Skip to content

Commit

Permalink
cmd/govulncheck/testdata: add test for json mode for multiple entry p…
Browse files Browse the repository at this point in the history 
…oints

 When govulncheck finds that the same vulnerable symbol is called more
than once, only one invocation is displayed to the user in -json mode.

Add a test for this behavior, before it is changed in a later CL.

For golang/go#59485

Change-Id: I667e3e3c9c113991383b040191edb25858f992bb
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/485898
Auto-Submit: Julie Qiu <julieqiu@google.com>
Run-TryBot: Julie Qiu <julie@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
  • Loading branch information
@julieqiu
julieqiu committed Apr 18, 2023
1 parent c0de090 commit 1a5d3d8
Showing 1 changed file with 165 additions and 0 deletions.
165 changes: 165 additions & 0 deletions cmd/govulncheck/testdata/multientry_json.ct
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
$ govulncheck -json -C ${moddir}/multientry .
{
"config": {
"version": govulncheck@v0.0.0-00000000000-20000101010101
"data_source": "testdata/vulndb-v1",
"last_modified": "2023-04-03T15:57:51Z",
"go_version": "go1.18"
}
}
{
"progress": {
"message": "Scanning your code and P packages across M dependent module for known vulnerabilities..."
}
}
{
"vulnerability": {
"osv": {
"schema_version": "1.3.1",
"id": "GO-2021-0113",
"modified": "2023-04-03T15:57:51Z",
"published": "2021-10-06T17:51:21Z",
"aliases": [
"CVE-2021-38561",
"GHSA-ppp9-7jff-5vj2"
],
"details": "Due to improper index calculation, an incorrectly formatted language tag can cause Parse to panic via an out of bounds read. If Parse is used to process untrusted user inputs, this may be used as a vector for a denial of service attack.",
"affected": [
{
"package": {
"name": "golang.org/x/text",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.7"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "golang.org/x/text/language",
"symbols": [
"MatchStrings",
"MustParse",
"Parse",
"ParseAcceptLanguage"
]
}
]
}
}
],
"references": [
{
"type": "FIX",
"url": "https://go.dev/cl/340830"
},
{
"type": "FIX",
"url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f"
}
],
"credits": [
{
"name": "Guido Vranken"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2021-0113"
}
},
"modules": [
{
"path": "golang.org/x/text",
"found_version": "v0.3.5",
"fixed_version": "v0.3.7",
"packages": [
{
"path": "golang.org/x/text/language",
"callstacks": [
{
"symbol": "MustParse",
"summary": ".../main.go:99:20: golang.org/multientry.foobar calls golang.org/x/text/language.MustParse",
"frames": [
{
"package": "golang.org/multientry",
"function": "main",
"position": {
"filename": ".../main.go",
"offset": 441,
"line": 26,
"column": 3
}
},
{
"package": "golang.org/multientry",
"function": "D",
"position": {
"filename": ".../main.go",
"offset": 705,
"line": 48,
"column": 8
}
},
{
"package": "golang.org/multientry",
"function": "foobar",
"position": {
"filename": ".../main.go",
"offset": 1694,
"line": 99,
"column": 20
}
},
{
"package": "golang.org/x/text/language",
"function": "MustParse"
}
]
},
{
"symbol": "Parse",
"summary": ".../main.go:44:23: golang.org/multientry.C calls golang.org/x/text/language.Parse",
"frames": [
{
"package": "golang.org/multientry",
"function": "main",
"position": {
"filename": ".../main.go",
"offset": 340,
"line": 22,
"column": 3
}
},
{
"package": "golang.org/multientry",
"function": "C",
"position": {
"filename": ".../main.go",
"offset": 679,
"line": 44,
"column": 23
}
},
{
"package": "golang.org/x/text/language",
"function": "Parse"
}
]
}
]
}
]
}
]
}
}

0 comments on commit 1a5d3d8

Please sign in to comment.