Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vuln/internal/client: TestMustUseIndex failures #58980

Closed
gopherbot opened this issue Mar 11, 2023 · 4 comments
Closed

x/vuln/internal/client: TestMustUseIndex failures #58980

gopherbot opened this issue Mar 11, 2023 · 4 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned

Comments

@gopherbot
Copy link
Contributor 

#!watchflakes
post <- pkg == "golang.org/x/vuln/internal/client" && test == "TestMustUseIndex"

Issue created automatically to collect these failures.

Example (log):

2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "  {\n        \"package\": {\n          \"name\": \"github.com/beego/beego\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"1.12.9\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego\",\n              \"symbols\": [\n                \"App.Run\",\n                \"ControllerRegister.FindPolicy\",\n                \"ControllerRegister.FindRouter\",\n                \"ControllerRegister.ServeHTTP\",\n                \"FilterRouter.ValidRouter\",\n                \"InitBeegoBeforeTest\",\n                \"Run\",\n                \"RunWithMiddleWares\",\n                \"TestBeegoInit\",\n                \"Tree.Match\",\n                \"Tree.match\",\n                \"adminApp.Run\"\n              ]\n            }\n          ]\n        }\n      },\n      {\n        \"package\": {\n          \"name\": \"github.com/beego/beego/v2\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"2.0.3\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego/v2/server/web\",\n              \"symbols\": [\n                \"AddNamespace\",\n                \"Any\",\n                \"AutoPrefix\",\n                \"AutoRouter\",\n                \"Compare\",\n                \"CompareNot\",\n                \"Controller.Bind\",\n                \"Controller.BindForm\",\n                \"Controller.BindXML\",\n                \"Controller.BindYAML\",\n                \"Controller.GetSecureCookie\",\n                \"Controller.ParseForm\",\n                "; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "  {\n        \"package\": {\n          \"name\": \"github.com/beego/beego\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"1.12.9\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego\",\n              \"symbols\": [\n                \"App.Run\",\n                \"ControllerRegister.FindPolicy\",\n                \"ControllerRegister.FindRouter\",\n                \"ControllerRegister.ServeHTTP\",\n                \"FilterRouter.ValidRouter\",\n                \"InitBeegoBeforeTest\",\n                \"Run\",\n                \"RunWithMiddleWares\",\n                \"TestBeegoInit\",\n                \"Tree.Match\",\n                \"Tree.match\",\n                \"adminApp.Run\"\n              ]\n            }\n          ]\n        }\n      },\n      {\n        \"package\": {\n          \"name\": \"github.com/beego/beego/v2\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"2.0.3\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego/v2/server/web\",\n              \"symbols\": [\n                \"AddNamespace\",\n                \"Any\",\n                \"AutoPrefix\",\n                \"AutoRouter\",\n                \"Compare\",\n                \"CompareNot\",\n                \"Controller.Bind\",\n                \"Controller.BindForm\",\n                \"Controller.BindXML\",\n                \"Controller.BindYAML\",\n                \"Controller.GetSecureCookie\",\n                \"Controller.ParseForm\",\n                "; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "  {\n        \"package\": {\n          \"name\": \"github.com/beego/beego\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"1.12.9\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego\",\n              \"symbols\": [\n                \"App.Run\",\n                \"ControllerRegister.FindPolicy\",\n                \"ControllerRegister.FindRouter\",\n                \"ControllerRegister.ServeHTTP\",\n                \"FilterRouter.ValidRouter\",\n                \"InitBeegoBeforeTest\",\n                \"Run\",\n                \"RunWithMiddleWares\",\n                \"TestBeegoInit\",\n                \"Tree.Match\",\n                \"Tree.match\",\n                \"adminApp.Run\"\n              ]\n            }\n          ]\n        }\n      },\n      {\n        \"package\": {\n          \"name\": \"github.com/beego/beego/v2\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"2.0.3\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego/v2/server/web\",\n              \"symbols\": [\n                \"AddNamespace\",\n                \"Any\",\n                \"AutoPrefix\",\n                \"AutoRouter\",\n                \"Compare\",\n                \"CompareNot\",\n                \"Controller.Bind\",\n                \"Controller.BindForm\",\n                \"Controller.BindXML\",\n                \"Controller.BindYAML\",\n                \"Controller.GetSecureCookie\",\n                \"Controller.ParseForm\",\n                "; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with " \"ecosystem\": \"Go\"\n                },\n                \"ranges\": [\n                    {\n                        \"type\": \"SEMVER\",\n                        \"events\": [\n                            {\n                                \"introduced\": \"0\"\n                            },\n                            {\n                                \"fixed\": \"1.6.6\"\n                            }\n                        ]\n                    }\n                ],\n                \"database_specific\": {\n                    \"url\": \"https://pkg.go.dev/vuln/GO-2021-0054\"\n                },\n                \"ecosystem_specific\": {\n                    \"imports\": [\n                        {\n                            \"path\": \"github.com/tidwall/gjson\",\n                            \"symbols\": [\n                                \"Result.ForEach\",\n                                \"unwrap\"\n                            ]\n                        }\n                    ]\n                }\n            }\n        ],\n        \"references\": [\n            {\n                \"type\": \"FIX\",\n                \"url\": \"https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b\"\n            },\n            {\n                \"type\": \"WEB\",\n                \"url\": \"https://github.com/tidwall/gjson/issues/196\"\n            },\n            {\n                \"type\": \"WEB\",\n                \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-36067\"\n            }\n        ]\n    },\n    {\n        \"id\": \"GO-2021-0059\",\n        \"published\": \"2021-04-14T20:04:52Z\",\n        \"modified\": \"2022-08-19T22:21:47Z\",\n        \"aliases\": [\n            \"CVE-2020-35380\",\n            \"GHSA-w942-gw6m-p62c\"\n        ],\n        \"details\": \"Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.\",\n        \"affected\": [\n            {\n                \"package\": {\n                    \"name\": \"github.com/tidwall/gjson\",\n                    \"ecosystem\": \"Go\"\n                },\n                \"ranges\": [\n                    {\n                        \"type\": \"SEMVER\",\n                        \"events\": [\n                            {\n                                \"introduced\": \"0\"\n                            },\n                            {\n                                \"fixed\": \"1.6.4\"\n                            }\n                        ]\n                    }\n                ],\n                \"database_specific\": {\n                    \"url\": \"https://pkg.go.dev/vuln/GO-2021-0059\"\n                },\n                \"ecosystem_specific\": {\n                    \"imports\": [\n                        {\n                            \"path\": \"github.com/tidwall/gjson\",\n                            \"symbols\": [\n                                \"sqaush\"\n                            ]\n                        }\n                    ]\n                }\n            }\n        ],\n        \"references\": [\n            {\n                \"type\": \"FIX\",\n                \"url\": \"https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc\"\n            },\n            {"; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with " \"ecosystem\": \"Go\"\n                },\n                \"ranges\": [\n                    {\n                        \"type\": \"SEMVER\",\n                        \"events\": [\n                            {\n                                \"introduced\": \"0\"\n                            },\n                            {\n                                \"fixed\": \"1.6.6\"\n                            }\n                        ]\n                    }\n                ],\n                \"database_specific\": {\n                    \"url\": \"https://pkg.go.dev/vuln/GO-2021-0054\"\n                },\n                \"ecosystem_specific\": {\n                    \"imports\": [\n                        {\n                            \"path\": \"github.com/tidwall/gjson\",\n                            \"symbols\": [\n                                \"Result.ForEach\",\n                                \"unwrap\"\n                            ]\n                        }\n                    ]\n                }\n            }\n        ],\n        \"references\": [\n            {\n                \"type\": \"FIX\",\n                \"url\": \"https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b\"\n            },\n            {\n                \"type\": \"WEB\",\n                \"url\": \"https://github.com/tidwall/gjson/issues/196\"\n            },\n            {\n                \"type\": \"WEB\",\n                \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-36067\"\n            }\n        ]\n    },\n    {\n        \"id\": \"GO-2021-0059\",\n        \"published\": \"2021-04-14T20:04:52Z\",\n        \"modified\": \"2022-08-19T22:21:47Z\",\n        \"aliases\": [\n            \"CVE-2020-35380\",\n            \"GHSA-w942-gw6m-p62c\"\n        ],\n        \"details\": \"Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.\",\n        \"affected\": [\n            {\n                \"package\": {\n                    \"name\": \"github.com/tidwall/gjson\",\n                    \"ecosystem\": \"Go\"\n                },\n                \"ranges\": [\n                    {\n                        \"type\": \"SEMVER\",\n                        \"events\": [\n                            {\n                                \"introduced\": \"0\"\n                            },\n                            {\n                                \"fixed\": \"1.6.4\"\n                            }\n                        ]\n                    }\n                ],\n                \"database_specific\": {\n                    \"url\": \"https://pkg.go.dev/vuln/GO-2021-0059\"\n                },\n                \"ecosystem_specific\": {\n                    \"imports\": [\n                        {\n                            \"path\": \"github.com/tidwall/gjson\",\n                            \"symbols\": [\n                                \"sqaush\"\n                            ]\n                        }\n                    ]\n                }\n            }\n        ],\n        \"references\": [\n            {\n                \"type\": \"FIX\",\n                \"url\": \"https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc\"\n            },\n            {"; err=<nil>
--- FAIL: TestMustUseIndex (0.00s)
    client_test.go:204: GetByModule("github.com/tidwall/gjson"): httpSource.GetByModule("github.com/tidwall/gjson"): Get "http://127.0.0.1:42566/github.com/tidwall/gjson.json": net/http: HTTP/1.x transport connection broken: malformed HTTP status code "{"
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "       \"name\": \"github.com/beego/beego\",\n        \"ecosystem\": \"Go\"\n      },\n      \"ranges\": [\n        {\n          \"type\": \"SEMVER\",\n          \"events\": [\n            {\n              \"introduced\": \"0\"\n            },\n            {\n              \"fixed\": \"1.12.9\"\n            }\n          ]\n        }\n      ],\n      \"database_specific\": {\n        \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n      },\n      \"ecosystem_specific\": {\n        \"imports\": [\n          {\n            \"path\": \"github.com/beego/beego\",\n            \"symbols\": [\n              \"App.Run\",\n              \"ControllerRegister.FindPolicy\",\n              \"ControllerRegister.FindRouter\",\n              \"ControllerRegister.ServeHTTP\",\n              \"FilterRouter.ValidRouter\",\n              \"InitBeegoBeforeTest\",\n              \"Run\",\n              \"RunWithMiddleWares\",\n              \"TestBeegoInit\",\n              \"Tree.Match\",\n              \"Tree.match\",\n              \"adminApp.Run\"\n            ]\n          }\n        ]\n      }\n    },\n    {\n      \"package\": {\n        \"name\": \"github.com/beego/beego/v2\",\n        \"ecosystem\": \"Go\"\n      },\n      \"ranges\": [\n        {\n          \"type\": \"SEMVER\",\n          \"events\": [\n            {\n              \"introduced\": \"0\"\n            },\n            {\n              \"fixed\": \"2.0.3\"\n            }\n          ]\n        }\n      ],\n      \"database_specific\": {\n        \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n      },\n      \"ecosystem_specific\": {\n        \"imports\": [\n          {\n            \"path\": \"github.com/beego/beego/v2/server/web\",\n            \"symbols\": [\n              \"AddNamespace\",\n              \"Any\",\n              \"AutoPrefix\",\n              \"AutoRouter\",\n              \"Compare\",\n              \"CompareNot\",\n              \"Controller.Bind\",\n              \"Controller.BindForm\",\n              \"Controller.BindXML\",\n              \"Controller.BindYAML\",\n              \"Controller.GetSecureCookie\",\n              \"Controller.ParseForm\",\n              \"Controller.Render\",\n              \"Controller.RenderBytes\",\n              \"Controller.RenderString\",\n              \"Controller.Resp\",\n              \"Controller.SaveToFile\",\n              \"Controller.ServeFormatted\",\n              \"Controller.ServeXML\",\n              \"Controller.ServeYAML\",\n              \"Controller.SetSecureCookie\",\n              \"Controller.Trace\",\n              \"Controller.URLFor\",\n              \"Controller.XMLResp\",\n              \"Controller.XSRFFormHTML\",\n              \"Controller.XSRFToken\",\n              \"Controller.YamlResp\",\n              \"ControllerRegister.Add\",\n              \"ControllerRegister.AddAuto\",\n              \"ControllerRegister.AddAutoPrefix\",\n              \"ControllerRegister.AddMethod\",\n              \"ControllerRegister.AddRouterMethod\",\n              \"ControllerRegister.Any\",\n              \"ControllerRegister.CtrlAny\",\n              \"ControllerRegister.CtrlDelete\",\n              \"ControllerRegister.CtrlGet\",\n              \"ControllerRegister.CtrlHead\",\n              \"ControllerRegister.CtrlOptions\",\n              \"ControllerRegister.CtrlPatch\""; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "       \"name\": \"github.com/beego/beego\",\n        \"ecosystem\": \"Go\"\n      },\n      \"ranges\": [\n        {\n          \"type\": \"SEMVER\",\n          \"events\": [\n            {\n              \"introduced\": \"0\"\n            },\n            {\n              \"fixed\": \"1.12.9\"\n            }\n          ]\n        }\n      ],\n      \"database_specific\": {\n        \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n      },\n      \"ecosystem_specific\": {\n        \"imports\": [\n          {\n            \"path\": \"github.com/beego/beego\",\n            \"symbols\": [\n              \"App.Run\",\n              \"ControllerRegister.FindPolicy\",\n              \"ControllerRegister.FindRouter\",\n              \"ControllerRegister.ServeHTTP\",\n              \"FilterRouter.ValidRouter\",\n              \"InitBeegoBeforeTest\",\n              \"Run\",\n              \"RunWithMiddleWares\",\n              \"TestBeegoInit\",\n              \"Tree.Match\",\n              \"Tree.match\",\n              \"adminApp.Run\"\n            ]\n          }\n        ]\n      }\n    },\n    {\n      \"package\": {\n        \"name\": \"github.com/beego/beego/v2\",\n        \"ecosystem\": \"Go\"\n      },\n      \"ranges\": [\n        {\n          \"type\": \"SEMVER\",\n          \"events\": [\n            {\n              \"introduced\": \"0\"\n            },\n            {\n              \"fixed\": \"2.0.3\"\n            }\n          ]\n        }\n      ],\n      \"database_specific\": {\n        \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n      },\n      \"ecosystem_specific\": {\n        \"imports\": [\n          {\n            \"path\": \"github.com/beego/beego/v2/server/web\",\n            \"symbols\": [\n              \"AddNamespace\",\n              \"Any\",\n              \"AutoPrefix\",\n              \"AutoRouter\",\n              \"Compare\",\n              \"CompareNot\",\n              \"Controller.Bind\",\n              \"Controller.BindForm\",\n              \"Controller.BindXML\",\n              \"Controller.BindYAML\",\n              \"Controller.GetSecureCookie\",\n              \"Controller.ParseForm\",\n              \"Controller.Render\",\n              \"Controller.RenderBytes\",\n              \"Controller.RenderString\",\n              \"Controller.Resp\",\n              \"Controller.SaveToFile\",\n              \"Controller.ServeFormatted\",\n              \"Controller.ServeXML\",\n              \"Controller.ServeYAML\",\n              \"Controller.SetSecureCookie\",\n              \"Controller.Trace\",\n              \"Controller.URLFor\",\n              \"Controller.XMLResp\",\n              \"Controller.XSRFFormHTML\",\n              \"Controller.XSRFToken\",\n              \"Controller.YamlResp\",\n              \"ControllerRegister.Add\",\n              \"ControllerRegister.AddAuto\",\n              \"ControllerRegister.AddAutoPrefix\",\n              \"ControllerRegister.AddMethod\",\n              \"ControllerRegister.AddRouterMethod\",\n              \"ControllerRegister.Any\",\n              \"ControllerRegister.CtrlAny\",\n              \"ControllerRegister.CtrlDelete\",\n              \"ControllerRegister.CtrlGet\",\n              \"ControllerRegister.CtrlHead\",\n              \"ControllerRegister.CtrlOptions\",\n              \"ControllerRegister.CtrlPatch\""; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "60\"\n  ],\n  \"CVE-2016-15005\": [\n    \"GO-2020-0045\"\n  ],\n  \"CVE-2016-3697\": [\n    \"GO-2021-0070\"\n  ],\n  \"CVE-2016-3958\": [\n    \"GO-2021-0163\"\n  ],\n  \"CVE-2016-3959\": [\n    \"GO-2022-0166\"\n  ],\n  \"CVE-2016-5386\": [\n    \"GO-2022-0761\"\n  ],\n  \"CVE-2016-9121\": [\n    \"GO-2020-0010\"\n  ],\n  \"CVE-2016-9122\": [\n    \"GO-2020-0011\",\n    \"GO-2022-0945\"\n  ],\n  \"CVE-2016-9123\": [\n    \"GO-2020-0009\"\n  ],\n  \"CVE-2017-1000097\": [\n    \"GO-2022-0171\"\n  ],\n  \"CVE-2017-1000098\": [\n    \"GO-2021-0172\"\n  ],\n  \"CVE-2017-11468\": [\n    \"GO-2021-0072\"\n  ],\n  \"CVE-2017-11480\": [\n    \"GO-2022-0643\"\n  ],\n  \"CVE-2017-15041\": [\n    \"GO-2022-0177\"\n  ],\n  \"CVE-2017-15042\": [\n    \"GO-2021-0178\"\n  ],\n  \"CVE-2017-15133\": [\n    \"GO-2020-0006\"\n  ],\n  \"CVE-2017-17831\": [\n    \"GO-2021-0073\"\n  ],\n  \"CVE-2017-18367\": [\n    \"GO-2020-0007\"\n  ],\n  \"CVE-2017-20146\": [\n    \"GO-2020-0020\"\n  ],\n  \"CVE-2017-3204\": [\n    \"GO-2020-0013\"\n  ],\n  \"CVE-2017-8932\": [\n    \"GO-2022-0187\"\n  ],\n  \"CVE-2018-1103\": [\n    \"GO-2020-0026\"\n  ],\n  \"CVE-2018-12018\": [\n    \"GO-2021-0075\"\n  ],\n  \"CVE-2018-14632\": [\n    \"GO-2021-0076\"\n  ],\n  \"CVE-2018-16873\": [\n    \"GO-2022-0189\"\n  ],\n  \"CVE-2018-16874\": [\n"; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "nonicalMIMEHeaderKey\",\"canonicalMIMEHeaderKey\"]}]}}],\"references\":[{\"type\":\"FIX\",\"url\":\"https://go.dev/cl/11772\"},{\"type\":\"FIX\",\"url\":\"https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9\"},{\"type\":\"REPORT\",\"url\":\"https://go.dev/issue/53035\"},{\"type\":\"WEB\",\"url\":\"https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ\"}]}\n"; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "{\"url\":\"https://pkg.go.dev/vuln/GO-2021-0159\"},\"ecosystem_specific\":{\"imports\":[{\"path\":\"net/http\",\"symbols\":[\"CanonicalMIMEHeaderKey\",\"body.readLocked\",\"canonicalMIMEHeaderKey\",\"chunkWriter.writeHeader\",\"fixLength\",\"fixTransferEncoding\",\"readTransfer\",\"transferWriter.shouldSendContentLength\",\"validHeaderFieldByte\"]}]}}],\"references\":[{\"type\":\"FIX\",\"url\":\"https://go.dev/cl/13148\"},{\"type\":\"FIX\",\"url\":\"https://go.googlesource.com/go/+/26049f6f9171d1190f3bbe05ec304845cfe6399f\"},{\"type\":\"FIX\",\"url\":\"https://go.dev/cl/11772\"},{\"type\":\"FIX\",\"url\":\"https://go.dev/cl/11810\"},{\"type\":\"FIX\",\"url\":\"https://go.dev/cl/12865\"},{\"type\":\"FIX\",\"url\":\"https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9\"},{\"type\":\"FIX\",\"url\":\"https://go.googlesource.com/go/+/300d9a21583e7cf0149a778a0611e76ff7c6680f\"},{\"type\":\"FIX\",\"url\":\"https://go.googlesource.com/go/+/c2db5f4ccc61ba7df96a747e268a277b802cbb87\"},{\"type\":\"REPORT\",\"url\":\"https://go.dev/issue/12027\"},{\"type\":\"REPORT\",\"url\":\"https://go.dev/issue/11930\"},{\"type\":\"WEB\",\"url\":\"https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ\"}]}\n"; err=<nil>

watchflakes
@gopherbot gopherbot added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Mar 11, 2023
@gopherbot
Copy link
Contributor Author

Found new dashboard test flakes for:

#!watchflakes
post <- pkg == "golang.org/x/vuln/internal/client" && test == "TestMustUseIndex"
2023-03-10 18:54 illumos-amd64 vuln@902f7583 go@53c91f92 x/vuln/internal/client.TestMustUseIndex (log) 
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "  {\n        \"package\": {\n          \"name\": \"github.com/beego/beego\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"1.12.9\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego\",\n              \"symbols\": [\n                \"App.Run\",\n                \"ControllerRegister.FindPolicy\",\n                \"ControllerRegister.FindRouter\",\n                \"ControllerRegister.ServeHTTP\",\n                \"FilterRouter.ValidRouter\",\n                \"InitBeegoBeforeTest\",\n                \"Run\",\n                \"RunWithMiddleWares\",\n                \"TestBeegoInit\",\n                \"Tree.Match\",\n                \"Tree.match\",\n                \"adminApp.Run\"\n              ]\n            }\n          ]\n        }\n      },\n      {\n        \"package\": {\n          \"name\": \"github.com/beego/beego/v2\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"2.0.3\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego/v2/server/web\",\n              \"symbols\": [\n                \"AddNamespace\",\n                \"Any\",\n                \"AutoPrefix\",\n                \"AutoRouter\",\n                \"Compare\",\n                \"CompareNot\",\n                \"Controller.Bind\",\n                \"Controller.BindForm\",\n                \"Controller.BindXML\",\n                \"Controller.BindYAML\",\n                \"Controller.GetSecureCookie\",\n                \"Controller.ParseForm\",\n                "; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "  {\n        \"package\": {\n          \"name\": \"github.com/beego/beego\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"1.12.9\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego\",\n              \"symbols\": [\n                \"App.Run\",\n                \"ControllerRegister.FindPolicy\",\n                \"ControllerRegister.FindRouter\",\n                \"ControllerRegister.ServeHTTP\",\n                \"FilterRouter.ValidRouter\",\n                \"InitBeegoBeforeTest\",\n                \"Run\",\n                \"RunWithMiddleWares\",\n                \"TestBeegoInit\",\n                \"Tree.Match\",\n                \"Tree.match\",\n                \"adminApp.Run\"\n              ]\n            }\n          ]\n        }\n      },\n      {\n        \"package\": {\n          \"name\": \"github.com/beego/beego/v2\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"2.0.3\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego/v2/server/web\",\n              \"symbols\": [\n                \"AddNamespace\",\n                \"Any\",\n                \"AutoPrefix\",\n                \"AutoRouter\",\n                \"Compare\",\n                \"CompareNot\",\n                \"Controller.Bind\",\n                \"Controller.BindForm\",\n                \"Controller.BindXML\",\n                \"Controller.BindYAML\",\n                \"Controller.GetSecureCookie\",\n                \"Controller.ParseForm\",\n                "; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "  {\n        \"package\": {\n          \"name\": \"github.com/beego/beego\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"1.12.9\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego\",\n              \"symbols\": [\n                \"App.Run\",\n                \"ControllerRegister.FindPolicy\",\n                \"ControllerRegister.FindRouter\",\n                \"ControllerRegister.ServeHTTP\",\n                \"FilterRouter.ValidRouter\",\n                \"InitBeegoBeforeTest\",\n                \"Run\",\n                \"RunWithMiddleWares\",\n                \"TestBeegoInit\",\n                \"Tree.Match\",\n                \"Tree.match\",\n                \"adminApp.Run\"\n              ]\n            }\n          ]\n        }\n      },\n      {\n        \"package\": {\n          \"name\": \"github.com/beego/beego/v2\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"2.0.3\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego/v2/server/web\",\n              \"symbols\": [\n                \"AddNamespace\",\n                \"Any\",\n                \"AutoPrefix\",\n                \"AutoRouter\",\n                \"Compare\",\n                \"CompareNot\",\n                \"Controller.Bind\",\n                \"Controller.BindForm\",\n                \"Controller.BindXML\",\n                \"Controller.BindYAML\",\n                \"Controller.GetSecureCookie\",\n                \"Controller.ParseForm\",\n                "; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with " \"ecosystem\": \"Go\"\n                },\n                \"ranges\": [\n                    {\n                        \"type\": \"SEMVER\",\n                        \"events\": [\n                            {\n                                \"introduced\": \"0\"\n                            },\n                            {\n                                \"fixed\": \"1.6.6\"\n                            }\n                        ]\n                    }\n                ],\n                \"database_specific\": {\n                    \"url\": \"https://pkg.go.dev/vuln/GO-2021-0054\"\n                },\n                \"ecosystem_specific\": {\n                    \"imports\": [\n                        {\n                            \"path\": \"github.com/tidwall/gjson\",\n                            \"symbols\": [\n                                \"Result.ForEach\",\n                                \"unwrap\"\n                            ]\n                        }\n                    ]\n                }\n            }\n        ],\n        \"references\": [\n            {\n                \"type\": \"FIX\",\n                \"url\": \"https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b\"\n            },\n            {\n                \"type\": \"WEB\",\n                \"url\": \"https://github.com/tidwall/gjson/issues/196\"\n            },\n            {\n                \"type\": \"WEB\",\n                \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-36067\"\n            }\n        ]\n    },\n    {\n        \"id\": \"GO-2021-0059\",\n        \"published\": \"2021-04-14T20:04:52Z\",\n        \"modified\": \"2022-08-19T22:21:47Z\",\n        \"aliases\": [\n            \"CVE-2020-35380\",\n            \"GHSA-w942-gw6m-p62c\"\n        ],\n        \"details\": \"Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.\",\n        \"affected\": [\n            {\n                \"package\": {\n                    \"name\": \"github.com/tidwall/gjson\",\n                    \"ecosystem\": \"Go\"\n                },\n                \"ranges\": [\n                    {\n                        \"type\": \"SEMVER\",\n                        \"events\": [\n                            {\n                                \"introduced\": \"0\"\n                            },\n                            {\n                                \"fixed\": \"1.6.4\"\n                            }\n                        ]\n                    }\n                ],\n                \"database_specific\": {\n                    \"url\": \"https://pkg.go.dev/vuln/GO-2021-0059\"\n                },\n                \"ecosystem_specific\": {\n                    \"imports\": [\n                        {\n                            \"path\": \"github.com/tidwall/gjson\",\n                            \"symbols\": [\n                                \"sqaush\"\n                            ]\n                        }\n                    ]\n                }\n            }\n        ],\n        \"references\": [\n            {\n                \"type\": \"FIX\",\n                \"url\": \"https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc\"\n            },\n            {"; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with " \"ecosystem\": \"Go\"\n                },\n                \"ranges\": [\n                    {\n                        \"type\": \"SEMVER\",\n                        \"events\": [\n                            {\n                                \"introduced\": \"0\"\n                            },\n                            {\n                                \"fixed\": \"1.6.6\"\n                            }\n                        ]\n                    }\n                ],\n                \"database_specific\": {\n                    \"url\": \"https://pkg.go.dev/vuln/GO-2021-0054\"\n                },\n                \"ecosystem_specific\": {\n                    \"imports\": [\n                        {\n                            \"path\": \"github.com/tidwall/gjson\",\n                            \"symbols\": [\n                                \"Result.ForEach\",\n                                \"unwrap\"\n                            ]\n                        }\n                    ]\n                }\n            }\n        ],\n        \"references\": [\n            {\n                \"type\": \"FIX\",\n                \"url\": \"https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b\"\n            },\n            {\n                \"type\": \"WEB\",\n                \"url\": \"https://github.com/tidwall/gjson/issues/196\"\n            },\n            {\n                \"type\": \"WEB\",\n                \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-36067\"\n            }\n        ]\n    },\n    {\n        \"id\": \"GO-2021-0059\",\n        \"published\": \"2021-04-14T20:04:52Z\",\n        \"modified\": \"2022-08-19T22:21:47Z\",\n        \"aliases\": [\n            \"CVE-2020-35380\",\n            \"GHSA-w942-gw6m-p62c\"\n        ],\n        \"details\": \"Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.\",\n        \"affected\": [\n            {\n                \"package\": {\n                    \"name\": \"github.com/tidwall/gjson\",\n                    \"ecosystem\": \"Go\"\n                },\n                \"ranges\": [\n                    {\n                        \"type\": \"SEMVER\",\n                        \"events\": [\n                            {\n                                \"introduced\": \"0\"\n                            },\n                            {\n                                \"fixed\": \"1.6.4\"\n                            }\n                        ]\n                    }\n                ],\n                \"database_specific\": {\n                    \"url\": \"https://pkg.go.dev/vuln/GO-2021-0059\"\n                },\n                \"ecosystem_specific\": {\n                    \"imports\": [\n                        {\n                            \"path\": \"github.com/tidwall/gjson\",\n                            \"symbols\": [\n                                \"sqaush\"\n                            ]\n                        }\n                    ]\n                }\n            }\n        ],\n        \"references\": [\n            {\n                \"type\": \"FIX\",\n                \"url\": \"https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc\"\n            },\n            {"; err=<nil>
--- FAIL: TestMustUseIndex (0.00s)
    client_test.go:204: GetByModule("github.com/tidwall/gjson"): httpSource.GetByModule("github.com/tidwall/gjson"): Get "http://127.0.0.1:42566/github.com/tidwall/gjson.json": net/http: HTTP/1.x transport connection broken: malformed HTTP status code "{"
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "       \"name\": \"github.com/beego/beego\",\n        \"ecosystem\": \"Go\"\n      },\n      \"ranges\": [\n        {\n          \"type\": \"SEMVER\",\n          \"events\": [\n            {\n              \"introduced\": \"0\"\n            },\n            {\n              \"fixed\": \"1.12.9\"\n            }\n          ]\n        }\n      ],\n      \"database_specific\": {\n        \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n      },\n      \"ecosystem_specific\": {\n        \"imports\": [\n          {\n            \"path\": \"github.com/beego/beego\",\n            \"symbols\": [\n              \"App.Run\",\n              \"ControllerRegister.FindPolicy\",\n              \"ControllerRegister.FindRouter\",\n              \"ControllerRegister.ServeHTTP\",\n              \"FilterRouter.ValidRouter\",\n              \"InitBeegoBeforeTest\",\n              \"Run\",\n              \"RunWithMiddleWares\",\n              \"TestBeegoInit\",\n              \"Tree.Match\",\n              \"Tree.match\",\n              \"adminApp.Run\"\n            ]\n          }\n        ]\n      }\n    },\n    {\n      \"package\": {\n        \"name\": \"github.com/beego/beego/v2\",\n        \"ecosystem\": \"Go\"\n      },\n      \"ranges\": [\n        {\n          \"type\": \"SEMVER\",\n          \"events\": [\n            {\n              \"introduced\": \"0\"\n            },\n            {\n              \"fixed\": \"2.0.3\"\n            }\n          ]\n        }\n      ],\n      \"database_specific\": {\n        \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n      },\n      \"ecosystem_specific\": {\n        \"imports\": [\n          {\n            \"path\": \"github.com/beego/beego/v2/server/web\",\n            \"symbols\": [\n              \"AddNamespace\",\n              \"Any\",\n              \"AutoPrefix\",\n              \"AutoRouter\",\n              \"Compare\",\n              \"CompareNot\",\n              \"Controller.Bind\",\n              \"Controller.BindForm\",\n              \"Controller.BindXML\",\n              \"Controller.BindYAML\",\n              \"Controller.GetSecureCookie\",\n              \"Controller.ParseForm\",\n              \"Controller.Render\",\n              \"Controller.RenderBytes\",\n              \"Controller.RenderString\",\n              \"Controller.Resp\",\n              \"Controller.SaveToFile\",\n              \"Controller.ServeFormatted\",\n              \"Controller.ServeXML\",\n              \"Controller.ServeYAML\",\n              \"Controller.SetSecureCookie\",\n              \"Controller.Trace\",\n              \"Controller.URLFor\",\n              \"Controller.XMLResp\",\n              \"Controller.XSRFFormHTML\",\n              \"Controller.XSRFToken\",\n              \"Controller.YamlResp\",\n              \"ControllerRegister.Add\",\n              \"ControllerRegister.AddAuto\",\n              \"ControllerRegister.AddAutoPrefix\",\n              \"ControllerRegister.AddMethod\",\n              \"ControllerRegister.AddRouterMethod\",\n              \"ControllerRegister.Any\",\n              \"ControllerRegister.CtrlAny\",\n              \"ControllerRegister.CtrlDelete\",\n              \"ControllerRegister.CtrlGet\",\n              \"ControllerRegister.CtrlHead\",\n              \"ControllerRegister.CtrlOptions\",\n              \"ControllerRegister.CtrlPatch\""; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "       \"name\": \"github.com/beego/beego\",\n        \"ecosystem\": \"Go\"\n      },\n      \"ranges\": [\n        {\n          \"type\": \"SEMVER\",\n          \"events\": [\n            {\n              \"introduced\": \"0\"\n            },\n            {\n              \"fixed\": \"1.12.9\"\n            }\n          ]\n        }\n      ],\n      \"database_specific\": {\n        \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n      },\n      \"ecosystem_specific\": {\n        \"imports\": [\n          {\n            \"path\": \"github.com/beego/beego\",\n            \"symbols\": [\n              \"App.Run\",\n              \"ControllerRegister.FindPolicy\",\n              \"ControllerRegister.FindRouter\",\n              \"ControllerRegister.ServeHTTP\",\n              \"FilterRouter.ValidRouter\",\n              \"InitBeegoBeforeTest\",\n              \"Run\",\n              \"RunWithMiddleWares\",\n              \"TestBeegoInit\",\n              \"Tree.Match\",\n              \"Tree.match\",\n              \"adminApp.Run\"\n            ]\n          }\n        ]\n      }\n    },\n    {\n      \"package\": {\n        \"name\": \"github.com/beego/beego/v2\",\n        \"ecosystem\": \"Go\"\n      },\n      \"ranges\": [\n        {\n          \"type\": \"SEMVER\",\n          \"events\": [\n            {\n              \"introduced\": \"0\"\n            },\n            {\n              \"fixed\": \"2.0.3\"\n            }\n          ]\n        }\n      ],\n      \"database_specific\": {\n        \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n      },\n      \"ecosystem_specific\": {\n        \"imports\": [\n          {\n            \"path\": \"github.com/beego/beego/v2/server/web\",\n            \"symbols\": [\n              \"AddNamespace\",\n              \"Any\",\n              \"AutoPrefix\",\n              \"AutoRouter\",\n              \"Compare\",\n              \"CompareNot\",\n              \"Controller.Bind\",\n              \"Controller.BindForm\",\n              \"Controller.BindXML\",\n              \"Controller.BindYAML\",\n              \"Controller.GetSecureCookie\",\n              \"Controller.ParseForm\",\n              \"Controller.Render\",\n              \"Controller.RenderBytes\",\n              \"Controller.RenderString\",\n              \"Controller.Resp\",\n              \"Controller.SaveToFile\",\n              \"Controller.ServeFormatted\",\n              \"Controller.ServeXML\",\n              \"Controller.ServeYAML\",\n              \"Controller.SetSecureCookie\",\n              \"Controller.Trace\",\n              \"Controller.URLFor\",\n              \"Controller.XMLResp\",\n              \"Controller.XSRFFormHTML\",\n              \"Controller.XSRFToken\",\n              \"Controller.YamlResp\",\n              \"ControllerRegister.Add\",\n              \"ControllerRegister.AddAuto\",\n              \"ControllerRegister.AddAutoPrefix\",\n              \"ControllerRegister.AddMethod\",\n              \"ControllerRegister.AddRouterMethod\",\n              \"ControllerRegister.Any\",\n              \"ControllerRegister.CtrlAny\",\n              \"ControllerRegister.CtrlDelete\",\n              \"ControllerRegister.CtrlGet\",\n              \"ControllerRegister.CtrlHead\",\n              \"ControllerRegister.CtrlOptions\",\n              \"ControllerRegister.CtrlPatch\""; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "60\"\n  ],\n  \"CVE-2016-15005\": [\n    \"GO-2020-0045\"\n  ],\n  \"CVE-2016-3697\": [\n    \"GO-2021-0070\"\n  ],\n  \"CVE-2016-3958\": [\n    \"GO-2021-0163\"\n  ],\n  \"CVE-2016-3959\": [\n    \"GO-2022-0166\"\n  ],\n  \"CVE-2016-5386\": [\n    \"GO-2022-0761\"\n  ],\n  \"CVE-2016-9121\": [\n    \"GO-2020-0010\"\n  ],\n  \"CVE-2016-9122\": [\n    \"GO-2020-0011\",\n    \"GO-2022-0945\"\n  ],\n  \"CVE-2016-9123\": [\n    \"GO-2020-0009\"\n  ],\n  \"CVE-2017-1000097\": [\n    \"GO-2022-0171\"\n  ],\n  \"CVE-2017-1000098\": [\n    \"GO-2021-0172\"\n  ],\n  \"CVE-2017-11468\": [\n    \"GO-2021-0072\"\n  ],\n  \"CVE-2017-11480\": [\n    \"GO-2022-0643\"\n  ],\n  \"CVE-2017-15041\": [\n    \"GO-2022-0177\"\n  ],\n  \"CVE-2017-15042\": [\n    \"GO-2021-0178\"\n  ],\n  \"CVE-2017-15133\": [\n    \"GO-2020-0006\"\n  ],\n  \"CVE-2017-17831\": [\n    \"GO-2021-0073\"\n  ],\n  \"CVE-2017-18367\": [\n    \"GO-2020-0007\"\n  ],\n  \"CVE-2017-20146\": [\n    \"GO-2020-0020\"\n  ],\n  \"CVE-2017-3204\": [\n    \"GO-2020-0013\"\n  ],\n  \"CVE-2017-8932\": [\n    \"GO-2022-0187\"\n  ],\n  \"CVE-2018-1103\": [\n    \"GO-2020-0026\"\n  ],\n  \"CVE-2018-12018\": [\n    \"GO-2021-0075\"\n  ],\n  \"CVE-2018-14632\": [\n    \"GO-2021-0076\"\n  ],\n  \"CVE-2018-16873\": [\n    \"GO-2022-0189\"\n  ],\n  \"CVE-2018-16874\": [\n"; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "nonicalMIMEHeaderKey\",\"canonicalMIMEHeaderKey\"]}]}}],\"references\":[{\"type\":\"FIX\",\"url\":\"https://go.dev/cl/11772\"},{\"type\":\"FIX\",\"url\":\"https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9\"},{\"type\":\"REPORT\",\"url\":\"https://go.dev/issue/53035\"},{\"type\":\"WEB\",\"url\":\"https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ\"}]}\n"; err=<nil>
2023/03/11 04:17:40 Unsolicited response received on idle HTTP channel starting with "{\"url\":\"https://pkg.go.dev/vuln/GO-2021-0159\"},\"ecosystem_specific\":{\"imports\":[{\"path\":\"net/http\",\"symbols\":[\"CanonicalMIMEHeaderKey\",\"body.readLocked\",\"canonicalMIMEHeaderKey\",\"chunkWriter.writeHeader\",\"fixLength\",\"fixTransferEncoding\",\"readTransfer\",\"transferWriter.shouldSendContentLength\",\"validHeaderFieldByte\"]}]}}],\"references\":[{\"type\":\"FIX\",\"url\":\"https://go.dev/cl/13148\"},{\"type\":\"FIX\",\"url\":\"https://go.googlesource.com/go/+/26049f6f9171d1190f3bbe05ec304845cfe6399f\"},{\"type\":\"FIX\",\"url\":\"https://go.dev/cl/11772\"},{\"type\":\"FIX\",\"url\":\"https://go.dev/cl/11810\"},{\"type\":\"FIX\",\"url\":\"https://go.dev/cl/12865\"},{\"type\":\"FIX\",\"url\":\"https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9\"},{\"type\":\"FIX\",\"url\":\"https://go.googlesource.com/go/+/300d9a21583e7cf0149a778a0611e76ff7c6680f\"},{\"type\":\"FIX\",\"url\":\"https://go.googlesource.com/go/+/c2db5f4ccc61ba7df96a747e268a277b802cbb87\"},{\"type\":\"REPORT\",\"url\":\"https://go.dev/issue/12027\"},{\"type\":\"REPORT\",\"url\":\"https://go.dev/issue/11930\"},{\"type\":\"WEB\",\"url\":\"https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ\"}]}\n"; err=<nil>

watchflakes

@gopherbot gopherbot added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Mar 11, 2023
@gopherbot gopherbot modified the milestones: Unreleased, vuln/unplanned Mar 11, 2023
@bcmills
Copy link
Contributor

bcmills commented Mar 13, 2023

That log message comes from the net/http package:
https://cs.opensource.google/go/go/+/master:src/net/http/transport.go;l=2269;drc=451106921fbcbbae37769db582aea52bf8f728e6

(CC @neild)

@gopherbot
Copy link
Contributor Author

Found new dashboard test flakes for:

#!watchflakes
post <- pkg == "golang.org/x/vuln/internal/client" && test == "TestMustUseIndex"
2023-03-13 16:18 illumos-amd64 vuln@8a73a7e4 go@7a21f799 x/vuln/internal/client.TestMustUseIndex (log) 
2023/03/20 14:32:13 Unsolicited response received on idle HTTP channel starting with "  {\n        \"package\": {\n          \"name\": \"github.com/beego/beego\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"1.12.9\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego\",\n              \"symbols\": [\n                \"App.Run\",\n                \"ControllerRegister.FindPolicy\",\n                \"ControllerRegister.FindRouter\",\n                \"ControllerRegister.ServeHTTP\",\n                \"FilterRouter.ValidRouter\",\n                \"InitBeegoBeforeTest\",\n                \"Run\",\n                \"RunWithMiddleWares\",\n                \"TestBeegoInit\",\n                \"Tree.Match\",\n                \"Tree.match\",\n                \"adminApp.Run\"\n              ]\n            }\n          ]\n        }\n      },\n      {\n        \"package\": {\n          \"name\": \"github.com/beego/beego/v2\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"2.0.3\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego/v2/server/web\",\n              \"symbols\": [\n                \"AddNamespace\",\n                \"Any\",\n                \"AutoPrefix\",\n                \"AutoRouter\",\n                \"Compare\",\n                \"CompareNot\",\n                \"Controller.Bind\",\n                \"Controller.BindForm\",\n                \"Controller.BindXML\",\n                \"Controller.BindYAML\",\n                \"Controller.GetSecureCookie\",\n                \"Controller.ParseForm\",\n                "; err=<nil>
2023/03/20 14:32:13 Unsolicited response received on idle HTTP channel starting with "  {\n        \"package\": {\n          \"name\": \"github.com/beego/beego\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"1.12.9\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego\",\n              \"symbols\": [\n                \"App.Run\",\n                \"ControllerRegister.FindPolicy\",\n                \"ControllerRegister.FindRouter\",\n                \"ControllerRegister.ServeHTTP\",\n                \"FilterRouter.ValidRouter\",\n                \"InitBeegoBeforeTest\",\n                \"Run\",\n                \"RunWithMiddleWares\",\n                \"TestBeegoInit\",\n                \"Tree.Match\",\n                \"Tree.match\",\n                \"adminApp.Run\"\n              ]\n            }\n          ]\n        }\n      },\n      {\n        \"package\": {\n          \"name\": \"github.com/beego/beego/v2\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"2.0.3\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego/v2/server/web\",\n              \"symbols\": [\n                \"AddNamespace\",\n                \"Any\",\n                \"AutoPrefix\",\n                \"AutoRouter\",\n                \"Compare\",\n                \"CompareNot\",\n                \"Controller.Bind\",\n                \"Controller.BindForm\",\n                \"Controller.BindXML\",\n                \"Controller.BindYAML\",\n                \"Controller.GetSecureCookie\",\n                \"Controller.ParseForm\",\n                "; err=<nil>
2023/03/20 14:32:13 Unsolicited response received on idle HTTP channel starting with "  {\n        \"package\": {\n          \"name\": \"github.com/beego/beego\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"1.12.9\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego\",\n              \"symbols\": [\n                \"App.Run\",\n                \"ControllerRegister.FindPolicy\",\n                \"ControllerRegister.FindRouter\",\n                \"ControllerRegister.ServeHTTP\",\n                \"FilterRouter.ValidRouter\",\n                \"InitBeegoBeforeTest\",\n                \"Run\",\n                \"RunWithMiddleWares\",\n                \"TestBeegoInit\",\n                \"Tree.Match\",\n                \"Tree.match\",\n                \"adminApp.Run\"\n              ]\n            }\n          ]\n        }\n      },\n      {\n        \"package\": {\n          \"name\": \"github.com/beego/beego/v2\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"2.0.3\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego/v2/server/web\",\n              \"symbols\": [\n                \"AddNamespace\",\n                \"Any\",\n                \"AutoPrefix\",\n                \"AutoRouter\",\n                \"Compare\",\n                \"CompareNot\",\n                \"Controller.Bind\",\n                \"Controller.BindForm\",\n                \"Controller.BindXML\",\n                \"Controller.BindYAML\",\n                \"Controller.GetSecureCookie\",\n                \"Controller.ParseForm\",\n                "; err=<nil>
2023/03/20 14:32:13 Unsolicited response received on idle HTTP channel starting with " \"ecosystem\": \"Go\"\n                },\n                \"ranges\": [\n                    {\n                        \"type\": \"SEMVER\",\n                        \"events\": [\n                            {\n                                \"introduced\": \"0\"\n                            },\n                            {\n                                \"fixed\": \"1.6.6\"\n                            }\n                        ]\n                    }\n                ],\n                \"database_specific\": {\n                    \"url\": \"https://pkg.go.dev/vuln/GO-2021-0054\"\n                },\n                \"ecosystem_specific\": {\n                    \"imports\": [\n                        {\n                            \"path\": \"github.com/tidwall/gjson\",\n                            \"symbols\": [\n                                \"Result.ForEach\",\n                                \"unwrap\"\n                            ]\n                        }\n                    ]\n                }\n            }\n        ],\n        \"references\": [\n            {\n                \"type\": \"FIX\",\n                \"url\": \"https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b\"\n            },\n            {\n                \"type\": \"WEB\",\n                \"url\": \"https://github.com/tidwall/gjson/issues/196\"\n            },\n            {\n                \"type\": \"WEB\",\n                \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-36067\"\n            }\n        ]\n    },\n    {\n        \"id\": \"GO-2021-0059\",\n        \"published\": \"2021-04-14T20:04:52Z\",\n        \"modified\": \"2022-08-19T22:21:47Z\",\n        \"aliases\": [\n            \"CVE-2020-35380\",\n            \"GHSA-w942-gw6m-p62c\"\n        ],\n        \"details\": \"Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.\",\n        \"affected\": [\n            {\n                \"package\": {\n                    \"name\": \"github.com/tidwall/gjson\",\n                    \"ecosystem\": \"Go\"\n                },\n                \"ranges\": [\n                    {\n                        \"type\": \"SEMVER\",\n                        \"events\": [\n                            {\n                                \"introduced\": \"0\"\n                            },\n                            {\n                                \"fixed\": \"1.6.4\"\n                            }\n                        ]\n                    }\n                ],\n                \"database_specific\": {\n                    \"url\": \"https://pkg.go.dev/vuln/GO-2021-0059\"\n                },\n                \"ecosystem_specific\": {\n                    \"imports\": [\n                        {\n                            \"path\": \"github.com/tidwall/gjson\",\n                            \"symbols\": [\n                                \"sqaush\"\n                            ]\n                        }\n                    ]\n                }\n            }\n        ],\n        \"references\": [\n            {\n                \"type\": \"FIX\",\n                \"url\": \"https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc\"\n            },\n            {"; err=<nil>
2023/03/20 14:32:13 Unsolicited response received on idle HTTP channel starting with "  {\n        \"package\": {\n          \"name\": \"github.com/beego/beego\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"1.12.9\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego\",\n              \"symbols\": [\n                \"App.Run\",\n                \"ControllerRegister.FindPolicy\",\n                \"ControllerRegister.FindRouter\",\n                \"ControllerRegister.ServeHTTP\",\n                \"FilterRouter.ValidRouter\",\n                \"InitBeegoBeforeTest\",\n                \"Run\",\n                \"RunWithMiddleWares\",\n                \"TestBeegoInit\",\n                \"Tree.Match\",\n                \"Tree.match\",\n                \"adminApp.Run\"\n              ]\n            }\n          ]\n        }\n      },\n      {\n        \"package\": {\n          \"name\": \"github.com/beego/beego/v2\",\n          \"ecosystem\": \"Go\"\n        },\n        \"ranges\": [\n          {\n            \"type\": \"SEMVER\",\n            \"events\": [\n              {\n                \"introduced\": \"0\"\n              },\n              {\n                \"fixed\": \"2.0.3\"\n              }\n            ]\n          }\n        ],\n        \"database_specific\": {\n          \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n        },\n        \"ecosystem_specific\": {\n          \"imports\": [\n            {\n              \"path\": \"github.com/beego/beego/v2/server/web\",\n              \"symbols\": [\n                \"AddNamespace\",\n                \"Any\",\n                \"AutoPrefix\",\n                \"AutoRouter\",\n                \"Compare\",\n                \"CompareNot\",\n                \"Controller.Bind\",\n                \"Controller.BindForm\",\n                \"Controller.BindXML\",\n                \"Controller.BindYAML\",\n                \"Controller.GetSecureCookie\",\n                \"Controller.ParseForm\",\n                "; err=<nil>
2023/03/20 14:32:13 Unsolicited response received on idle HTTP channel starting with " \"ecosystem\": \"Go\"\n                },\n                \"ranges\": [\n                    {\n                        \"type\": \"SEMVER\",\n                        \"events\": [\n                            {\n                                \"introduced\": \"0\"\n                            },\n                            {\n                                \"fixed\": \"1.6.6\"\n                            }\n                        ]\n                    }\n                ],\n                \"database_specific\": {\n                    \"url\": \"https://pkg.go.dev/vuln/GO-2021-0054\"\n                },\n                \"ecosystem_specific\": {\n                    \"imports\": [\n                        {\n                            \"path\": \"github.com/tidwall/gjson\",\n                            \"symbols\": [\n                                \"Result.ForEach\",\n                                \"unwrap\"\n                            ]\n                        }\n                    ]\n                }\n            }\n        ],\n        \"references\": [\n            {\n                \"type\": \"FIX\",\n                \"url\": \"https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b\"\n            },\n            {\n                \"type\": \"WEB\",\n                \"url\": \"https://github.com/tidwall/gjson/issues/196\"\n            },\n            {\n                \"type\": \"WEB\",\n                \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-36067\"\n            }\n        ]\n    },\n    {\n        \"id\": \"GO-2021-0059\",\n        \"published\": \"2021-04-14T20:04:52Z\",\n        \"modified\": \"2022-08-19T22:21:47Z\",\n        \"aliases\": [\n            \"CVE-2020-35380\",\n            \"GHSA-w942-gw6m-p62c\"\n        ],\n        \"details\": \"Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.\",\n        \"affected\": [\n            {\n                \"package\": {\n                    \"name\": \"github.com/tidwall/gjson\",\n                    \"ecosystem\": \"Go\"\n                },\n                \"ranges\": [\n                    {\n                        \"type\": \"SEMVER\",\n                        \"events\": [\n                            {\n                                \"introduced\": \"0\"\n                            },\n                            {\n                                \"fixed\": \"1.6.4\"\n                            }\n                        ]\n                    }\n                ],\n                \"database_specific\": {\n                    \"url\": \"https://pkg.go.dev/vuln/GO-2021-0059\"\n                },\n                \"ecosystem_specific\": {\n                    \"imports\": [\n                        {\n                            \"path\": \"github.com/tidwall/gjson\",\n                            \"symbols\": [\n                                \"sqaush\"\n                            ]\n                        }\n                    ]\n                }\n            }\n        ],\n        \"references\": [\n            {\n                \"type\": \"FIX\",\n                \"url\": \"https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc\"\n            },\n            {"; err=<nil>
--- FAIL: TestMustUseIndex (0.00s)
    client_test.go:214: Index(): Get "http://127.0.0.1:60190/index.json": net/http: HTTP/1.x transport connection broken: malformed HTTP status code "{"
2023/03/20 14:32:13 Unsolicited response received on idle HTTP channel starting with "       \"name\": \"github.com/beego/beego\",\n        \"ecosystem\": \"Go\"\n      },\n      \"ranges\": [\n        {\n          \"type\": \"SEMVER\",\n          \"events\": [\n            {\n              \"introduced\": \"0\"\n            },\n            {\n              \"fixed\": \"1.12.9\"\n            }\n          ]\n        }\n      ],\n      \"database_specific\": {\n        \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n      },\n      \"ecosystem_specific\": {\n        \"imports\": [\n          {\n            \"path\": \"github.com/beego/beego\",\n            \"symbols\": [\n              \"App.Run\",\n              \"ControllerRegister.FindPolicy\",\n              \"ControllerRegister.FindRouter\",\n              \"ControllerRegister.ServeHTTP\",\n              \"FilterRouter.ValidRouter\",\n              \"InitBeegoBeforeTest\",\n              \"Run\",\n              \"RunWithMiddleWares\",\n              \"TestBeegoInit\",\n              \"Tree.Match\",\n              \"Tree.match\",\n              \"adminApp.Run\"\n            ]\n          }\n        ]\n      }\n    },\n    {\n      \"package\": {\n        \"name\": \"github.com/beego/beego/v2\",\n        \"ecosystem\": \"Go\"\n      },\n      \"ranges\": [\n        {\n          \"type\": \"SEMVER\",\n          \"events\": [\n            {\n              \"introduced\": \"0\"\n            },\n            {\n              \"fixed\": \"2.0.3\"\n            }\n          ]\n        }\n      ],\n      \"database_specific\": {\n        \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n      },\n      \"ecosystem_specific\": {\n        \"imports\": [\n          {\n            \"path\": \"github.com/beego/beego/v2/server/web\",\n            \"symbols\": [\n              \"AddNamespace\",\n              \"Any\",\n              \"AutoPrefix\",\n              \"AutoRouter\",\n              \"Compare\",\n              \"CompareNot\",\n              \"Controller.Bind\",\n              \"Controller.BindForm\",\n              \"Controller.BindXML\",\n              \"Controller.BindYAML\",\n              \"Controller.GetSecureCookie\",\n              \"Controller.ParseForm\",\n              \"Controller.Render\",\n              \"Controller.RenderBytes\",\n              \"Controller.RenderString\",\n              \"Controller.Resp\",\n              \"Controller.SaveToFile\",\n              \"Controller.ServeFormatted\",\n              \"Controller.ServeXML\",\n              \"Controller.ServeYAML\",\n              \"Controller.SetSecureCookie\",\n              \"Controller.Trace\",\n              \"Controller.URLFor\",\n              \"Controller.XMLResp\",\n              \"Controller.XSRFFormHTML\",\n              \"Controller.XSRFToken\",\n              \"Controller.YamlResp\",\n              \"ControllerRegister.Add\",\n              \"ControllerRegister.AddAuto\",\n              \"ControllerRegister.AddAutoPrefix\",\n              \"ControllerRegister.AddMethod\",\n              \"ControllerRegister.AddRouterMethod\",\n              \"ControllerRegister.Any\",\n              \"ControllerRegister.CtrlAny\",\n              \"ControllerRegister.CtrlDelete\",\n              \"ControllerRegister.CtrlGet\",\n              \"ControllerRegister.CtrlHead\",\n              \"ControllerRegister.CtrlOptions\",\n              \"ControllerRegister.CtrlPatch\",\n              \"ControllerRegister.CtrlPost\",\n              \"ControllerRegister.CtrlPut\",\n              \"ControllerRegister.Delete\",\n              \"ControllerRegister.FindPolicy\",\n              \"ControllerRegister.FindRouter\",\n              \"ControllerRegister.Get\",\n              \"ControllerRegister.Handler\",\n              \"ControllerRegister.Head\",\n              \"ControllerRegister.Include\",\n              \"ControllerRegister.Init\",\n              \"ControllerRegister.InsertFilter\",\n              \"ControllerRegister.Options\",\n              \"ControllerRegister.Patch\",\n              \"ControllerRegister.Post\",\n              \"ControllerRegister.Put\",\n              \"ControllerRegister.ServeHTTP\",\n              \"ControllerRegister.URLFor\",\n              \"CtrlAny\",\n              \"CtrlDelete\",\n              \"CtrlGet\",\n              \"CtrlHead\",\n              \"CtrlOptions\",\n              \"CtrlPatch\",\n              \"CtrlPost\",\n              \"CtrlPut\",\n              \"Date\",\n              \"DateParse\",\n              \"Dele"; err=<nil>
2023/03/20 14:32:13 Unsolicited response received on idle HTTP channel starting with "       \"name\": \"github.com/beego/beego\",\n        \"ecosystem\": \"Go\"\n      },\n      \"ranges\": [\n        {\n          \"type\": \"SEMVER\",\n          \"events\": [\n            {\n              \"introduced\": \"0\"\n            },\n            {\n              \"fixed\": \"1.12.9\"\n            }\n          ]\n        }\n      ],\n      \"database_specific\": {\n        \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n      },\n      \"ecosystem_specific\": {\n        \"imports\": [\n          {\n            \"path\": \"github.com/beego/beego\",\n            \"symbols\": [\n              \"App.Run\",\n              \"ControllerRegister.FindPolicy\",\n              \"ControllerRegister.FindRouter\",\n              \"ControllerRegister.ServeHTTP\",\n              \"FilterRouter.ValidRouter\",\n              \"InitBeegoBeforeTest\",\n              \"Run\",\n              \"RunWithMiddleWares\",\n              \"TestBeegoInit\",\n              \"Tree.Match\",\n              \"Tree.match\",\n              \"adminApp.Run\"\n            ]\n          }\n        ]\n      }\n    },\n    {\n      \"package\": {\n        \"name\": \"github.com/beego/beego/v2\",\n        \"ecosystem\": \"Go\"\n      },\n      \"ranges\": [\n        {\n          \"type\": \"SEMVER\",\n          \"events\": [\n            {\n              \"introduced\": \"0\"\n            },\n            {\n              \"fixed\": \"2.0.3\"\n            }\n          ]\n        }\n      ],\n      \"database_specific\": {\n        \"url\": \"https://pkg.go.dev/vuln/GO-2022-0463\"\n      },\n      \"ecosystem_specific\": {\n        \"imports\": [\n          {\n            \"path\": \"github.com/beego/beego/v2/server/web\",\n            \"symbols\": [\n              \"AddNamespace\",\n              \"Any\",\n              \"AutoPrefix\",\n              \"AutoRouter\",\n              \"Compare\",\n              \"CompareNot\",\n              \"Controller.Bind\",\n              \"Controller.BindForm\",\n              \"Controller.BindXML\",\n              \"Controller.BindYAML\",\n              \"Controller.GetSecureCookie\",\n              \"Controller.ParseForm\",\n              \"Controller.Render\",\n              \"Controller.RenderBytes\",\n              \"Controller.RenderString\",\n              \"Controller.Resp\",\n              \"Controller.SaveToFile\",\n              \"Controller.ServeFormatted\",\n              \"Controller.ServeXML\",\n              \"Controller.ServeYAML\",\n              \"Controller.SetSecureCookie\",\n              \"Controller.Trace\",\n              \"Controller.URLFor\",\n              \"Controller.XMLResp\",\n              \"Controller.XSRFFormHTML\",\n              \"Controller.XSRFToken\",\n              \"Controller.YamlResp\",\n              \"ControllerRegister.Add\",\n              \"ControllerRegister.AddAuto\",\n              \"ControllerRegister.AddAutoPrefix\",\n              \"ControllerRegister.AddMethod\",\n              \"ControllerRegister.AddRouterMethod\",\n              \"ControllerRegister.Any\",\n              \"ControllerRegister.CtrlAny\",\n              \"ControllerRegister.CtrlDelete\",\n              \"ControllerRegister.CtrlGet\",\n              \"ControllerRegister.CtrlHead\",\n              \"ControllerRegister.CtrlOptions\",\n              \"ControllerRegister.CtrlPatch\""; err=<nil>
2023/03/20 14:32:13 Unsolicited response received on idle HTTP channel starting with "60\"\n  ],\n  \"CVE-2016-15005\": [\n    \"GO-2020-0045\"\n  ],\n  \"CVE-2016-3697\": [\n    \"GO-2021-0070\"\n  ],\n  \"CVE-2016-3958\": [\n    \"GO-2021-0163\"\n  ],\n  \"CVE-2016-3959\": [\n    \"GO-2022-0166\"\n  ],\n  \"CVE-2016-5386\": [\n    \"GO-2022-0761\"\n  ],\n  \"CVE-2016-9121\": [\n    \"GO-2020-0010\"\n  ],\n  \"CVE-2016-9122\": [\n    \"GO-2020-0011\",\n    \"GO-2022-0945\"\n  ],\n  \"CVE-2016-9123\": [\n    \"GO-2020-0009\"\n  ],\n  \"CVE-2017-1000097\": [\n    \"GO-2022-0171\"\n  ],\n  \"CVE-2017-1000098\": [\n    \"GO-2021-0172\"\n  ],\n  \"CVE-2017-11468\": [\n    \"GO-2021-0072\"\n  ],\n  \"CVE-2017-11480\": [\n    \"GO-2022-0643\"\n  ],\n  \"CVE-2017-15041\": [\n    \"GO-2022-0177\"\n  ],\n  \"CVE-2017-15042\": [\n    \"GO-2021-0178\"\n  ],\n  \"CVE-2017-15133\": [\n    \"GO-2020-0006\"\n  ],\n  \"CVE-2017-17831\": [\n    \"GO-2021-0073\"\n  ],\n  \"CVE-2017-18367\": [\n    \"GO-2020-0007\"\n  ],\n  \"CVE-2017-20146\": [\n    \"GO-2020-0020\"\n  ],\n  \"CVE-2017-3204\": [\n    \"GO-2020-0013\"\n  ],\n  \"CVE-2017-8932\": [\n    \"GO-2022-0187\"\n  ],\n  \"CVE-2018-1103\": [\n    \"GO-2020-0026\"\n  ],\n  \"CVE-2018-12018\": [\n    \"GO-2021-0075\"\n  ],\n  \"CVE-2018-14632\": [\n    \"GO-2021-0076\"\n  ],\n  \"CVE-2018-16873\": [\n    \"GO-2022-0189\"\n  ],\n  \"CVE-2018-16874\": [\n"; err=<nil>

watchflakes

@bcmills
Copy link
Contributor

bcmills commented Apr 3, 2023

Duplicate of #59379

@bcmills bcmills marked this as a duplicate of #59379 Apr 3, 2023
@bcmills bcmills closed this as not planned Won't fix, can't repro, duplicate, stale Apr 3, 2023
@bcmills bcmills removed this from Test Flakes Apr 3, 2023
@golang golang locked and limited conversation to collaborators Apr 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
vuln/unplanned
Development

No branches or pull requests
2 participants
@bcmills @gopherbot