From 37c5cbee19a24d046a9c5139487a8c7f9124d770 Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Wed, 17 Jul 2024 15:53:21 -0400 Subject: [PATCH] data/reports: update 4 reports Remove/fix non-existent packages. - data/reports/GO-2021-0064.yaml - data/reports/GO-2021-0065.yaml - data/reports/GO-2024-0701.yaml - data/reports/GO-2024-2912.yaml Updates golang/vulndb#64 Updates golang/vulndb#65 Updates golang/vulndb#701 Updates golang/vulndb#2912 Change-Id: Id36b6a47f75c4afb79318d0c3b9ff3b62c5be601 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/599177 LUCI-TryBot-Result: Go LUCI Reviewed-by: Damien Neil --- data/osv/GO-2021-0064.json | 29 ----------------------------- data/osv/GO-2021-0065.json | 29 ----------------------------- data/osv/GO-2022-0701.json | 2 +- data/osv/GO-2024-2912.json | 4 ++-- data/reports/GO-2021-0064.yaml | 9 --------- data/reports/GO-2021-0065.yaml | 9 --------- data/reports/GO-2022-0701.yaml | 2 +- data/reports/GO-2024-2912.yaml | 4 ++-- 8 files changed, 6 insertions(+), 82 deletions(-) diff --git a/data/osv/GO-2021-0064.json b/data/osv/GO-2021-0064.json index 13b26401..17e47547 100644 --- a/data/osv/GO-2021-0064.json +++ b/data/osv/GO-2021-0064.json @@ -43,35 +43,6 @@ } ] } - }, - { - "package": { - "name": "k8s.io/kubernetes", - "ecosystem": "Go" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "1.20.0-alpha.2" - } - ] - } - ], - "ecosystem_specific": { - "imports": [ - { - "path": "k8s.io/kubernetes/staging/src/k8s.io/client-go/transport", - "symbols": [ - "requestInfo.toCurl" - ] - } - ] - } } ], "references": [ diff --git a/data/osv/GO-2021-0065.json b/data/osv/GO-2021-0065.json index df5a5e2d..a562dd4e 100644 --- a/data/osv/GO-2021-0065.json +++ b/data/osv/GO-2021-0065.json @@ -42,35 +42,6 @@ } ] } - }, - { - "package": { - "name": "k8s.io/kubernetes", - "ecosystem": "Go" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "1.16.0-beta.1" - } - ] - } - ], - "ecosystem_specific": { - "imports": [ - { - "path": "k8s.io/kubernetes/staging/src/k8s.io/client-go/transport", - "symbols": [ - "debuggingRoundTripper.RoundTrip" - ] - } - ] - } } ], "references": [ diff --git a/data/osv/GO-2022-0701.json b/data/osv/GO-2022-0701.json index dd343bf8..93028c69 100644 --- a/data/osv/GO-2022-0701.json +++ b/data/osv/GO-2022-0701.json @@ -43,7 +43,7 @@ ] }, { - "path": "k8s.io/kubernetes/pkg/storage", + "path": "k8s.io/kubernetes/pkg/api/storage", "symbols": [ "NamespaceKeyFunc", "NoNamespaceKeyFunc" diff --git a/data/osv/GO-2024-2912.json b/data/osv/GO-2024-2912.json index d4dfd7ba..fd22c3d4 100644 --- a/data/osv/GO-2024-2912.json +++ b/data/osv/GO-2024-2912.json @@ -31,14 +31,14 @@ "ecosystem_specific": { "imports": [ { - "path": "github.com/docker/cli/command", + "path": "github.com/docker/cli/cli/command", "symbols": [ "GetDefaultAuthConfig", "RegistryAuthenticationPrivilegedFunc" ] }, { - "path": "github.com/docker/cli/command/registry", + "path": "github.com/docker/cli/cli/command/registry", "symbols": [ "runLogin" ] diff --git a/data/reports/GO-2021-0064.yaml b/data/reports/GO-2021-0064.yaml index 1456babc..70fc1873 100644 --- a/data/reports/GO-2021-0064.yaml +++ b/data/reports/GO-2021-0064.yaml @@ -14,15 +14,6 @@ modules: - debuggingRoundTripper.RoundTrip - impersonatingRoundTripper.RoundTrip - userAgentRoundTripper.RoundTrip - - module: k8s.io/kubernetes - versions: - - fixed: 1.20.0-alpha.2 - vulnerable_at: 1.20.0-alpha.1 - packages: - - package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport - symbols: - - requestInfo.toCurl - skip_fix: 'TODO: revisit this reason (module does not contain package k8s.io/kubernetes/staging/src/k8s.io/client-go/transport)' summary: |- Unauthorized credential disclosure via debug logs in k8s.io/kubernetes and k8s.io/client-go diff --git a/data/reports/GO-2021-0065.yaml b/data/reports/GO-2021-0065.yaml index 32be6694..1ae58d01 100644 --- a/data/reports/GO-2021-0065.yaml +++ b/data/reports/GO-2021-0065.yaml @@ -13,15 +13,6 @@ modules: - bearerAuthRoundTripper.RoundTrip - impersonatingRoundTripper.RoundTrip - userAgentRoundTripper.RoundTrip - - module: k8s.io/kubernetes - versions: - - fixed: 1.16.0-beta.1 - vulnerable_at: 1.16.0-beta.0 - packages: - - package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport - symbols: - - debuggingRoundTripper.RoundTrip - skip_fix: 'TODO: revisit this reason (module does not contain package k8s.io/kubernetes/staging/src/k8s.io/client-go/transport)' summary: Unauthorized credential disclosure in k8s.io/kubernetes and k8s.io/client-go description: |- Authorization tokens may be inappropriately logged if the verbosity level is set diff --git a/data/reports/GO-2022-0701.yaml b/data/reports/GO-2022-0701.yaml index ea35fec5..892f2392 100644 --- a/data/reports/GO-2022-0701.yaml +++ b/data/reports/GO-2022-0701.yaml @@ -13,7 +13,7 @@ modules: symbols: - NamespaceKeyFunc skip_fix: 'TODO: Revisit this reason (Dependency github.com/docker/docker/pkg/units no longer exists)' - - package: k8s.io/kubernetes/pkg/storage + - package: k8s.io/kubernetes/pkg/api/storage symbols: - NamespaceKeyFunc - NoNamespaceKeyFunc diff --git a/data/reports/GO-2024-2912.yaml b/data/reports/GO-2024-2912.yaml index 87ac3f05..0314661c 100644 --- a/data/reports/GO-2024-2912.yaml +++ b/data/reports/GO-2024-2912.yaml @@ -5,12 +5,12 @@ modules: - fixed: 20.10.9+incompatible vulnerable_at: 20.10.8+incompatible packages: - - package: github.com/docker/cli/command + - package: github.com/docker/cli/cli/command symbols: - RegistryAuthenticationPrivilegedFunc - GetDefaultAuthConfig skip_fix: fix error due to incompatible version - - package: github.com/docker/cli/command/registry + - package: github.com/docker/cli/cli/command/registry symbols: - runLogin skip_fix: fix error due to incompatible version