Initial commit

This commit is contained in:
Alexey Vanin 2024-02-19 11:27:31 +03:00
commit daf01e65df
7 changed files with 64 additions and 0 deletions

3
go.mod Normal file
View file

@ -0,0 +1,3 @@
module git.frostfs.info/alexvanin/vulncheck-example
go 1.22.0

7
unusedvulndep/go.mod Normal file
View file

@ -0,0 +1,7 @@
module git.frostfs.info/alexvanin/vulncheck-example/unusedvulndep
go 1.22.0
require golang.org/x/crypto v0.16.0
require golang.org/x/sys v0.15.0 // indirect

6
unusedvulndep/go.sum Normal file
View file

@ -0,0 +1,6 @@
golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=

17
unusedvulndep/module.go Normal file
View file

@ -0,0 +1,17 @@
// Unusedvulndep is a package that imports golang.org/x/crypto package
// with vulnarability https://pkg.go.dev/vuln/GO-2023-2402 and provides
// function that is not affected by vulnarability
package usedvulndep
import (
"golang.org/x/crypto/ssh"
)
// FunctionWithVulnarability is a nop function that transitively adds
// vulnarable dependency but unvunarable code to a call trace of
// your application
func FunctionWithoutVulnarability() error {
var s ssh.Signer
_, err := ssh.NewCertSigner(new(ssh.Certificate), s)
return err
}

7
usedvulndep/go.mod Normal file
View file

@ -0,0 +1,7 @@
module git.frostfs.info/alexvanin/vulncheck-example/usedvulndep
go 1.22.0
require golang.org/x/crypto v0.16.0
require golang.org/x/sys v0.15.0 // indirect

6
usedvulndep/go.sum Normal file
View file

@ -0,0 +1,6 @@
golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=

18
usedvulndep/module.go Normal file
View file

@ -0,0 +1,18 @@
// Usedvulndep is a package that imports golang.org/x/crypto package
// with vulnarability https://pkg.go.dev/vuln/GO-2023-2402 and provides
// function that affected by vulnarability
package usedvulndep
import (
"net"
"golang.org/x/crypto/ssh"
)
// FunctionWithVulnarability is a nop function that transitively adds
// vulnarable code to a call trace of your application
func FunctionWithVulnarability() error {
var c net.Conn
_, _, _, err := ssh.NewServerConn(c, new(ssh.ServerConfig))
return err
}