From 26584b10628738af8b94062e65c03b9444cde032 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Mon, 19 Feb 2024 12:56:56 +0300 Subject: [PATCH] Add package with updated vuln lib --- novulndep/go.mod | 7 +++++++ novulndep/go.sum | 6 ++++++ novulndep/main.go | 17 +++++++++++++++++ 3 files changed, 30 insertions(+) create mode 100644 novulndep/go.mod create mode 100644 novulndep/go.sum create mode 100644 novulndep/main.go diff --git a/novulndep/go.mod b/novulndep/go.mod new file mode 100644 index 0000000..db9ecb2 --- /dev/null +++ b/novulndep/go.mod @@ -0,0 +1,7 @@ +module git.frostfs.info/alexvanin/vulncheck-example/novulndep + +go 1.22.0 + +require golang.org/x/crypto v0.19.0 + +require golang.org/x/sys v0.17.0 // indirect diff --git a/novulndep/go.sum b/novulndep/go.sum new file mode 100644 index 0000000..8145e8f --- /dev/null +++ b/novulndep/go.sum @@ -0,0 +1,6 @@ +golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= diff --git a/novulndep/main.go b/novulndep/main.go new file mode 100644 index 0000000..9b0afa5 --- /dev/null +++ b/novulndep/main.go @@ -0,0 +1,17 @@ +// Novulndep is a package that imports golang.org/x/crypto package +// without https://pkg.go.dev/vuln/GO-2023-2402 vulnarability +package novulndep + +import ( + "net" + + "golang.org/x/crypto/ssh" +) + +// FunctionWithVulnarability is a nop function that transitively adds +// vulnarable code to a call trace of your application +func FunctionNoVulnarability() error { + var c net.Conn + _, _, _, err := ssh.NewServerConn(c, new(ssh.ServerConfig)) + return err +}