From 324f49986453b76c6aeeec930dd024c19a6b91d9 Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Mon, 20 May 2024 19:12:16 +0000 Subject: tests: update vuln testdata to pull in review_status Update the script that pulls in the latest vulns to include an UNREVIEWED report. Run the script to update the test corpus to bring in this new vuln, plus the review_status for all vulns. Update the screentests accordingly. Change-Id: I45aa815ac9a33d186bac196220cce169b8523dae Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/586100 kokoro-CI: kokoro TryBot-Result: Gopher Robot Reviewed-by: Damien Neil Run-TryBot: Tatiana Bradley LUCI-TryBot-Result: Go LUCI --- devtools/snapshot_vulndb_v1.sh | 1 + tests/screentest/testcases.ci.txt | 5 +++++ tests/screentest/testdata/ci/vuln-540x1080.a.png | Bin 279408 -> 270512 bytes .../testdata/ci/vuln-entry-540x1080.a.png | Bin 217943 -> 217990 bytes .../ci/vuln-entry-no-packages-540x1080.a.png | Bin 212921 -> 217421 bytes .../testdata/ci/vuln-entry-no-packages.a.png | Bin 221379 -> 223011 bytes .../ci/vuln-entry-unreviewed-540x1080.a.png | Bin 0 -> 190565 bytes .../testdata/ci/vuln-entry-unreviewed.a.png | Bin 0 -> 195723 bytes .../ci/vuln-entry-withdrawn-540x1080.a.png | Bin 189517 -> 189342 bytes .../testdata/ci/vuln-entry-withdrawn.a.png | Bin 173376 -> 173703 bytes tests/screentest/testdata/ci/vuln-entry.a.png | Bin 225935 -> 226184 bytes .../testdata/ci/vuln-list-540x1080.a.png | Bin 612835 -> 641803 bytes tests/screentest/testdata/ci/vuln-list.a.png | Bin 564080 -> 586733 bytes .../testdata/ci/vuln-search-540x1080.a.png | Bin 138805 -> 139222 bytes tests/screentest/testdata/ci/vuln-search.a.png | Bin 149206 -> 149602 bytes tests/screentest/testdata/ci/vuln.a.png | Bin 272426 -> 261039 bytes .../testdata/vulndb-v1/ID/GO-2021-0068.json | 2 +- .../testdata/vulndb-v1/ID/GO-2021-0068.json.gz | Bin 688 -> 704 bytes .../testdata/vulndb-v1/ID/GO-2021-0159.json | 2 +- .../testdata/vulndb-v1/ID/GO-2021-0159.json.gz | Bin 874 -> 892 bytes .../testdata/vulndb-v1/ID/GO-2021-0240.json | 2 +- .../testdata/vulndb-v1/ID/GO-2021-0240.json.gz | Bin 659 -> 678 bytes .../testdata/vulndb-v1/ID/GO-2021-0264.json | 2 +- .../testdata/vulndb-v1/ID/GO-2021-0264.json.gz | Bin 959 -> 978 bytes .../testdata/vulndb-v1/ID/GO-2022-0229.json | 2 +- .../testdata/vulndb-v1/ID/GO-2022-0229.json.gz | Bin 793 -> 813 bytes .../testdata/vulndb-v1/ID/GO-2022-0273.json | 2 +- .../testdata/vulndb-v1/ID/GO-2022-0273.json.gz | Bin 693 -> 710 bytes .../testdata/vulndb-v1/ID/GO-2022-0463.json | 2 +- .../testdata/vulndb-v1/ID/GO-2022-0463.json.gz | Bin 1812 -> 1846 bytes .../testdata/vulndb-v1/ID/GO-2022-0475.json | 2 +- .../testdata/vulndb-v1/ID/GO-2022-0475.json.gz | Bin 709 -> 728 bytes .../testdata/vulndb-v1/ID/GO-2022-0476.json | 2 +- .../testdata/vulndb-v1/ID/GO-2022-0476.json.gz | Bin 677 -> 695 bytes .../testdata/vulndb-v1/ID/GO-2022-0569.json | 2 +- .../testdata/vulndb-v1/ID/GO-2022-0569.json.gz | Bin 1704 -> 1738 bytes .../testdata/vulndb-v1/ID/GO-2022-0572.json | 2 +- .../testdata/vulndb-v1/ID/GO-2022-0572.json.gz | Bin 1529 -> 1562 bytes .../testdata/vulndb-v1/ID/GO-2024-2659.json | 2 +- .../testdata/vulndb-v1/ID/GO-2024-2659.json.gz | Bin 721 -> 754 bytes .../testdata/vulndb-v1/ID/GO-2024-2730.json | 2 +- .../testdata/vulndb-v1/ID/GO-2024-2730.json.gz | Bin 731 -> 756 bytes .../testdata/vulndb-v1/ID/GO-2024-2864.json | 1 + .../testdata/vulndb-v1/ID/GO-2024-2864.json.gz | Bin 0 -> 502 bytes tests/screentest/testdata/vulndb-v1/index/db.json | 2 +- .../screentest/testdata/vulndb-v1/index/db.json.gz | Bin 59 -> 59 bytes .../testdata/vulndb-v1/index/modules.json | 2 +- .../testdata/vulndb-v1/index/modules.json.gz | Bin 393 -> 391 bytes .../screentest/testdata/vulndb-v1/index/vulns.json | 2 +- .../testdata/vulndb-v1/index/vulns.json.gz | Bin 327 -> 322 bytes 50 files changed, 23 insertions(+), 16 deletions(-) create mode 100644 tests/screentest/testdata/ci/vuln-entry-unreviewed-540x1080.a.png create mode 100644 tests/screentest/testdata/ci/vuln-entry-unreviewed.a.png create mode 100644 tests/screentest/testdata/vulndb-v1/ID/GO-2024-2864.json create mode 100644 tests/screentest/testdata/vulndb-v1/ID/GO-2024-2864.json.gz diff --git a/devtools/snapshot_vulndb_v1.sh b/devtools/snapshot_vulndb_v1.sh index 371d936b..5c8dffd4 100755 --- a/devtools/snapshot_vulndb_v1.sh +++ b/devtools/snapshot_vulndb_v1.sh @@ -25,6 +25,7 @@ copyFiles=( "ID/GO-2022-0273.json" "ID/GO-2024-2730.json" "ID/GO-2024-2659.json" + "ID/GO-2024-2864.json" ) go install golang.org/x/vulndb/cmd/indexdb@latest diff --git a/tests/screentest/testcases.ci.txt b/tests/screentest/testcases.ci.txt index 08586216..b56738ed 100644 --- a/tests/screentest/testcases.ci.txt +++ b/tests/screentest/testcases.ci.txt @@ -29,6 +29,11 @@ pathname /vuln/GO-2024-2659 capture fullscreen capture fullscreen 540x1080 +test vuln entry unreviewed +pathname /vuln/GO-2024-2864 +capture fullscreen +capture fullscreen 540x1080 + test vuln stdlib module pathname /archive/zip@go1.16.4 capture viewport diff --git a/tests/screentest/testdata/ci/vuln-540x1080.a.png b/tests/screentest/testdata/ci/vuln-540x1080.a.png index 08158b43..299f02b5 100644 Binary files a/tests/screentest/testdata/ci/vuln-540x1080.a.png and b/tests/screentest/testdata/ci/vuln-540x1080.a.png differ diff --git a/tests/screentest/testdata/ci/vuln-entry-540x1080.a.png b/tests/screentest/testdata/ci/vuln-entry-540x1080.a.png index 5941e453..b6d90b9f 100644 Binary files a/tests/screentest/testdata/ci/vuln-entry-540x1080.a.png and b/tests/screentest/testdata/ci/vuln-entry-540x1080.a.png differ diff --git a/tests/screentest/testdata/ci/vuln-entry-no-packages-540x1080.a.png b/tests/screentest/testdata/ci/vuln-entry-no-packages-540x1080.a.png index c7efb6d8..17a578cf 100644 Binary files a/tests/screentest/testdata/ci/vuln-entry-no-packages-540x1080.a.png and b/tests/screentest/testdata/ci/vuln-entry-no-packages-540x1080.a.png differ diff --git a/tests/screentest/testdata/ci/vuln-entry-no-packages.a.png b/tests/screentest/testdata/ci/vuln-entry-no-packages.a.png index a6a5cc1c..6b528678 100644 Binary files a/tests/screentest/testdata/ci/vuln-entry-no-packages.a.png and b/tests/screentest/testdata/ci/vuln-entry-no-packages.a.png differ diff --git a/tests/screentest/testdata/ci/vuln-entry-unreviewed-540x1080.a.png b/tests/screentest/testdata/ci/vuln-entry-unreviewed-540x1080.a.png new file mode 100644 index 00000000..cb793e0d Binary files /dev/null and b/tests/screentest/testdata/ci/vuln-entry-unreviewed-540x1080.a.png differ diff --git a/tests/screentest/testdata/ci/vuln-entry-unreviewed.a.png b/tests/screentest/testdata/ci/vuln-entry-unreviewed.a.png new file mode 100644 index 00000000..368df048 Binary files /dev/null and b/tests/screentest/testdata/ci/vuln-entry-unreviewed.a.png differ diff --git a/tests/screentest/testdata/ci/vuln-entry-withdrawn-540x1080.a.png b/tests/screentest/testdata/ci/vuln-entry-withdrawn-540x1080.a.png index 9cbe58ff..e3525cbd 100644 Binary files a/tests/screentest/testdata/ci/vuln-entry-withdrawn-540x1080.a.png and b/tests/screentest/testdata/ci/vuln-entry-withdrawn-540x1080.a.png differ diff --git a/tests/screentest/testdata/ci/vuln-entry-withdrawn.a.png b/tests/screentest/testdata/ci/vuln-entry-withdrawn.a.png index 0fdb6fd1..944de2d5 100644 Binary files a/tests/screentest/testdata/ci/vuln-entry-withdrawn.a.png and b/tests/screentest/testdata/ci/vuln-entry-withdrawn.a.png differ diff --git a/tests/screentest/testdata/ci/vuln-entry.a.png b/tests/screentest/testdata/ci/vuln-entry.a.png index 5c96fce1..de8bf975 100644 Binary files a/tests/screentest/testdata/ci/vuln-entry.a.png and b/tests/screentest/testdata/ci/vuln-entry.a.png differ diff --git a/tests/screentest/testdata/ci/vuln-list-540x1080.a.png b/tests/screentest/testdata/ci/vuln-list-540x1080.a.png index ea2d9c67..29f44134 100644 Binary files a/tests/screentest/testdata/ci/vuln-list-540x1080.a.png and b/tests/screentest/testdata/ci/vuln-list-540x1080.a.png differ diff --git a/tests/screentest/testdata/ci/vuln-list.a.png b/tests/screentest/testdata/ci/vuln-list.a.png index 11d84b39..f769307e 100644 Binary files a/tests/screentest/testdata/ci/vuln-list.a.png and b/tests/screentest/testdata/ci/vuln-list.a.png differ diff --git a/tests/screentest/testdata/ci/vuln-search-540x1080.a.png b/tests/screentest/testdata/ci/vuln-search-540x1080.a.png index 432afcdf..cdadc8cf 100644 Binary files a/tests/screentest/testdata/ci/vuln-search-540x1080.a.png and b/tests/screentest/testdata/ci/vuln-search-540x1080.a.png differ diff --git a/tests/screentest/testdata/ci/vuln-search.a.png b/tests/screentest/testdata/ci/vuln-search.a.png index f128e892..ad9a9eb3 100644 Binary files a/tests/screentest/testdata/ci/vuln-search.a.png and b/tests/screentest/testdata/ci/vuln-search.a.png differ diff --git a/tests/screentest/testdata/ci/vuln.a.png b/tests/screentest/testdata/ci/vuln.a.png index 26651e6f..d1a84031 100644 Binary files a/tests/screentest/testdata/ci/vuln.a.png and b/tests/screentest/testdata/ci/vuln.a.png differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0068.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0068.json index 818b7180..0f286ef1 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0068.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0068.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2021-0068","modified":"2023-06-12T18:45:41Z","published":"2021-04-14T20:04:52Z","aliases":["CVE-2021-3115"],"summary":"Arbitrary code injection via the go command with cgo on Windows in cmd/go","details":"The go command may execute arbitrary code at build time when using cgo on Windows. This can be triggered by running go get on a malicious module, or any other time the code is built.","affected":[{"package":{"name":"toolchain","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.14.14"},{"introduced":"1.15.0-0"},{"fixed":"1.15.7"}]}],"ecosystem_specific":{"imports":[{"path":"cmd/go","goos":["windows"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/284783"},{"type":"FIX","url":"https://go.googlesource.com/go/+/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0"},{"type":"REPORT","url":"https://go.dev/issue/43783"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/mperVMGa98w/m/yo5W5wnvAAAJ"},{"type":"FIX","url":"https://go.dev/cl/284780"},{"type":"FIX","url":"https://go.googlesource.com/go/+/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0"}],"credits":[{"name":"RyotaK"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0068"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2021-0068","modified":"2024-05-20T16:03:47Z","published":"2021-04-14T20:04:52Z","aliases":["CVE-2021-3115"],"summary":"Arbitrary code injection via the go command with cgo on Windows in cmd/go","details":"The go command may execute arbitrary code at build time when using cgo on Windows. This can be triggered by running go get on a malicious module, or any other time the code is built.","affected":[{"package":{"name":"toolchain","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.14.14"},{"introduced":"1.15.0-0"},{"fixed":"1.15.7"}]}],"ecosystem_specific":{"imports":[{"path":"cmd/go","goos":["windows"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/284783"},{"type":"FIX","url":"https://go.googlesource.com/go/+/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0"},{"type":"REPORT","url":"https://go.dev/issue/43783"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/mperVMGa98w/m/yo5W5wnvAAAJ"},{"type":"FIX","url":"https://go.dev/cl/284780"},{"type":"FIX","url":"https://go.googlesource.com/go/+/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0"}],"credits":[{"name":"RyotaK"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0068","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0068.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0068.json.gz index 0bea45df..74357928 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0068.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0068.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0159.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0159.json index 401e1316..52e387ea 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0159.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0159.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2021-0159","modified":"2023-06-12T18:45:41Z","published":"2022-01-05T21:39:14Z","aliases":["CVE-2015-5739","CVE-2015-5740","CVE-2015-5741"],"summary":"Request smuggling due to improper header parsing in net/http","details":"HTTP headers were not properly parsed, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.4.3"}]}],"ecosystem_specific":{"imports":[{"path":"net/http","symbols":["CanonicalMIMEHeaderKey","body.readLocked","canonicalMIMEHeaderKey","chunkWriter.writeHeader","fixLength","fixTransferEncoding","readTransfer","transferWriter.shouldSendContentLength","validHeaderFieldByte"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/13148"},{"type":"FIX","url":"https://go.googlesource.com/go/+/26049f6f9171d1190f3bbe05ec304845cfe6399f"},{"type":"FIX","url":"https://go.dev/cl/11772"},{"type":"FIX","url":"https://go.dev/cl/11810"},{"type":"FIX","url":"https://go.dev/cl/12865"},{"type":"FIX","url":"https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9"},{"type":"FIX","url":"https://go.googlesource.com/go/+/300d9a21583e7cf0149a778a0611e76ff7c6680f"},{"type":"FIX","url":"https://go.googlesource.com/go/+/c2db5f4ccc61ba7df96a747e268a277b802cbb87"},{"type":"REPORT","url":"https://go.dev/issue/12027"},{"type":"REPORT","url":"https://go.dev/issue/11930"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ"}],"credits":[{"name":"Jed Denlea"},{"name":"Régis Leroy"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0159"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2021-0159","modified":"2024-05-20T16:03:47Z","published":"2022-01-05T21:39:14Z","aliases":["CVE-2015-5739","CVE-2015-5740","CVE-2015-5741"],"summary":"Request smuggling due to improper header parsing in net/http","details":"HTTP headers were not properly parsed, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.4.3"}]}],"ecosystem_specific":{"imports":[{"path":"net/http","symbols":["CanonicalMIMEHeaderKey","body.readLocked","canonicalMIMEHeaderKey","chunkWriter.writeHeader","fixLength","fixTransferEncoding","readTransfer","transferWriter.shouldSendContentLength","validHeaderFieldByte"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/13148"},{"type":"FIX","url":"https://go.googlesource.com/go/+/26049f6f9171d1190f3bbe05ec304845cfe6399f"},{"type":"FIX","url":"https://go.dev/cl/11772"},{"type":"FIX","url":"https://go.dev/cl/11810"},{"type":"FIX","url":"https://go.dev/cl/12865"},{"type":"FIX","url":"https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9"},{"type":"FIX","url":"https://go.googlesource.com/go/+/300d9a21583e7cf0149a778a0611e76ff7c6680f"},{"type":"FIX","url":"https://go.googlesource.com/go/+/c2db5f4ccc61ba7df96a747e268a277b802cbb87"},{"type":"REPORT","url":"https://go.dev/issue/12027"},{"type":"REPORT","url":"https://go.dev/issue/11930"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ"}],"credits":[{"name":"Jed Denlea"},{"name":"Régis Leroy"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0159","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0159.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0159.json.gz index 474e31dd..79579ab6 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0159.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0159.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0240.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0240.json index 27da31ef..a39fde38 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0240.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0240.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2021-0240","modified":"2023-06-12T18:45:41Z","published":"2022-02-17T17:33:25Z","aliases":["CVE-2021-33196"],"summary":"Panic when reading certain archives in archive/zip","details":"NewReader and OpenReader can cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size.","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.15.13"},{"introduced":"1.16.0-0"},{"fixed":"1.16.5"}]}],"ecosystem_specific":{"imports":[{"path":"archive/zip","symbols":["Reader.init"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/318909"},{"type":"FIX","url":"https://go.googlesource.com/go/+/74242baa4136c7a9132a8ccd9881354442788c8c"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"},{"type":"REPORT","url":"https://go.dev/issue/46242"}],"credits":[{"name":"OSS-Fuzz (discovery)"},{"name":"Emmanuel Odeke (reporter)"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0240"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2021-0240","modified":"2024-05-20T16:03:47Z","published":"2022-02-17T17:33:25Z","aliases":["CVE-2021-33196"],"summary":"Panic when reading certain archives in archive/zip","details":"NewReader and OpenReader can cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size.","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.15.13"},{"introduced":"1.16.0-0"},{"fixed":"1.16.5"}]}],"ecosystem_specific":{"imports":[{"path":"archive/zip","symbols":["Reader.init"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/318909"},{"type":"FIX","url":"https://go.googlesource.com/go/+/74242baa4136c7a9132a8ccd9881354442788c8c"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"},{"type":"REPORT","url":"https://go.dev/issue/46242"}],"credits":[{"name":"OSS-Fuzz (discovery)"},{"name":"Emmanuel Odeke (reporter)"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0240","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0240.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0240.json.gz index 62ca6f60..38c24f95 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0240.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0240.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0264.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0264.json index b531d8e1..f88139e3 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0264.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0264.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2021-0264","modified":"2023-06-12T18:45:41Z","published":"2022-01-13T20:54:43Z","aliases":["CVE-2021-41772"],"summary":"Panic when opening certain archives in archive/zip","details":"Previously, opening a zip with (*Reader).Open could result in a panic if the zip contained a file whose name was exclusively made up of slash characters or \"..\" path elements.\n\nOpen could also panic if passed the empty string directly as an argument.\n\nNow, any files in the zip whose name could not be made valid for fs.FS.Open will be skipped, and no longer added to the fs.FS file list, although they are still accessible through (*Reader).File.\n\nNote that it was already the case that a file could be accessible from (*Reader).Open with a name different from the one in (*Reader).File, as the former is the cleaned name, while the latter is the original one.\n\nFinally, the actual panic site was made robust as a defense-in-depth measure.","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.16.10"},{"introduced":"1.17.0-0"},{"fixed":"1.17.3"}]}],"ecosystem_specific":{"imports":[{"path":"archive/zip","symbols":["Reader.Open","split"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/349770"},{"type":"FIX","url":"https://go.googlesource.com/go/+/b24687394b55a93449e2be4e6892ead58ea9a10f"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/0fM21h43arc"},{"type":"REPORT","url":"https://go.dev/issue/48085"}],"credits":[{"name":"Colin Arnott (SiteHost)"},{"name":"Noah Santschi-Cooney (Sourcegraph Code Intelligence Team)"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0264"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2021-0264","modified":"2024-05-20T16:03:47Z","published":"2022-01-13T20:54:43Z","aliases":["CVE-2021-41772"],"summary":"Panic when opening certain archives in archive/zip","details":"Previously, opening a zip with (*Reader).Open could result in a panic if the zip contained a file whose name was exclusively made up of slash characters or \"..\" path elements.\n\nOpen could also panic if passed the empty string directly as an argument.\n\nNow, any files in the zip whose name could not be made valid for fs.FS.Open will be skipped, and no longer added to the fs.FS file list, although they are still accessible through (*Reader).File.\n\nNote that it was already the case that a file could be accessible from (*Reader).Open with a name different from the one in (*Reader).File, as the former is the cleaned name, while the latter is the original one.\n\nFinally, the actual panic site was made robust as a defense-in-depth measure.","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.16.10"},{"introduced":"1.17.0-0"},{"fixed":"1.17.3"}]}],"ecosystem_specific":{"imports":[{"path":"archive/zip","symbols":["Reader.Open","split"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/349770"},{"type":"FIX","url":"https://go.googlesource.com/go/+/b24687394b55a93449e2be4e6892ead58ea9a10f"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/0fM21h43arc"},{"type":"REPORT","url":"https://go.dev/issue/48085"}],"credits":[{"name":"Colin Arnott (SiteHost)"},{"name":"Noah Santschi-Cooney (Sourcegraph Code Intelligence Team)"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0264","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0264.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0264.json.gz index 2f8a94b5..7ed76b1c 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0264.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2021-0264.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0229.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0229.json index 798347e5..621da16a 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0229.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0229.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2022-0229","modified":"2023-06-12T18:45:41Z","published":"2022-07-06T18:23:48Z","aliases":["CVE-2020-7919","GHSA-cjjc-xp8v-855w"],"summary":"Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte","details":"On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic.\n\nThe malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected.","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.12.16"},{"introduced":"1.13.0-0"},{"fixed":"1.13.7"}]}],"ecosystem_specific":{"imports":[{"path":"crypto/x509"}]}},{"package":{"name":"golang.org/x/crypto","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20200124225646-8b5121be2f68"}]}],"ecosystem_specific":{"imports":[{"path":"golang.org/x/crypto/cryptobyte"}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/216680"},{"type":"FIX","url":"https://go.googlesource.com/go/+/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574"},{"type":"FIX","url":"https://go.dev/cl/216677"},{"type":"REPORT","url":"https://go.dev/issue/36837"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/Hsw4mHYc470"}],"credits":[{"name":"Project Wycheproof"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0229"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2022-0229","modified":"2024-05-20T16:03:47Z","published":"2022-07-06T18:23:48Z","aliases":["CVE-2020-7919","GHSA-cjjc-xp8v-855w"],"summary":"Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte","details":"On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic.\n\nThe malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected.","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.12.16"},{"introduced":"1.13.0-0"},{"fixed":"1.13.7"}]}],"ecosystem_specific":{"imports":[{"path":"crypto/x509"}]}},{"package":{"name":"golang.org/x/crypto","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20200124225646-8b5121be2f68"}]}],"ecosystem_specific":{"imports":[{"path":"golang.org/x/crypto/cryptobyte"}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/216680"},{"type":"FIX","url":"https://go.googlesource.com/go/+/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574"},{"type":"FIX","url":"https://go.dev/cl/216677"},{"type":"REPORT","url":"https://go.dev/issue/36837"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/Hsw4mHYc470"}],"credits":[{"name":"Project Wycheproof"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0229","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0229.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0229.json.gz index c36f933b..4f97cde3 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0229.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0229.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0273.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0273.json index 7e302153..76a1963a 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0273.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0273.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2022-0273","modified":"2023-06-12T18:45:41Z","published":"2022-05-18T18:23:31Z","aliases":["CVE-2021-39293"],"summary":"Panic due to crafted inputs in archive/zip","details":"The NewReader and OpenReader functions in archive/zip can cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size. This is caused by an incomplete fix for CVE-2021-33196.","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.16.8"},{"introduced":"1.17.0-0"},{"fixed":"1.17.1"}]}],"ecosystem_specific":{"imports":[{"path":"archive/zip","symbols":["NewReader","OpenReader"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/343434"},{"type":"FIX","url":"https://go.googlesource.com/go/+/bacbc33439b124ffd7392c91a5f5d96eca8c0c0b"},{"type":"REPORT","url":"https://go.dev/issue/47801"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/dx9d7IOseHw"}],"credits":[{"name":"OSS-Fuzz Project"},{"name":"Emmanuel Odeke"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0273"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2022-0273","modified":"2024-05-20T16:03:47Z","published":"2022-05-18T18:23:31Z","aliases":["CVE-2021-39293"],"summary":"Panic due to crafted inputs in archive/zip","details":"The NewReader and OpenReader functions in archive/zip can cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size. This is caused by an incomplete fix for CVE-2021-33196.","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.16.8"},{"introduced":"1.17.0-0"},{"fixed":"1.17.1"}]}],"ecosystem_specific":{"imports":[{"path":"archive/zip","symbols":["NewReader","OpenReader"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/343434"},{"type":"FIX","url":"https://go.googlesource.com/go/+/bacbc33439b124ffd7392c91a5f5d96eca8c0c0b"},{"type":"REPORT","url":"https://go.dev/issue/47801"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/dx9d7IOseHw"}],"credits":[{"name":"OSS-Fuzz Project"},{"name":"Emmanuel Odeke"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0273","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0273.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0273.json.gz index 39c9d66d..240d7288 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0273.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0273.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0463.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0463.json index 47c98fe6..1d4ad170 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0463.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0463.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z","published":"2022-07-01T20:06:59Z","aliases":["CVE-2022-31259","GHSA-qx32-f6g6-fcfr"],"summary":"Access control bypass due to broad route matching in github.com/beego/beego and beego/v2","details":"Routes in the beego HTTP router can match unintended patterns. This overly-broad matching may permit an attacker to bypass access controls.\n\nFor example, the pattern \"/a/b/:name\" can match the URL \"/a.xml/b/\". This may bypass access control applied to the prefix \"/a/\".","affected":[{"package":{"name":"github.com/astaxie/beego","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/astaxie/beego","symbols":["App.Run","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.ServeHTTP","FilterRouter.ValidRouter","InitBeegoBeforeTest","Run","RunWithMiddleWares","TestBeegoInit","Tree.Match","adminApp.Run"]}]}},{"package":{"name":"github.com/beego/beego","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.12.9"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego","symbols":["App.Run","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.ServeHTTP","FilterRouter.ValidRouter","InitBeegoBeforeTest","Run","RunWithMiddleWares","TestBeegoInit","Tree.Match","Tree.match","adminApp.Run"]}]}},{"package":{"name":"github.com/beego/beego/v2","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.0.3"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego/v2/server/web","symbols":["AddNamespace","AddViewPath","Any","AutoPrefix","AutoRouter","BuildTemplate","Compare","CompareNot","Controller.Abort","Controller.Bind","Controller.BindForm","Controller.BindJSON","Controller.BindProtobuf","Controller.BindXML","Controller.BindYAML","Controller.CheckXSRFCookie","Controller.CustomAbort","Controller.Delete","Controller.DestroySession","Controller.Get","Controller.GetBool","Controller.GetFile","Controller.GetFloat","Controller.GetInt","Controller.GetInt16","Controller.GetInt32","Controller.GetInt64","Controller.GetInt8","Controller.GetSecureCookie","Controller.GetString","Controller.GetStrings","Controller.GetUint16","Controller.GetUint32","Controller.GetUint64","Controller.GetUint8","Controller.Head","Controller.Input","Controller.IsAjax","Controller.JSONResp","Controller.Options","Controller.ParseForm","Controller.Patch","Controller.Post","Controller.Put","Controller.Redirect","Controller.Render","Controller.RenderBytes","Controller.RenderString","Controller.Resp","Controller.SaveToFile","Controller.SaveToFileWithBuffer","Controller.ServeFormatted","Controller.ServeJSON","Controller.ServeJSONP","Controller.ServeXML","Controller.ServeYAML","Controller.SessionRegenerateID","Controller.SetData","Controller.SetSecureCookie","Controller.Trace","Controller.URLFor","Controller.XMLResp","Controller.XSRFFormHTML","Controller.XSRFToken","Controller.YamlResp","ControllerRegister.Add","ControllerRegister.AddAuto","ControllerRegister.AddAutoPrefix","ControllerRegister.AddMethod","ControllerRegister.AddRouterMethod","ControllerRegister.Any","ControllerRegister.CtrlAny","ControllerRegister.CtrlDelete","ControllerRegister.CtrlGet","ControllerRegister.CtrlHead","ControllerRegister.CtrlOptions","ControllerRegister.CtrlPatch","ControllerRegister.CtrlPost","ControllerRegister.CtrlPut","ControllerRegister.Delete","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.Get","ControllerRegister.GetContext","ControllerRegister.Handler","ControllerRegister.Head","ControllerRegister.Include","ControllerRegister.Init","ControllerRegister.InsertFilter","ControllerRegister.Options","ControllerRegister.Patch","ControllerRegister.Post","ControllerRegister.Put","ControllerRegister.ServeHTTP","ControllerRegister.URLFor","CtrlAny","CtrlDelete","CtrlGet","CtrlHead","CtrlOptions","CtrlPatch","CtrlPost","CtrlPut","Date","DateFormat","DateParse","Delete","Exception","ExecuteTemplate","ExecuteViewPathTemplate","FileSystem.Open","FilterRouter.ValidRouter","FlashData.Error","FlashData.Notice","FlashData.Set","FlashData.Store","FlashData.Success","FlashData.Warning","Get","GetConfig","HTML2str","Handler","Head","Htmlquote","Htmlunquote","HttpServer.Any","HttpServer.AutoPrefix","HttpServer.AutoRouter","HttpServer.CtrlAny","HttpServer.CtrlDelete","HttpServer.CtrlGet","HttpServer.CtrlHead","HttpServer.CtrlOptions","HttpServer.CtrlPatch","HttpServer.CtrlPost","HttpServer.CtrlPut","HttpServer.Delete","HttpServer.Get","HttpServer.Handler","HttpServer.Head","HttpServer.Include","HttpServer.InsertFilter","HttpServer.LogAccess","HttpServer.Options","HttpServer.Patch","HttpServer.Post","HttpServer.PrintTree","HttpServer.Put","HttpServer.RESTRouter","HttpServer.Router","HttpServer.RouterWithOpts","HttpServer.Run","Include","InitBeegoBeforeTest","InsertFilter","LoadAppConfig","LogAccess","MapGet","Namespace.Any","Namespace.AutoPrefix","Namespace.AutoRouter","Namespace.Cond","Namespace.CtrlAny","Namespace.CtrlDelete","Namespace.CtrlGet","Namespace.CtrlHead","Namespace.CtrlOptions","Namespace.CtrlPatch","Namespace.CtrlPost","Namespace.CtrlPut","Namespace.Delete","Namespace.Filter","Namespace.Get","Namespace.Handler","Namespace.Head","Namespace.Include","Namespace.Namespace","Namespace.Options","Namespace.Patch","Namespace.Post","Namespace.Put","Namespace.Router","NewControllerRegister","NewControllerRegisterWithCfg","NewHttpServerWithCfg","NewHttpSever","NewNamespace","NotNil","Options","ParseForm","Patch","Policy","Post","PrintTree","Put","RESTRouter","ReadFromRequest","RenderForm","Router","RouterWithOpts","Run","RunWithMiddleWares","TestBeegoInit","Tree.AddRouter","Tree.AddTree","Tree.Match","Tree.match","URLFor","URLMap.GetMap","URLMap.GetMapData","Walk","adminApp.Run","adminController.AdminIndex","adminController.Healthcheck","adminController.ListConf","adminController.ProfIndex","adminController.PrometheusMetrics","adminController.QpsIndex","adminController.TaskStatus","beegoAppConfig.Bool","beegoAppConfig.DefaultBool"]}]}}],"references":[{"type":"FIX","url":"https://github.com/beego/beego/pull/4958"},{"type":"FIX","url":"https://github.com/beego/beego/commit/64cf44d725c8cc35d782327d333df9cbeb1bf2dd"},{"type":"WEB","url":"https://beego.vip"},{"type":"WEB","url":"https://github.com/beego/beego/issues/4946"},{"type":"WEB","url":"https://github.com/beego/beego/pull/4954"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0463"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2022-0463","modified":"2024-05-20T16:03:47Z","published":"2022-07-01T20:06:59Z","aliases":["CVE-2022-31259","GHSA-qx32-f6g6-fcfr"],"summary":"Access control bypass due to broad route matching in github.com/beego/beego and beego/v2","details":"Routes in the beego HTTP router can match unintended patterns. This overly-broad matching may permit an attacker to bypass access controls.\n\nFor example, the pattern \"/a/b/:name\" can match the URL \"/a.xml/b/\". This may bypass access control applied to the prefix \"/a/\".","affected":[{"package":{"name":"github.com/astaxie/beego","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/astaxie/beego","symbols":["App.Run","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.ServeHTTP","FilterRouter.ValidRouter","InitBeegoBeforeTest","Run","RunWithMiddleWares","TestBeegoInit","Tree.Match","adminApp.Run"]}]}},{"package":{"name":"github.com/beego/beego","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.12.9"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego","symbols":["App.Run","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.ServeHTTP","FilterRouter.ValidRouter","InitBeegoBeforeTest","Run","RunWithMiddleWares","TestBeegoInit","Tree.Match","Tree.match","adminApp.Run"]}]}},{"package":{"name":"github.com/beego/beego/v2","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.0.3"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego/v2/server/web","symbols":["AddNamespace","AddViewPath","Any","AutoPrefix","AutoRouter","BuildTemplate","Compare","CompareNot","Controller.Abort","Controller.Bind","Controller.BindForm","Controller.BindJSON","Controller.BindProtobuf","Controller.BindXML","Controller.BindYAML","Controller.CheckXSRFCookie","Controller.CustomAbort","Controller.Delete","Controller.DestroySession","Controller.Get","Controller.GetBool","Controller.GetFile","Controller.GetFloat","Controller.GetInt","Controller.GetInt16","Controller.GetInt32","Controller.GetInt64","Controller.GetInt8","Controller.GetSecureCookie","Controller.GetString","Controller.GetStrings","Controller.GetUint16","Controller.GetUint32","Controller.GetUint64","Controller.GetUint8","Controller.Head","Controller.Input","Controller.IsAjax","Controller.JSONResp","Controller.Options","Controller.ParseForm","Controller.Patch","Controller.Post","Controller.Put","Controller.Redirect","Controller.Render","Controller.RenderBytes","Controller.RenderString","Controller.Resp","Controller.SaveToFile","Controller.SaveToFileWithBuffer","Controller.ServeFormatted","Controller.ServeJSON","Controller.ServeJSONP","Controller.ServeXML","Controller.ServeYAML","Controller.SessionRegenerateID","Controller.SetData","Controller.SetSecureCookie","Controller.Trace","Controller.URLFor","Controller.XMLResp","Controller.XSRFFormHTML","Controller.XSRFToken","Controller.YamlResp","ControllerRegister.Add","ControllerRegister.AddAuto","ControllerRegister.AddAutoPrefix","ControllerRegister.AddMethod","ControllerRegister.AddRouterMethod","ControllerRegister.Any","ControllerRegister.CtrlAny","ControllerRegister.CtrlDelete","ControllerRegister.CtrlGet","ControllerRegister.CtrlHead","ControllerRegister.CtrlOptions","ControllerRegister.CtrlPatch","ControllerRegister.CtrlPost","ControllerRegister.CtrlPut","ControllerRegister.Delete","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.Get","ControllerRegister.GetContext","ControllerRegister.Handler","ControllerRegister.Head","ControllerRegister.Include","ControllerRegister.Init","ControllerRegister.InsertFilter","ControllerRegister.Options","ControllerRegister.Patch","ControllerRegister.Post","ControllerRegister.Put","ControllerRegister.ServeHTTP","ControllerRegister.URLFor","CtrlAny","CtrlDelete","CtrlGet","CtrlHead","CtrlOptions","CtrlPatch","CtrlPost","CtrlPut","Date","DateFormat","DateParse","Delete","Exception","ExecuteTemplate","ExecuteViewPathTemplate","FileSystem.Open","FilterRouter.ValidRouter","FlashData.Error","FlashData.Notice","FlashData.Set","FlashData.Store","FlashData.Success","FlashData.Warning","Get","GetConfig","HTML2str","Handler","Head","Htmlquote","Htmlunquote","HttpServer.Any","HttpServer.AutoPrefix","HttpServer.AutoRouter","HttpServer.CtrlAny","HttpServer.CtrlDelete","HttpServer.CtrlGet","HttpServer.CtrlHead","HttpServer.CtrlOptions","HttpServer.CtrlPatch","HttpServer.CtrlPost","HttpServer.CtrlPut","HttpServer.Delete","HttpServer.Get","HttpServer.Handler","HttpServer.Head","HttpServer.Include","HttpServer.InsertFilter","HttpServer.LogAccess","HttpServer.Options","HttpServer.Patch","HttpServer.Post","HttpServer.PrintTree","HttpServer.Put","HttpServer.RESTRouter","HttpServer.Router","HttpServer.RouterWithOpts","HttpServer.Run","Include","InitBeegoBeforeTest","InsertFilter","LoadAppConfig","LogAccess","MapGet","Namespace.Any","Namespace.AutoPrefix","Namespace.AutoRouter","Namespace.Cond","Namespace.CtrlAny","Namespace.CtrlDelete","Namespace.CtrlGet","Namespace.CtrlHead","Namespace.CtrlOptions","Namespace.CtrlPatch","Namespace.CtrlPost","Namespace.CtrlPut","Namespace.Delete","Namespace.Filter","Namespace.Get","Namespace.Handler","Namespace.Head","Namespace.Include","Namespace.Namespace","Namespace.Options","Namespace.Patch","Namespace.Post","Namespace.Put","Namespace.Router","NewControllerRegister","NewControllerRegisterWithCfg","NewHttpServerWithCfg","NewHttpSever","NewNamespace","NotNil","Options","ParseForm","Patch","Policy","Post","PrintTree","Put","RESTRouter","ReadFromRequest","RenderForm","Router","RouterWithOpts","Run","RunWithMiddleWares","TestBeegoInit","Tree.AddRouter","Tree.AddTree","Tree.Match","Tree.match","URLFor","URLMap.GetMap","URLMap.GetMapData","Walk","adminApp.Run","adminController.AdminIndex","adminController.Healthcheck","adminController.ListConf","adminController.ProfIndex","adminController.PrometheusMetrics","adminController.QpsIndex","adminController.TaskStatus","beegoAppConfig.Bool","beegoAppConfig.DefaultBool","beegoAppConfig.SaveConfigFile","beegoAppConfig.Unmarshaler"]}]}}],"references":[{"type":"FIX","url":"https://github.com/beego/beego/pull/4958"},{"type":"FIX","url":"https://github.com/beego/beego/commit/64cf44d725c8cc35d782327d333df9cbeb1bf2dd"},{"type":"WEB","url":"https://beego.vip"},{"type":"WEB","url":"https://github.com/beego/beego/issues/4946"},{"type":"WEB","url":"https://github.com/beego/beego/pull/4954"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0463","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0463.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0463.json.gz index 3e9fbefe..6629431d 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0463.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0463.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0475.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0475.json index 71c537e5..7721611a 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0475.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0475.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2022-0475","modified":"2023-06-12T18:45:41Z","published":"2022-07-28T17:24:30Z","aliases":["CVE-2020-28366"],"summary":"Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo","details":"The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code.\n\nThis can be caused by malicious unquoted symbol name in a linked object file.","affected":[{"package":{"name":"toolchain","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.14.12"},{"introduced":"1.15.0-0"},{"fixed":"1.15.5"}]}],"ecosystem_specific":{"imports":[{"path":"cmd/go","symbols":["Builder.cgo"]},{"path":"cmd/cgo","symbols":["dynimport"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/269658"},{"type":"FIX","url":"https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292"},{"type":"REPORT","url":"https://go.dev/issue/42559"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM"}],"credits":[{"name":"Chris Brown (Tempus Ex)"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0475"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2022-0475","modified":"2024-05-20T16:03:47Z","published":"2022-07-28T17:24:30Z","aliases":["CVE-2020-28366"],"summary":"Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo","details":"The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code.\n\nThis can be caused by malicious unquoted symbol name in a linked object file.","affected":[{"package":{"name":"toolchain","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.14.12"},{"introduced":"1.15.0-0"},{"fixed":"1.15.5"}]}],"ecosystem_specific":{"imports":[{"path":"cmd/go","symbols":["Builder.cgo"]},{"path":"cmd/cgo","symbols":["dynimport"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/269658"},{"type":"FIX","url":"https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292"},{"type":"REPORT","url":"https://go.dev/issue/42559"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM"}],"credits":[{"name":"Chris Brown (Tempus Ex)"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0475","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0475.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0475.json.gz index ca07ea4f..8fb0c325 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0475.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0475.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0476.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0476.json index f481aee7..8f316278 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0476.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0476.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2022-0476","modified":"2023-06-12T18:45:41Z","published":"2022-07-28T17:24:43Z","aliases":["CVE-2020-28367"],"summary":"Arbitrary code execution via the go command with cgo in cmd/go","details":"The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code.\n\nThis can be caused by malicious gcc flags specified via a cgo directive.","affected":[{"package":{"name":"toolchain","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.14.12"},{"introduced":"1.15.0-0"},{"fixed":"1.15.5"}]}],"ecosystem_specific":{"imports":[{"path":"cmd/go","symbols":["validCompilerFlags"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/267277"},{"type":"FIX","url":"https://go.googlesource.com/go/+/da7aa86917811a571e6634b45a457f918b8e6561"},{"type":"REPORT","url":"https://go.dev/issue/42556"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM"}],"credits":[{"name":"Imre Rad"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0476"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2022-0476","modified":"2024-05-20T16:03:47Z","published":"2022-07-28T17:24:43Z","aliases":["CVE-2020-28367"],"summary":"Arbitrary code execution via the go command with cgo in cmd/go","details":"The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code.\n\nThis can be caused by malicious gcc flags specified via a cgo directive.","affected":[{"package":{"name":"toolchain","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.14.12"},{"introduced":"1.15.0-0"},{"fixed":"1.15.5"}]}],"ecosystem_specific":{"imports":[{"path":"cmd/go","symbols":["validCompilerFlags"]}]}}],"references":[{"type":"FIX","url":"https://go.dev/cl/267277"},{"type":"FIX","url":"https://go.googlesource.com/go/+/da7aa86917811a571e6634b45a457f918b8e6561"},{"type":"REPORT","url":"https://go.dev/issue/42556"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM"}],"credits":[{"name":"Imre Rad"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0476","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0476.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0476.json.gz index 373aafda..ec6cbf5e 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0476.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0476.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0569.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0569.json index a465a592..dd21d7a5 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0569.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0569.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z","published":"2022-08-23T13:24:17Z","aliases":["CVE-2022-31836","GHSA-95f9-94vc-665h"],"summary":"Path traversal in github.com/beego/beego and beego/v2","details":"The leafInfo.match() function uses path.join() to deal with wildcard values which can lead to cross directory risk.","affected":[{"package":{"name":"github.com/astaxie/beego","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/astaxie/beego","symbols":["App.Run","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.ServeHTTP","FilterRouter.ValidRouter","InitBeegoBeforeTest","Run","RunWithMiddleWares","TestBeegoInit","Tree.Match","adminApp.Run"]}]}},{"package":{"name":"github.com/beego/beego","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.12.11"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego","symbols":["App.Run","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.ServeHTTP","FilterRouter.ValidRouter","InitBeegoBeforeTest","Run","RunWithMiddleWares","TestBeegoInit","Tree.Match","adminApp.Run"]}]}},{"package":{"name":"github.com/beego/beego/v2","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.0.0"},{"fixed":"2.0.4"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego/v2/server/web","symbols":["AddNamespace","AddViewPath","Any","AutoPrefix","AutoRouter","BuildTemplate","Compare","CompareNot","Controller.Abort","Controller.Bind","Controller.BindForm","Controller.BindJSON","Controller.BindProtobuf","Controller.BindXML","Controller.BindYAML","Controller.CheckXSRFCookie","Controller.CustomAbort","Controller.Delete","Controller.DestroySession","Controller.Get","Controller.GetBool","Controller.GetFile","Controller.GetFloat","Controller.GetInt","Controller.GetInt16","Controller.GetInt32","Controller.GetInt64","Controller.GetInt8","Controller.GetSecureCookie","Controller.GetString","Controller.GetStrings","Controller.GetUint16","Controller.GetUint32","Controller.GetUint64","Controller.GetUint8","Controller.Head","Controller.Input","Controller.IsAjax","Controller.JSONResp","Controller.Options","Controller.ParseForm","Controller.Patch","Controller.Post","Controller.Put","Controller.Redirect","Controller.Render","Controller.RenderBytes","Controller.RenderString","Controller.Resp","Controller.SaveToFile","Controller.SaveToFileWithBuffer","Controller.ServeFormatted","Controller.ServeJSON","Controller.ServeJSONP","Controller.ServeXML","Controller.ServeYAML","Controller.SessionRegenerateID","Controller.SetData","Controller.SetSecureCookie","Controller.Trace","Controller.URLFor","Controller.XMLResp","Controller.XSRFFormHTML","Controller.XSRFToken","Controller.YamlResp","ControllerRegister.Add","ControllerRegister.AddAuto","ControllerRegister.AddAutoPrefix","ControllerRegister.AddMethod","ControllerRegister.AddRouterMethod","ControllerRegister.Any","ControllerRegister.CtrlAny","ControllerRegister.CtrlDelete","ControllerRegister.CtrlGet","ControllerRegister.CtrlHead","ControllerRegister.CtrlOptions","ControllerRegister.CtrlPatch","ControllerRegister.CtrlPost","ControllerRegister.CtrlPut","ControllerRegister.Delete","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.Get","ControllerRegister.GetContext","ControllerRegister.Handler","ControllerRegister.Head","ControllerRegister.Include","ControllerRegister.Init","ControllerRegister.InsertFilter","ControllerRegister.Options","ControllerRegister.Patch","ControllerRegister.Post","ControllerRegister.Put","ControllerRegister.ServeHTTP","ControllerRegister.URLFor","CtrlAny","CtrlDelete","CtrlGet","CtrlHead","CtrlOptions","CtrlPatch","CtrlPost","CtrlPut","Date","DateFormat","DateParse","Delete","Exception","ExecuteTemplate","ExecuteViewPathTemplate","FileSystem.Open","FilterRouter.ValidRouter","FlashData.Error","FlashData.Notice","FlashData.Set","FlashData.Store","FlashData.Success","FlashData.Warning","Get","GetConfig","HTML2str","Handler","Head","Htmlquote","Htmlunquote","HttpServer.Any","HttpServer.AutoPrefix","HttpServer.AutoRouter","HttpServer.CtrlAny","HttpServer.CtrlDelete","HttpServer.CtrlGet","HttpServer.CtrlHead","HttpServer.CtrlOptions","HttpServer.CtrlPatch","HttpServer.CtrlPost","HttpServer.CtrlPut","HttpServer.Delete","HttpServer.Get","HttpServer.Handler","HttpServer.Head","HttpServer.Include","HttpServer.InsertFilter","HttpServer.LogAccess","HttpServer.Options","HttpServer.Patch","HttpServer.Post","HttpServer.PrintTree","HttpServer.Put","HttpServer.RESTRouter","HttpServer.Router","HttpServer.RouterWithOpts","HttpServer.Run","Include","InitBeegoBeforeTest","InsertFilter","LoadAppConfig","LogAccess","MapGet","Namespace.Any","Namespace.AutoPrefix","Namespace.AutoRouter","Namespace.Cond","Namespace.CtrlAny","Namespace.CtrlDelete","Namespace.CtrlGet","Namespace.CtrlHead","Namespace.CtrlOptions","Namespace.CtrlPatch","Namespace.CtrlPost","Namespace.CtrlPut","Namespace.Delete","Namespace.Filter","Namespace.Get","Namespace.Handler","Namespace.Head","Namespace.Include","Namespace.Namespace","Namespace.Options","Namespace.Patch","Namespace.Post","Namespace.Put","Namespace.Router","NewControllerRegister","NewControllerRegisterWithCfg","NewHttpServerWithCfg","NewHttpSever","NewNamespace","NotNil","Options","ParseForm","Patch","Policy","Post","PrintTree","Put","RESTRouter","ReadFromRequest","RenderForm","Router","RouterWithOpts","Run","RunWithMiddleWares","TestBeegoInit","Tree.AddRouter","Tree.AddTree","Tree.Match","URLFor","URLMap.GetMap","URLMap.GetMapData","Walk","adminApp.Run","adminController.AdminIndex","adminController.Healthcheck","adminController.ListConf","adminController.ProfIndex","adminController.PrometheusMetrics","adminController.QpsIndex","adminController.TaskStatus","beegoAppConfig.Bool","beegoAppConfig.DefaultBool"]}]}}],"references":[{"type":"FIX","url":"https://github.com/beego/beego/pull/5025"},{"type":"FIX","url":"https://github.com/beego/beego/pull/5025/commits/ea5ae58d40589d249cf577a053e490509de2bf57"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0569"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2022-0569","modified":"2024-05-20T16:03:47Z","published":"2022-08-23T13:24:17Z","aliases":["CVE-2022-31836","GHSA-95f9-94vc-665h"],"summary":"Path traversal in github.com/beego/beego and beego/v2","details":"The leafInfo.match() function uses path.join() to deal with wildcard values which can lead to cross directory risk.","affected":[{"package":{"name":"github.com/astaxie/beego","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/astaxie/beego","symbols":["App.Run","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.ServeHTTP","FilterRouter.ValidRouter","InitBeegoBeforeTest","Run","RunWithMiddleWares","TestBeegoInit","Tree.Match","adminApp.Run"]}]}},{"package":{"name":"github.com/beego/beego","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.12.11"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego","symbols":["App.Run","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.ServeHTTP","FilterRouter.ValidRouter","InitBeegoBeforeTest","Run","RunWithMiddleWares","TestBeegoInit","Tree.Match","adminApp.Run"]}]}},{"package":{"name":"github.com/beego/beego/v2","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.0.0"},{"fixed":"2.0.4"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego/v2/server/web","symbols":["AddNamespace","AddViewPath","Any","AutoPrefix","AutoRouter","BuildTemplate","Compare","CompareNot","Controller.Abort","Controller.Bind","Controller.BindForm","Controller.BindJSON","Controller.BindProtobuf","Controller.BindXML","Controller.BindYAML","Controller.CheckXSRFCookie","Controller.CustomAbort","Controller.Delete","Controller.DestroySession","Controller.Get","Controller.GetBool","Controller.GetFile","Controller.GetFloat","Controller.GetInt","Controller.GetInt16","Controller.GetInt32","Controller.GetInt64","Controller.GetInt8","Controller.GetSecureCookie","Controller.GetString","Controller.GetStrings","Controller.GetUint16","Controller.GetUint32","Controller.GetUint64","Controller.GetUint8","Controller.Head","Controller.Input","Controller.IsAjax","Controller.JSONResp","Controller.Options","Controller.ParseForm","Controller.Patch","Controller.Post","Controller.Put","Controller.Redirect","Controller.Render","Controller.RenderBytes","Controller.RenderString","Controller.Resp","Controller.SaveToFile","Controller.SaveToFileWithBuffer","Controller.ServeFormatted","Controller.ServeJSON","Controller.ServeJSONP","Controller.ServeXML","Controller.ServeYAML","Controller.SessionRegenerateID","Controller.SetData","Controller.SetSecureCookie","Controller.Trace","Controller.URLFor","Controller.XMLResp","Controller.XSRFFormHTML","Controller.XSRFToken","Controller.YamlResp","ControllerRegister.Add","ControllerRegister.AddAuto","ControllerRegister.AddAutoPrefix","ControllerRegister.AddMethod","ControllerRegister.AddRouterMethod","ControllerRegister.Any","ControllerRegister.CtrlAny","ControllerRegister.CtrlDelete","ControllerRegister.CtrlGet","ControllerRegister.CtrlHead","ControllerRegister.CtrlOptions","ControllerRegister.CtrlPatch","ControllerRegister.CtrlPost","ControllerRegister.CtrlPut","ControllerRegister.Delete","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.Get","ControllerRegister.GetContext","ControllerRegister.Handler","ControllerRegister.Head","ControllerRegister.Include","ControllerRegister.Init","ControllerRegister.InsertFilter","ControllerRegister.Options","ControllerRegister.Patch","ControllerRegister.Post","ControllerRegister.Put","ControllerRegister.ServeHTTP","ControllerRegister.URLFor","CtrlAny","CtrlDelete","CtrlGet","CtrlHead","CtrlOptions","CtrlPatch","CtrlPost","CtrlPut","Date","DateFormat","DateParse","Delete","Exception","ExecuteTemplate","ExecuteViewPathTemplate","FileSystem.Open","FilterRouter.ValidRouter","FlashData.Error","FlashData.Notice","FlashData.Set","FlashData.Store","FlashData.Success","FlashData.Warning","Get","GetConfig","HTML2str","Handler","Head","Htmlquote","Htmlunquote","HttpServer.Any","HttpServer.AutoPrefix","HttpServer.AutoRouter","HttpServer.CtrlAny","HttpServer.CtrlDelete","HttpServer.CtrlGet","HttpServer.CtrlHead","HttpServer.CtrlOptions","HttpServer.CtrlPatch","HttpServer.CtrlPost","HttpServer.CtrlPut","HttpServer.Delete","HttpServer.Get","HttpServer.Handler","HttpServer.Head","HttpServer.Include","HttpServer.InsertFilter","HttpServer.LogAccess","HttpServer.Options","HttpServer.Patch","HttpServer.Post","HttpServer.PrintTree","HttpServer.Put","HttpServer.RESTRouter","HttpServer.Router","HttpServer.RouterWithOpts","HttpServer.Run","Include","InitBeegoBeforeTest","InsertFilter","LoadAppConfig","LogAccess","MapGet","Namespace.Any","Namespace.AutoPrefix","Namespace.AutoRouter","Namespace.Cond","Namespace.CtrlAny","Namespace.CtrlDelete","Namespace.CtrlGet","Namespace.CtrlHead","Namespace.CtrlOptions","Namespace.CtrlPatch","Namespace.CtrlPost","Namespace.CtrlPut","Namespace.Delete","Namespace.Filter","Namespace.Get","Namespace.Handler","Namespace.Head","Namespace.Include","Namespace.Namespace","Namespace.Options","Namespace.Patch","Namespace.Post","Namespace.Put","Namespace.Router","NewControllerRegister","NewControllerRegisterWithCfg","NewHttpServerWithCfg","NewHttpSever","NewNamespace","NotNil","Options","ParseForm","Patch","Policy","Post","PrintTree","Put","RESTRouter","ReadFromRequest","RenderForm","Router","RouterWithOpts","Run","RunWithMiddleWares","TestBeegoInit","Tree.AddRouter","Tree.AddTree","Tree.Match","URLFor","URLMap.GetMap","URLMap.GetMapData","Walk","adminApp.Run","adminController.AdminIndex","adminController.Healthcheck","adminController.ListConf","adminController.ProfIndex","adminController.PrometheusMetrics","adminController.QpsIndex","adminController.TaskStatus","beegoAppConfig.Bool","beegoAppConfig.DefaultBool","beegoAppConfig.SaveConfigFile","beegoAppConfig.Unmarshaler"]}]}}],"references":[{"type":"FIX","url":"https://github.com/beego/beego/pull/5025"},{"type":"FIX","url":"https://github.com/beego/beego/pull/5025/commits/ea5ae58d40589d249cf577a053e490509de2bf57"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0569","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0569.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0569.json.gz index ec7e9f37..1658d927 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0569.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0569.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0572.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0572.json index 79d55a4c..26831485 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0572.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0572.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z","published":"2022-08-22T17:56:17Z","aliases":["CVE-2021-30080","GHSA-28r6-jm5h-mrgg"],"summary":"Access control bypass via incorrect route lookup in github.com/beego/beego and beego/v2","details":"An issue was discovered in the route lookup process in beego which attackers to bypass access control.","affected":[{"package":{"name":"github.com/astaxie/beego","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/astaxie/beego","symbols":["App.Run","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.ServeHTTP","FilterRouter.ValidRouter","InitBeegoBeforeTest","Run","RunWithMiddleWares","TestBeegoInit","Tree.Match","adminApp.Run"]}]}},{"package":{"name":"github.com/beego/beego","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego","symbols":["App.Run","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.ServeHTTP","FilterRouter.ValidRouter","InitBeegoBeforeTest","Run","RunWithMiddleWares","TestBeegoInit","Tree.Match","adminApp.Run"]}]}},{"package":{"name":"github.com/beego/beego/v2","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.0.0"},{"fixed":"2.0.3"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego/v2/server/web","symbols":["AddNamespace","AddViewPath","Any","AutoPrefix","AutoRouter","BuildTemplate","Compare","CompareNot","Controller.Abort","Controller.CheckXSRFCookie","Controller.CustomAbort","Controller.Delete","Controller.DestroySession","Controller.Get","Controller.GetBool","Controller.GetFile","Controller.GetFloat","Controller.GetInt","Controller.GetInt16","Controller.GetInt32","Controller.GetInt64","Controller.GetInt8","Controller.GetSecureCookie","Controller.GetString","Controller.GetStrings","Controller.GetUint16","Controller.GetUint32","Controller.GetUint64","Controller.GetUint8","Controller.Head","Controller.Input","Controller.IsAjax","Controller.Options","Controller.ParseForm","Controller.Patch","Controller.Post","Controller.Put","Controller.Redirect","Controller.Render","Controller.RenderBytes","Controller.RenderString","Controller.SaveToFile","Controller.ServeFormatted","Controller.ServeJSON","Controller.ServeJSONP","Controller.ServeXML","Controller.ServeYAML","Controller.SessionRegenerateID","Controller.SetData","Controller.SetSecureCookie","Controller.Trace","Controller.URLFor","Controller.XSRFFormHTML","Controller.XSRFToken","ControllerRegister.Add","ControllerRegister.AddAuto","ControllerRegister.AddAutoPrefix","ControllerRegister.AddMethod","ControllerRegister.Any","ControllerRegister.Delete","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.Get","ControllerRegister.GetContext","ControllerRegister.Handler","ControllerRegister.Head","ControllerRegister.Include","ControllerRegister.InsertFilter","ControllerRegister.InsertFilterChain","ControllerRegister.Options","ControllerRegister.Patch","ControllerRegister.Post","ControllerRegister.Put","ControllerRegister.ServeHTTP","ControllerRegister.URLFor","Date","DateFormat","DateParse","Delete","Exception","ExecuteTemplate","ExecuteViewPathTemplate","FileSystem.Open","FilterRouter.ValidRouter","FlashData.Error","FlashData.Notice","FlashData.Set","FlashData.Store","FlashData.Success","FlashData.Warning","Get","GetConfig","HTML2str","Handler","Head","Htmlquote","Htmlunquote","HttpServer.Any","HttpServer.AutoPrefix","HttpServer.AutoRouter","HttpServer.Delete","HttpServer.Get","HttpServer.Handler","HttpServer.Head","HttpServer.Include","HttpServer.InsertFilter","HttpServer.InsertFilterChain","HttpServer.LogAccess","HttpServer.Options","HttpServer.Patch","HttpServer.Post","HttpServer.PrintTree","HttpServer.Put","HttpServer.RESTRouter","HttpServer.Router","HttpServer.Run","Include","InitBeegoBeforeTest","InsertFilter","InsertFilterChain","LoadAppConfig","LogAccess","MapGet","Namespace.Any","Namespace.AutoPrefix","Namespace.AutoRouter","Namespace.Cond","Namespace.Delete","Namespace.Filter","Namespace.Get","Namespace.Handler","Namespace.Head","Namespace.Include","Namespace.Namespace","Namespace.Options","Namespace.Patch","Namespace.Post","Namespace.Put","Namespace.Router","NewControllerRegister","NewControllerRegisterWithCfg","NewHttpServerWithCfg","NewHttpSever","NewNamespace","NotNil","Options","ParseForm","Patch","Policy","Post","PrintTree","Put","RESTRouter","ReadFromRequest","RenderForm","Router","Run","RunWithMiddleWares","TestBeegoInit","Tree.AddRouter","Tree.AddTree","Tree.Match","URLFor","URLMap.GetMap","URLMap.GetMapData","Walk","adminApp.Run","adminController.AdminIndex","adminController.Healthcheck","adminController.ListConf","adminController.ProfIndex","adminController.PrometheusMetrics","adminController.QpsIndex","adminController.TaskStatus","beegoAppConfig.Bool","beegoAppConfig.DefaultBool"]}]}}],"references":[{"type":"FIX","url":"https://github.com/beego/beego/pull/4459"},{"type":"FIX","url":"https://github.com/beego/beego/commit/d5df5e470d0a8ed291930ae802fd7e6b95226519"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0572"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2022-0572","modified":"2024-05-20T16:03:47Z","published":"2022-08-22T17:56:17Z","aliases":["CVE-2021-30080","GHSA-28r6-jm5h-mrgg"],"summary":"Access control bypass via incorrect route lookup in github.com/beego/beego and beego/v2","details":"An issue was discovered in the route lookup process in beego which attackers to bypass access control.","affected":[{"package":{"name":"github.com/astaxie/beego","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/astaxie/beego","symbols":["App.Run","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.ServeHTTP","FilterRouter.ValidRouter","InitBeegoBeforeTest","Run","RunWithMiddleWares","TestBeegoInit","Tree.Match","adminApp.Run"]}]}},{"package":{"name":"github.com/beego/beego","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego","symbols":["App.Run","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.ServeHTTP","FilterRouter.ValidRouter","InitBeegoBeforeTest","Run","RunWithMiddleWares","TestBeegoInit","Tree.Match","adminApp.Run"]}]}},{"package":{"name":"github.com/beego/beego/v2","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.0.0"},{"fixed":"2.0.3"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego/v2/server/web","symbols":["AddNamespace","AddViewPath","Any","AutoPrefix","AutoRouter","BuildTemplate","Compare","CompareNot","Controller.Abort","Controller.CheckXSRFCookie","Controller.CustomAbort","Controller.Delete","Controller.DestroySession","Controller.Get","Controller.GetBool","Controller.GetFile","Controller.GetFloat","Controller.GetInt","Controller.GetInt16","Controller.GetInt32","Controller.GetInt64","Controller.GetInt8","Controller.GetSecureCookie","Controller.GetString","Controller.GetStrings","Controller.GetUint16","Controller.GetUint32","Controller.GetUint64","Controller.GetUint8","Controller.Head","Controller.Input","Controller.IsAjax","Controller.Options","Controller.ParseForm","Controller.Patch","Controller.Post","Controller.Put","Controller.Redirect","Controller.Render","Controller.RenderBytes","Controller.RenderString","Controller.SaveToFile","Controller.ServeFormatted","Controller.ServeJSON","Controller.ServeJSONP","Controller.ServeXML","Controller.ServeYAML","Controller.SessionRegenerateID","Controller.SetData","Controller.SetSecureCookie","Controller.Trace","Controller.URLFor","Controller.XSRFFormHTML","Controller.XSRFToken","ControllerRegister.Add","ControllerRegister.AddAuto","ControllerRegister.AddAutoPrefix","ControllerRegister.AddMethod","ControllerRegister.Any","ControllerRegister.Delete","ControllerRegister.FindPolicy","ControllerRegister.FindRouter","ControllerRegister.Get","ControllerRegister.GetContext","ControllerRegister.Handler","ControllerRegister.Head","ControllerRegister.Include","ControllerRegister.InsertFilter","ControllerRegister.InsertFilterChain","ControllerRegister.Options","ControllerRegister.Patch","ControllerRegister.Post","ControllerRegister.Put","ControllerRegister.ServeHTTP","ControllerRegister.URLFor","Date","DateFormat","DateParse","Delete","Exception","ExecuteTemplate","ExecuteViewPathTemplate","FileSystem.Open","FilterRouter.ValidRouter","FlashData.Error","FlashData.Notice","FlashData.Set","FlashData.Store","FlashData.Success","FlashData.Warning","Get","GetConfig","HTML2str","Handler","Head","Htmlquote","Htmlunquote","HttpServer.Any","HttpServer.AutoPrefix","HttpServer.AutoRouter","HttpServer.Delete","HttpServer.Get","HttpServer.Handler","HttpServer.Head","HttpServer.Include","HttpServer.InsertFilter","HttpServer.InsertFilterChain","HttpServer.LogAccess","HttpServer.Options","HttpServer.Patch","HttpServer.Post","HttpServer.PrintTree","HttpServer.Put","HttpServer.RESTRouter","HttpServer.Router","HttpServer.Run","Include","InitBeegoBeforeTest","InsertFilter","InsertFilterChain","LoadAppConfig","LogAccess","MapGet","Namespace.Any","Namespace.AutoPrefix","Namespace.AutoRouter","Namespace.Cond","Namespace.Delete","Namespace.Filter","Namespace.Get","Namespace.Handler","Namespace.Head","Namespace.Include","Namespace.Namespace","Namespace.Options","Namespace.Patch","Namespace.Post","Namespace.Put","Namespace.Router","NewControllerRegister","NewControllerRegisterWithCfg","NewHttpServerWithCfg","NewHttpSever","NewNamespace","NotNil","Options","ParseForm","Patch","Policy","Post","PrintTree","Put","RESTRouter","ReadFromRequest","RenderForm","Router","Run","RunWithMiddleWares","TestBeegoInit","Tree.AddRouter","Tree.AddTree","Tree.Match","URLFor","URLMap.GetMap","URLMap.GetMapData","Walk","adminApp.Run","adminController.AdminIndex","adminController.Healthcheck","adminController.ListConf","adminController.ProfIndex","adminController.PrometheusMetrics","adminController.QpsIndex","adminController.TaskStatus","beegoAppConfig.Bool","beegoAppConfig.DefaultBool","beegoAppConfig.SaveConfigFile","beegoAppConfig.Unmarshaler"]}]}}],"references":[{"type":"FIX","url":"https://github.com/beego/beego/pull/4459"},{"type":"FIX","url":"https://github.com/beego/beego/commit/d5df5e470d0a8ed291930ae802fd7e6b95226519"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0572","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0572.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0572.json.gz index 9c1d0d2a..1904fd31 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0572.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2022-0572.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json index fb560a3e..d53b84de 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2024-2659","modified":"2024-03-22T18:49:03Z","published":"2024-03-22T18:49:03Z","aliases":["CVE-2024-29018","GHSA-mq39-4gv4-mvpx"],"summary":"Data exfiltration from internal networks in github.com/docker/docker","details":"dockerd forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics, networks marked as 'internal' can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers.","affected":[{"package":{"name":"github.com/docker/docker","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"25.0.0+incompatible"},{"fixed":"25.0.5+incompatible"},{"introduced":"26.0.0-rc1+incompatible"},{"fixed":"26.0.0-rc3+incompatible"}]}],"ecosystem_specific":{}}],"references":[{"type":"ADVISORY","url":"https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx"},{"type":"WEB","url":"https://github.com/moby/moby/pull/46609"}],"credits":[{"name":"@robmry"},{"name":"@akerouanton"},{"name":"@neersighted"},{"name":"@gabriellavengeo"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-2659"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2024-2659","modified":"2024-05-20T16:03:47Z","published":"2024-03-22T18:49:03Z","aliases":["CVE-2024-29018","GHSA-mq39-4gv4-mvpx"],"summary":"Data exfiltration from internal networks in github.com/docker/docker","details":"dockerd forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics, networks marked as 'internal' can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers.","affected":[{"package":{"name":"github.com/docker/docker","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"25.0.0+incompatible"},{"fixed":"25.0.5+incompatible"},{"introduced":"26.0.0-rc1+incompatible"},{"fixed":"26.0.0-rc3+incompatible"}]}],"ecosystem_specific":{}}],"references":[{"type":"ADVISORY","url":"https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx"},{"type":"WEB","url":"https://github.com/moby/moby/pull/46609"}],"credits":[{"name":"@robmry"},{"name":"@akerouanton"},{"name":"@neersighted"},{"name":"@gabriellavengeo"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-2659","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json.gz index eb4407b9..7788b01f 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2730.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2730.json index b557a83c..f925d8f7 100644 --- a/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2730.json +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2730.json @@ -1 +1 @@ -{"schema_version":"1.3.1","id":"GO-2024-2730","modified":"2024-04-17T19:55:00Z","published":"2024-04-17T15:34:19Z","withdrawn":"2024-04-17T18:06:23Z","related":["CVE-2024-3400"],"summary":"WITHDRAWN: Directory traversal in FilesystemStore in github.com/gorilla/sessions","details":"(This report has been withdrawn on the grounds that it generates too many false positives. Session IDs are documented as not being suitable to hold user-provided data.)\n\nFilesystemStore does not sanitize the Session.ID value, making it vulnerable to directory traversal attacks. If an attacker has control over the contents of the session ID, this can be exploited to write to arbitrary files in the filesystem.\n\nPrograms which do not set session IDs explicitly, or which only set session IDs that will not be interpreted by the filesystem, are not vulnerable.","affected":[{"package":{"name":"github.com/gorilla/sessions","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/gorilla/sessions","symbols":["CookieStore.Get","FilesystemStore.Get","FilesystemStore.New","FilesystemStore.Save","FilesystemStore.erase","FilesystemStore.load","FilesystemStore.save","Registry.Get","Registry.Save","Save","Session.Save"]}]}}],"references":[{"type":"FIX","url":"https://github.com/gorilla/sessions/pull/274"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-2730"}} \ No newline at end of file +{"schema_version":"1.3.1","id":"GO-2024-2730","modified":"2024-05-20T16:03:47Z","published":"2024-04-17T15:34:19Z","withdrawn":"2024-04-17T18:06:23Z","related":["CVE-2024-3400"],"summary":"WITHDRAWN: Directory traversal in FilesystemStore in github.com/gorilla/sessions","details":"(This report has been withdrawn on the grounds that it generates too many false positives. Session IDs are documented as not being suitable to hold user-provided data.)\n\nFilesystemStore does not sanitize the Session.ID value, making it vulnerable to directory traversal attacks. If an attacker has control over the contents of the session ID, this can be exploited to write to arbitrary files in the filesystem.\n\nPrograms which do not set session IDs explicitly, or which only set session IDs that will not be interpreted by the filesystem, are not vulnerable.","affected":[{"package":{"name":"github.com/gorilla/sessions","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/gorilla/sessions","symbols":["CookieStore.Get","FilesystemStore.Get","FilesystemStore.New","FilesystemStore.Save","FilesystemStore.erase","FilesystemStore.load","FilesystemStore.save","Registry.Get","Registry.Save","Save","Session.Save"]}]}}],"references":[{"type":"FIX","url":"https://github.com/gorilla/sessions/pull/274"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-2730","review_status":"REVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2730.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2730.json.gz index 1eb640d3..51742245 100644 Binary files a/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2730.json.gz and b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2730.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2864.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2864.json new file mode 100644 index 00000000..559b643c --- /dev/null +++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2864.json @@ -0,0 +1 @@ +{"schema_version":"1.3.1","id":"GO-2024-2864","modified":"2024-05-20T16:07:13Z","published":"2024-05-20T16:07:13Z","aliases":["CVE-2024-35185","GHSA-fjw8-3gp8-4cvx"],"summary":"Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder","details":"Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder","affected":[{"package":{"name":"github.com/stacklok/minder","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.49"}]}],"ecosystem_specific":{}}],"references":[{"type":"ADVISORY","url":"https://github.com/stacklok/minder/security/advisories/GHSA-fjw8-3gp8-4cvx"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35185"},{"type":"FIX","url":"https://github.com/stacklok/minder/commit/065049336aac0621ee00a0bb2211f8051d47c14b"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-2864","review_status":"UNREVIEWED"}} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2864.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2864.json.gz new file mode 100644 index 00000000..ca22118a Binary files /dev/null and b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2864.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/index/db.json b/tests/screentest/testdata/vulndb-v1/index/db.json index d4c17c2b..4b1ac323 100644 --- a/tests/screentest/testdata/vulndb-v1/index/db.json +++ b/tests/screentest/testdata/vulndb-v1/index/db.json @@ -1 +1 @@ -{"modified":"2024-04-17T19:55:00Z"} \ No newline at end of file +{"modified":"2024-05-20T16:07:13Z"} \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/index/db.json.gz b/tests/screentest/testdata/vulndb-v1/index/db.json.gz index 55493aa2..64249418 100644 Binary files a/tests/screentest/testdata/vulndb-v1/index/db.json.gz and b/tests/screentest/testdata/vulndb-v1/index/db.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/index/modules.json b/tests/screentest/testdata/vulndb-v1/index/modules.json index 57fe6c64..15d681c6 100644 --- a/tests/screentest/testdata/vulndb-v1/index/modules.json +++ b/tests/screentest/testdata/vulndb-v1/index/modules.json @@ -1 +1 @@ -[{"path":"github.com/astaxie/beego","vulns":[{"id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z"},{"id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z"},{"id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z"}]},{"path":"github.com/beego/beego","vulns":[{"id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z","fixed":"1.12.9"},{"id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z","fixed":"1.12.11"},{"id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z"}]},{"path":"github.com/beego/beego/v2","vulns":[{"id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z","fixed":"2.0.3"},{"id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z","fixed":"2.0.4"},{"id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z","fixed":"2.0.3"}]},{"path":"github.com/docker/docker","vulns":[{"id":"GO-2024-2659","modified":"2024-03-22T18:49:03Z","fixed":"26.0.0-rc3+incompatible"}]},{"path":"github.com/gorilla/sessions","vulns":[{"id":"GO-2024-2730","modified":"2024-04-17T19:55:00Z"}]},{"path":"golang.org/x/crypto","vulns":[{"id":"GO-2022-0229","modified":"2023-06-12T18:45:41Z","fixed":"0.0.0-20200124225646-8b5121be2f68"}]},{"path":"stdlib","vulns":[{"id":"GO-2021-0159","modified":"2023-06-12T18:45:41Z","fixed":"1.4.3"},{"id":"GO-2021-0240","modified":"2023-06-12T18:45:41Z","fixed":"1.16.5"},{"id":"GO-2021-0264","modified":"2023-06-12T18:45:41Z","fixed":"1.17.3"},{"id":"GO-2022-0229","modified":"2023-06-12T18:45:41Z","fixed":"1.13.7"},{"id":"GO-2022-0273","modified":"2023-06-12T18:45:41Z","fixed":"1.17.1"}]},{"path":"toolchain","vulns":[{"id":"GO-2021-0068","modified":"2023-06-12T18:45:41Z","fixed":"1.15.7"},{"id":"GO-2022-0475","modified":"2023-06-12T18:45:41Z","fixed":"1.15.5"},{"id":"GO-2022-0476","modified":"2023-06-12T18:45:41Z","fixed":"1.15.5"}]}] \ No newline at end of file +[{"path":"github.com/astaxie/beego","vulns":[{"id":"GO-2022-0463","modified":"2024-05-20T16:03:47Z"},{"id":"GO-2022-0569","modified":"2024-05-20T16:03:47Z"},{"id":"GO-2022-0572","modified":"2024-05-20T16:03:47Z"}]},{"path":"github.com/beego/beego","vulns":[{"id":"GO-2022-0463","modified":"2024-05-20T16:03:47Z","fixed":"1.12.9"},{"id":"GO-2022-0569","modified":"2024-05-20T16:03:47Z","fixed":"1.12.11"},{"id":"GO-2022-0572","modified":"2024-05-20T16:03:47Z"}]},{"path":"github.com/beego/beego/v2","vulns":[{"id":"GO-2022-0463","modified":"2024-05-20T16:03:47Z","fixed":"2.0.3"},{"id":"GO-2022-0569","modified":"2024-05-20T16:03:47Z","fixed":"2.0.4"},{"id":"GO-2022-0572","modified":"2024-05-20T16:03:47Z","fixed":"2.0.3"}]},{"path":"github.com/docker/docker","vulns":[{"id":"GO-2024-2659","modified":"2024-05-20T16:03:47Z","fixed":"26.0.0-rc3+incompatible"}]},{"path":"github.com/gorilla/sessions","vulns":[{"id":"GO-2024-2730","modified":"2024-05-20T16:03:47Z"}]},{"path":"github.com/stacklok/minder","vulns":[{"id":"GO-2024-2864","modified":"2024-05-20T16:07:13Z","fixed":"0.0.49"}]},{"path":"golang.org/x/crypto","vulns":[{"id":"GO-2022-0229","modified":"2024-05-20T16:03:47Z","fixed":"0.0.0-20200124225646-8b5121be2f68"}]},{"path":"stdlib","vulns":[{"id":"GO-2021-0159","modified":"2024-05-20T16:03:47Z","fixed":"1.4.3"},{"id":"GO-2021-0240","modified":"2024-05-20T16:03:47Z","fixed":"1.16.5"},{"id":"GO-2021-0264","modified":"2024-05-20T16:03:47Z","fixed":"1.17.3"},{"id":"GO-2022-0229","modified":"2024-05-20T16:03:47Z","fixed":"1.13.7"},{"id":"GO-2022-0273","modified":"2024-05-20T16:03:47Z","fixed":"1.17.1"}]},{"path":"toolchain","vulns":[{"id":"GO-2021-0068","modified":"2024-05-20T16:03:47Z","fixed":"1.15.7"},{"id":"GO-2022-0475","modified":"2024-05-20T16:03:47Z","fixed":"1.15.5"},{"id":"GO-2022-0476","modified":"2024-05-20T16:03:47Z","fixed":"1.15.5"}]}] \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/index/modules.json.gz b/tests/screentest/testdata/vulndb-v1/index/modules.json.gz index 166b8fcb..eaa636c2 100644 Binary files a/tests/screentest/testdata/vulndb-v1/index/modules.json.gz and b/tests/screentest/testdata/vulndb-v1/index/modules.json.gz differ diff --git a/tests/screentest/testdata/vulndb-v1/index/vulns.json b/tests/screentest/testdata/vulndb-v1/index/vulns.json index d6710b48..31a50bde 100644 --- a/tests/screentest/testdata/vulndb-v1/index/vulns.json +++ b/tests/screentest/testdata/vulndb-v1/index/vulns.json @@ -1 +1 @@ -[{"id":"GO-2021-0068","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2021-3115"]},{"id":"GO-2021-0159","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2015-5739","CVE-2015-5740","CVE-2015-5741"]},{"id":"GO-2021-0240","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2021-33196"]},{"id":"GO-2021-0264","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2021-41772"]},{"id":"GO-2022-0229","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2020-7919","GHSA-cjjc-xp8v-855w"]},{"id":"GO-2022-0273","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2021-39293"]},{"id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z","aliases":["CVE-2022-31259","GHSA-qx32-f6g6-fcfr"]},{"id":"GO-2022-0475","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2020-28366"]},{"id":"GO-2022-0476","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2020-28367"]},{"id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2022-31836","GHSA-95f9-94vc-665h"]},{"id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z","aliases":["CVE-2021-30080","GHSA-28r6-jm5h-mrgg"]},{"id":"GO-2024-2659","modified":"2024-03-22T18:49:03Z","aliases":["CVE-2024-29018","GHSA-mq39-4gv4-mvpx"]},{"id":"GO-2024-2730","modified":"2024-04-17T19:55:00Z"}] \ No newline at end of file +[{"id":"GO-2021-0068","modified":"2024-05-20T16:03:47Z","aliases":["CVE-2021-3115"]},{"id":"GO-2021-0159","modified":"2024-05-20T16:03:47Z","aliases":["CVE-2015-5739","CVE-2015-5740","CVE-2015-5741"]},{"id":"GO-2021-0240","modified":"2024-05-20T16:03:47Z","aliases":["CVE-2021-33196"]},{"id":"GO-2021-0264","modified":"2024-05-20T16:03:47Z","aliases":["CVE-2021-41772"]},{"id":"GO-2022-0229","modified":"2024-05-20T16:03:47Z","aliases":["CVE-2020-7919","GHSA-cjjc-xp8v-855w"]},{"id":"GO-2022-0273","modified":"2024-05-20T16:03:47Z","aliases":["CVE-2021-39293"]},{"id":"GO-2022-0463","modified":"2024-05-20T16:03:47Z","aliases":["CVE-2022-31259","GHSA-qx32-f6g6-fcfr"]},{"id":"GO-2022-0475","modified":"2024-05-20T16:03:47Z","aliases":["CVE-2020-28366"]},{"id":"GO-2022-0476","modified":"2024-05-20T16:03:47Z","aliases":["CVE-2020-28367"]},{"id":"GO-2022-0569","modified":"2024-05-20T16:03:47Z","aliases":["CVE-2022-31836","GHSA-95f9-94vc-665h"]},{"id":"GO-2022-0572","modified":"2024-05-20T16:03:47Z","aliases":["CVE-2021-30080","GHSA-28r6-jm5h-mrgg"]},{"id":"GO-2024-2659","modified":"2024-05-20T16:03:47Z","aliases":["CVE-2024-29018","GHSA-mq39-4gv4-mvpx"]},{"id":"GO-2024-2730","modified":"2024-05-20T16:03:47Z"},{"id":"GO-2024-2864","modified":"2024-05-20T16:07:13Z","aliases":["CVE-2024-35185","GHSA-fjw8-3gp8-4cvx"]}] \ No newline at end of file diff --git a/tests/screentest/testdata/vulndb-v1/index/vulns.json.gz b/tests/screentest/testdata/vulndb-v1/index/vulns.json.gz index 0a832bf5..51a4e6c1 100644 Binary files a/tests/screentest/testdata/vulndb-v1/index/vulns.json.gz and b/tests/screentest/testdata/vulndb-v1/index/vulns.json.gz differ -- cgit v1.3-5-g9baa