Add package with updated vuln lib

2024-02-19 12:56:56 +03:00 · 2024-02-19 12:56:56 +03:00 · 26584b1062
commit 26584b1062
parent 62ac1ff4c3
3 changed files with 30 additions and 0 deletions
--- a/novulndep/go.mod
+++ b/novulndep/go.mod
@ -0,0 +1,7 @@
+module git.frostfs.info/alexvanin/vulncheck-example/novulndep
+
+go 1.22.0
+
+require golang.org/x/crypto v0.19.0
+
+require golang.org/x/sys v0.17.0 // indirect
--- a/novulndep/go.sum
+++ b/novulndep/go.sum
@ -0,0 +1,6 @@
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
--- a/novulndep/main.go
+++ b/novulndep/main.go
@ -0,0 +1,17 @@
+// Novulndep is a package that imports golang.org/x/crypto package
+// without https://pkg.go.dev/vuln/GO-2023-2402 vulnarability
+package novulndep
+
+import (
+	"net"
+
+	"golang.org/x/crypto/ssh"
+)
+
+// FunctionWithVulnarability is a nop function that transitively adds
+// vulnarable code to a call trace of your application
+func FunctionNoVulnarability() error {
+	var c net.Conn
+	_, _, _, err := ssh.NewServerConn(c, new(ssh.ServerConfig))
+	return err
+}