Initial commit
This commit is contained in:
commit
daf01e65df
7 changed files with 64 additions and 0 deletions
3
go.mod
Normal file
3
go.mod
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
module git.frostfs.info/alexvanin/vulncheck-example
|
||||||
|
|
||||||
|
go 1.22.0
|
7
unusedvulndep/go.mod
Normal file
7
unusedvulndep/go.mod
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
module git.frostfs.info/alexvanin/vulncheck-example/unusedvulndep
|
||||||
|
|
||||||
|
go 1.22.0
|
||||||
|
|
||||||
|
require golang.org/x/crypto v0.16.0
|
||||||
|
|
||||||
|
require golang.org/x/sys v0.15.0 // indirect
|
6
unusedvulndep/go.sum
Normal file
6
unusedvulndep/go.sum
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
|
||||||
|
golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
|
||||||
|
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
|
||||||
|
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||||
|
golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
|
||||||
|
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
|
17
unusedvulndep/module.go
Normal file
17
unusedvulndep/module.go
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
// Unusedvulndep is a package that imports golang.org/x/crypto package
|
||||||
|
// with vulnarability https://pkg.go.dev/vuln/GO-2023-2402 and provides
|
||||||
|
// function that is not affected by vulnarability
|
||||||
|
package usedvulndep
|
||||||
|
|
||||||
|
import (
|
||||||
|
"golang.org/x/crypto/ssh"
|
||||||
|
)
|
||||||
|
|
||||||
|
// FunctionWithVulnarability is a nop function that transitively adds
|
||||||
|
// vulnarable dependency but unvunarable code to a call trace of
|
||||||
|
// your application
|
||||||
|
func FunctionWithoutVulnarability() error {
|
||||||
|
var s ssh.Signer
|
||||||
|
_, err := ssh.NewCertSigner(new(ssh.Certificate), s)
|
||||||
|
return err
|
||||||
|
}
|
7
usedvulndep/go.mod
Normal file
7
usedvulndep/go.mod
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
module git.frostfs.info/alexvanin/vulncheck-example/usedvulndep
|
||||||
|
|
||||||
|
go 1.22.0
|
||||||
|
|
||||||
|
require golang.org/x/crypto v0.16.0
|
||||||
|
|
||||||
|
require golang.org/x/sys v0.15.0 // indirect
|
6
usedvulndep/go.sum
Normal file
6
usedvulndep/go.sum
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
|
||||||
|
golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
|
||||||
|
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
|
||||||
|
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||||
|
golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
|
||||||
|
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
|
18
usedvulndep/module.go
Normal file
18
usedvulndep/module.go
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
// Usedvulndep is a package that imports golang.org/x/crypto package
|
||||||
|
// with vulnarability https://pkg.go.dev/vuln/GO-2023-2402 and provides
|
||||||
|
// function that affected by vulnarability
|
||||||
|
package usedvulndep
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net"
|
||||||
|
|
||||||
|
"golang.org/x/crypto/ssh"
|
||||||
|
)
|
||||||
|
|
||||||
|
// FunctionWithVulnarability is a nop function that transitively adds
|
||||||
|
// vulnarable code to a call trace of your application
|
||||||
|
func FunctionWithVulnarability() error {
|
||||||
|
var c net.Conn
|
||||||
|
_, _, _, err := ssh.NewServerConn(c, new(ssh.ServerConfig))
|
||||||
|
return err
|
||||||
|
}
|
Loading…
Reference in a new issue