CVE-2021-37690", "CVE-2021-37691", "CVE-2021-37692", |
| "CVE-2021-41195", "CVE-2021-41196", "CVE-2021-41197", "CVE-2021-41198", "CVE-2021-41199", |
| "CVE-2021-41200", "CVE-2021-41201", "CVE-2021-41202", "CVE-2021-41203", "CVE-2021-41204", |
| "CVE-2021-41205", "CVE-2021-41206", "CVE-2021-41207", "CVE-2021-41208", "CVE-2021-41209", |
| "CVE-2021-41210", "CVE-2021-41211", "CVE-2021-41212", "CVE-2021-41213", "CVE-2021-41214", |
| "CVE-2021-41215", "CVE-2021-41216", "CVE-2021-41217", "CVE-2021-41218", "CVE-2021-41219", |
| "CVE-2021-41220", "CVE-2021-41221", "CVE-2021-41222", "CVE-2021-41223", "CVE-2021-41224", |
| "CVE-2021-41225", "CVE-2021-41226", "CVE-2021-41227", "CVE-2021-41228", |
| }, |
| }, |
| { |
| source: "additional metasploit-framework issues", |
| commit: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88", |
| ids: []string{ |
| "CVE-2013-2028", "CVE-2013-4450", "CVE-2014-4877", "CVE-2014-5445", "CVE-2014-6037", |
| "CVE-2014-6287", "CVE-2014-7189", "CVE-2014-9566", "CVE-2015-0779", "CVE-2016-7552", |
| "CVE-2017-14705", "CVE-2017-14706", "CVE-2017-14730", "CVE-2017-15041", "CVE-2017-15042", |
| "CVE-2017-15701", "CVE-2017-15702", "CVE-2017-16762", "CVE-2017-17411", "CVE-2017-17560", |
| "CVE-2017-18044", "CVE-2017-5677", "CVE-2017-7269", |
| }, |
| }, |
| } |
| |
| // IDs that are covered by a Go vuln report, and the report ID. |
| var coveredIDs = map[string]string{ |
| "CVE-2020-15112": "GO-2020-0005", |
| "CVE-2020-29243": "GO-2021-0097", |
| "CVE-2020-29244": "GO-2021-0097", |
| "CVE-2020-29245": "GO-2021-0097", |
| } |
| |
| func main() { |
| if len(os.Args) < 2 { |
| log.Fatal("usage: gen_false_positives PATH_TO_LOCAL_REPO") |
| } |
| if err := run(os.Args[1]); err != nil { |
| log.Fatal(err) |
| } |
| } |
| |
| func run(repoPath string) error { |
| printer := printsrc.NewPrinter("golang.org/x/vulndb/internal/worker") |
| tmpl, err := template.New(""). |
| Funcs(template.FuncMap{"src": printer.Sprint}). |
| Parse(fileTemplate) |
| if err != nil { |
| return err |
| } |
| repo, err := gitrepo.Open(context.Background(), repoPath) |
| if err != nil { |
| return err |
| } |
| crs, err := buildCVE4Records(repo) |
| if err != nil { |
| return err |
| } |
| var buf bytes.Buffer |
| if err := tmpl.Execute(&buf, crs); err != nil { |
| return err |
| } |
| src, err := format.Source(buf.Bytes()) |
| if err != nil { |
| return err |
| } |
| return os.WriteFile("false_positive_records.gen.go", src, 0644) |
| } |
| |
| func buildCVE4Records(repo *git.Repository) ([]*store.CVE4Record, error) { |
| var crs []*store.CVE4Record |
| for _, spec := range falsePositiveIDs { |
| commit, err := repo.CommitObject(plumbing.NewHash(spec.commit)) |
| if err != nil { |
| return nil, fmt.Errorf("commit %s: %w", spec.commit, err) |
| } |
| for _, id := range spec.ids { |
| path := idToPath(id) |
| cve, blobHash, err := worker.ReadCVEAtPath(commit, path) |
| if err != nil { |
| return nil, fmt.Errorf("%s at %s: %w", path, spec.commit, err) |
| } |
| if cve.ID != id { |
| return nil, fmt.Errorf("ID at path %s is %s", path, cve.ID) |
| } |
| cr := store.NewCVE4Record(cve, path, blobHash, commit) |
| cr.CommitHash = spec.commit |
| if reportID := coveredIDs[id]; reportID != "" { |
| cr.TriageState = store.TriageStateHasVuln |
| cr.TriageStateReason = reportID |
| } else { |
| cr.TriageState = store.TriageStateFalsePositive |
| for _, r := range cve.References.Data { |
| if r.URL != "" { |
| cr.ReferenceURLs = append(cr.ReferenceURLs, r.URL) |
| } |
| } |
| } |
| crs = append(crs, cr) |
| } |
| } |
| return crs, nil |
| } |
| |
| func idToPath(id string) string { |
| words := strings.Split(id, "-") |
| year := words[1] |
| num := []byte(words[2]) |
| // Last three digits of number replaced by 'x'. |
| for i := 1; i <= 3; i++ { |
| num[len(num)-i] = 'x' |
| } |
| for len(num) < 4 { |
| num = append([]byte{'0'}, num...) |
| } |
| return fmt.Sprintf("%s/%s/%s.json", year, num, id) |
| } |
| |
| var fileTemplate = ` |
| // Copyright 2021 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| // Code generated by gen_false_positives.go; DO NOT EDIT. |
| |
| package worker |
| |
| import ( |
| "time" |
| |
| "golang.org/x/vulndb/internal/worker/store" |
| ) |
| |
| var falsePositives = {{. | src}} |
| ` |