diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 947a2f9..ee7bfa5 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -6,8 +6,8 @@ jobs: steps: - uses: actions/checkout@v3 - name: Debug - run: ls + run: pwd && ls shell: bash - name: Integration Test id: integration-test - uses: Templum/govulncheck-action@main + uses: Templum/govulncheck-action@debug diff --git a/Dockerfile b/Dockerfile index 95ef3b4..ad244e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM golang:1.19 as builder WORKDIR /go/src/github.com/Templum/govulncheck-action/ ENV GO111MODULE=on -RUN go install golang.org/x/vuln/cmd/govulncheck@latest +RUN CGO_ENABLED=0 go install golang.org/x/vuln/cmd/govulncheck@latest COPY go.mod go.sum ./ RUN go mod download @@ -13,8 +13,8 @@ COPY . . # Statically compile our app for use in a distroless container RUN CGO_ENABLED=0 go build -ldflags="-w -s" -v -o action . -FROM gcr.io/distroless/static +FROM golang:1.19 COPY --from=builder /go/src/github.com/Templum/govulncheck-action/action /action -COPY --from=builder /go/bin/govulncheck/ /govulncheck +COPY --from=builder /go/bin/govulncheck /usr/local/bin/govulncheck ENTRYPOINT ["/action"] \ No newline at end of file diff --git a/go.sum b/go.sum index f27cb06..e6893d8 100644 --- a/go.sum +++ b/go.sum @@ -2,6 +2,7 @@ github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= @@ -19,12 +20,13 @@ github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/owenrumney/go-sarif v1.1.1 h1:QNObu6YX1igyFKhdzd7vgzmw7XsWN3/6NMGuDzBgXmE= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.1.2 h1:PMDK7tXShJ9zsB7bfvlpADH5NEw1dfA9xwU8Xtdj73U= github.com/owenrumney/go-sarif/v2 v2.1.2/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= @@ -63,6 +65,7 @@ google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscL google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk= mvdan.cc/unparam v0.0.0-20211214103731-d0ef000c54e5 h1:Jh3LAeMt1eGpxomyu3jVkmVZWW2MxZ1qIIV2TZ/nRio= diff --git a/hack/found.json b/hack/found.json index 5b82b35..07a7fc3 100644 --- a/hack/found.json +++ b/hack/found.json @@ -7,15 +7,115 @@ "RecvType": "", "PkgPath": "github.com/Templum/playground", "Pos": { - "Filename": "/workspaces/playground/main.go", - "Offset": 61, - "Line": 7, + "Filename": "/workspaces/govulncheck-action/main.go", + "Offset": 187, + "Line": 10, "Column": 6 }, "CallSites": null }, - "2": { - "ID": 2, + "10": { + "ID": 10, + "Name": "Parse", + "RecvType": "", + "PkgPath": "golang.org/x/text/language", + "Pos": { + "Filename": "/go/pkg/mod/golang.org/x/text@v0.3.6/language/parse.go", + "Offset": 1121, + "Line": 33, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 12, + "Name": "Parse", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/golang.org/x/text@v0.3.6/language/tags.go", + "Offset": 469, + "Line": 14, + "Column": 17 + }, + "Resolved": true + } + ] + }, + "11": { + "ID": 11, + "Name": "Get", + "RecvType": "github.com/tidwall/gjson.Result", + "PkgPath": "github.com/tidwall/gjson", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 5744, + "Line": 296, + "Column": 17 + }, + "CallSites": [ + { + "Parent": 16, + "Name": "Get", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 27159, + "Line": 1370, + "Column": 18 + }, + "Resolved": true + }, + { + "Parent": 16, + "Name": "Get", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 27446, + "Line": 1385, + "Column": 19 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "Get", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 31327, + "Line": 1579, + "Column": 24 + }, + "Resolved": true + }, + { + "Parent": 8, + "Name": "Get", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 39584, + "Line": 1945, + "Column": 20 + }, + "Resolved": true + }, + { + "Parent": 8, + "Name": "Get", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 40038, + "Line": 1974, + "Column": 21 + }, + "Resolved": true + } + ] + }, + "12": { + "ID": 12, "Name": "MustParse", "RecvType": "", "PkgPath": "golang.org/x/text/language", @@ -27,110 +127,3967 @@ }, "CallSites": [ { - "Parent": 1, - "Name": "MustParse", - "RecvType": "", - "Pos": { - "Filename": "/workspaces/playground/main.go", - "Offset": 98, - "Line": 9, - "Column": 28 - }, - "Resolved": true + "Parent": 3, + "Name": "MustParse", + "RecvType": "", + "Pos": { + "Filename": "/workspaces/govulncheck-action/pkg/text/testcase.go", + "Offset": 102, + "Line": 8, + "Column": 29 + }, + "Resolved": true + } + ] + }, + "13": { + "ID": 13, + "Name": "queryMatches", + "RecvType": "", + "PkgPath": "github.com/tidwall/gjson", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 25066, + "Line": 1265, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 16, + "Name": "queryMatches", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 27271, + "Line": 1377, + "Column": 18 + }, + "Resolved": true + } + ] + }, + "14": { + "ID": 14, + "Name": "yaml_parser_fetch_more_tokens", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 17667, + "Line": 626, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 20, + "Name": "yaml_parser_fetch_more_tokens", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 2220, + "Line": 47, + "Column": 60 + }, + "Resolved": true + } + ] + }, + "15": { + "ID": 15, + "Name": "yaml_parser_roll_indent", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 27804, + "Line": 931, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 56, + "Name": "yaml_parser_roll_indent", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 35945, + "Line": 1239, + "Column": 30 + }, + "Resolved": true + }, + { + "Parent": 57, + "Name": "yaml_parser_roll_indent", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 34648, + "Line": 1196, + "Column": 30 + }, + "Resolved": true + }, + { + "Parent": 58, + "Name": "yaml_parser_roll_indent", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 37172, + "Line": 1283, + "Column": 30 + }, + "Resolved": true + }, + { + "Parent": 58, + "Name": "yaml_parser_roll_indent", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 37897, + "Line": 1308, + "Column": 31 + }, + "Resolved": true + } + ] + }, + "16": { + "ID": 16, + "Name": "parseArray$1", + "RecvType": "", + "PkgPath": "github.com/tidwall/gjson", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 26982, + "Line": 1362, + "Column": 15 + }, + "CallSites": [ + { + "Parent": 17, + "Name": "t21", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 28463, + "Line": 1444, + "Column": 18 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "t21", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 29015, + "Line": 1472, + "Column": 19 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "t21", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 29478, + "Line": 1496, + "Column": 19 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "t21", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 29937, + "Line": 1515, + "Column": 18 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "t21", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 30419, + "Line": 1539, + "Column": 18 + }, + "Resolved": true + } + ] + }, + "17": { + "ID": 17, + "Name": "parseArray", + "RecvType": "", + "PkgPath": "github.com/tidwall/gjson", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 26587, + "Line": 1341, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 8, + "Name": "parseArray", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 39788, + "Line": 1958, + "Column": 13 + }, + "Resolved": true + }, + { + "Parent": 6, + "Name": "parseArray", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 24326, + "Line": 1226, + "Column": 25 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "parseArray", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 29286, + "Line": 1486, + "Column": 25 + }, + "Resolved": true + }, + { + "Parent": 8, + "Name": "parseArray", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 39969, + "Line": 1968, + "Column": 15 + }, + "Resolved": true + } + ] + }, + "18": { + "ID": 18, + "Name": "yaml_parser_fetch_flow_collection_start", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 32018, + "Line": 1099, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 19, + "Name": "yaml_parser_fetch_flow_collection_start", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 20412, + "Line": 722, + "Column": 49 + }, + "Resolved": true + }, + { + "Parent": 19, + "Name": "yaml_parser_fetch_flow_collection_start", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 20595, + "Line": 727, + "Column": 49 + }, + "Resolved": true + } + ] + }, + "19": { + "ID": 19, + "Name": "yaml_parser_fetch_next_token", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 18571, + "Line": 665, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 14, + "Name": "yaml_parser_fetch_next_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 18446, + "Line": 655, + "Column": 35 + }, + "Resolved": true + } + ] + }, + "2": { + "ID": 2, + "Name": "Testcase", + "RecvType": "", + "PkgPath": "github.com/Templum/playground/pkg/json", + "Pos": { + "Filename": "/workspaces/govulncheck-action/pkg/json/testcase.go", + "Offset": 130, + "Line": 10, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 1, + "Name": "Testcase", + "RecvType": "", + "Pos": { + "Filename": "/workspaces/govulncheck-action/main.go", + "Offset": 210, + "Line": 11, + "Column": 15 + }, + "Resolved": true + } + ] + }, + "20": { + "ID": 20, + "Name": "peek_token", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 2111, + "Line": 46, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 21, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 28119, + "Line": 879, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 34, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 23280, + "Line": 734, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 34, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 23428, + "Line": 741, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 35, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 12542, + "Line": 362, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 35, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 13239, + "Line": 391, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 35, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 13503, + "Line": 402, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 35, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 13805, + "Line": 415, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 35, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 13988, + "Line": 423, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 36, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 31112, + "Line": 971, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 36, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 31376, + "Line": 981, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 37, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 20086, + "Line": 632, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 37, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 20241, + "Line": 640, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 45, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 6628, + "Line": 175, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 46, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 7443, + "Line": 200, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 46, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 7635, + "Line": 209, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 46, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 8577, + "Line": 241, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 47, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 32571, + "Line": 1020, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 47, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 33523, + "Line": 1053, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 38, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 29084, + "Line": 906, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 38, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 29194, + "Line": 911, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 38, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 29390, + "Line": 920, + "Column": 23 + }, + "Resolved": true + }, + { + "Parent": 38, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 29819, + "Line": 935, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 39, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 21536, + "Line": 677, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 39, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 21646, + "Line": 682, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 39, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 21793, + "Line": 690, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 40, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 27253, + "Line": 855, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 40, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 27377, + "Line": 861, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 41, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 26456, + "Line": 834, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 42, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 9755, + "Line": 283, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 43, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 24637, + "Line": 772, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 43, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 24746, + "Line": 776, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 43, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 24942, + "Line": 784, + "Column": 23 + }, + "Resolved": true + }, + { + "Parent": 44, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 18526, + "Line": 581, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 44, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 18636, + "Line": 586, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 44, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 18791, + "Line": 594, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 48, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 10591, + "Line": 306, + "Column": 21 + }, + "Resolved": true + } + ] + }, + "21": { + "ID": 21, + "Name": "yaml_parser_parse_flow_sequence_entry_mapping_end", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 27998, + "Line": 878, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_flow_sequence_entry_mapping_end", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 5874, + "Line": 152, + "Column": 59 + }, + "Resolved": true + } + ] + }, + "22": { + "ID": 22, + "Name": "yaml_parser_state_machine", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 3588, + "Line": 93, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 23, + "Name": "yaml_parser_state_machine", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 2972, + "Line": 72, + "Column": 34 + }, + "Resolved": true + } + ] + }, + "23": { + "ID": 23, + "Name": "yaml_parser_parse", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 2611, + "Line": 62, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 24, + "Name": "yaml_parser_parse", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 2134, + "Line": 105, + "Column": 23 + }, + "Resolved": true + }, + { + "Parent": 30, + "Name": "yaml_parser_parse", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 1559, + "Line": 84, + "Column": 24 + }, + "Resolved": true + } + ] + }, + "24": { + "ID": 24, + "Name": "peek", + "RecvType": "*gopkg.in/yaml.v2.parser", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 2026, + "Line": 101, + "Column": 18 + }, + "CallSites": [ + { + "Parent": 25, + "Name": "peek", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4359, + "Line": 205, + "Column": 12 + }, + "Resolved": true + }, + { + "Parent": 29, + "Name": "peek", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4624, + "Line": 216, + "Column": 12 + }, + "Resolved": true + }, + { + "Parent": 26, + "Name": "peek", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 2928, + "Line": 143, + "Column": 15 + }, + "Resolved": true + } + ] + }, + "25": { + "ID": 25, + "Name": "sequence", + "RecvType": "*gopkg.in/yaml.v2.parser", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4236, + "Line": 201, + "Column": 18 + }, + "CallSites": [ + { + "Parent": 26, + "Name": "sequence", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3126, + "Line": 151, + "Column": 20 + }, + "Resolved": true + } + ] + }, + "26": { + "ID": 26, + "Name": "parse", + "RecvType": "*gopkg.in/yaml.v2.parser", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 2888, + "Line": 141, + "Column": 18 + }, + "CallSites": [ + { + "Parent": 27, + "Name": "parse", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/yaml.go", + "Offset": 4508, + "Line": 142, + "Column": 17 + }, + "Resolved": true + }, + { + "Parent": 25, + "Name": "parse", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4432, + "Line": 206, + "Column": 42 + }, + "Resolved": true + }, + { + "Parent": 28, + "Name": "parse", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3703, + "Line": 175, + "Column": 41 + }, + "Resolved": true + }, + { + "Parent": 29, + "Name": "parse", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4696, + "Line": 217, + "Column": 42 + }, + "Resolved": true + }, + { + "Parent": 29, + "Name": "parse", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4707, + "Line": 217, + "Column": 53 + }, + "Resolved": true + } + ] + }, + "27": { + "ID": 27, + "Name": "unmarshal", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/yaml.go", + "Offset": 4340, + "Line": 137, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 7, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/yaml.go", + "Offset": 2826, + "Line": 81, + "Column": 18 + }, + "Resolved": true + } + ] + }, + "28": { + "ID": 28, + "Name": "document", + "RecvType": "*gopkg.in/yaml.v2.parser", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3533, + "Line": 170, + "Column": 18 + }, + "CallSites": [ + { + "Parent": 26, + "Name": "document", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3181, + "Line": 153, + "Column": 20 + }, + "Resolved": true + } + ] + }, + "29": { + "ID": 29, + "Name": "mapping", + "RecvType": "*gopkg.in/yaml.v2.parser", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4504, + "Line": 212, + "Column": 18 + }, + "CallSites": [ + { + "Parent": 26, + "Name": "mapping", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3071, + "Line": 149, + "Column": 19 + }, + "Resolved": true + } + ] + }, + "3": { + "ID": 3, + "Name": "Testcase", + "RecvType": "", + "PkgPath": "github.com/Templum/playground/pkg/text", + "Pos": { + "Filename": "/workspaces/govulncheck-action/pkg/text/testcase.go", + "Offset": 61, + "Line": 7, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 1, + "Name": "Testcase", + "RecvType": "", + "Pos": { + "Filename": "/workspaces/govulncheck-action/main.go", + "Offset": 227, + "Line": 12, + "Column": 15 + }, + "Resolved": true + } + ] + }, + "30": { + "ID": 30, + "Name": "expect", + "RecvType": "*gopkg.in/yaml.v2.parser", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 1471, + "Line": 82, + "Column": 18 + }, + "CallSites": [ + { + "Parent": 25, + "Name": "expect", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4320, + "Line": 204, + "Column": 10 + }, + "Resolved": true + }, + { + "Parent": 25, + "Name": "expect", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4448, + "Line": 208, + "Column": 10 + }, + "Resolved": true + }, + { + "Parent": 28, + "Name": "expect", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3635, + "Line": 174, + "Column": 10 + }, + "Resolved": true + }, + { + "Parent": 28, + "Name": "expect", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3716, + "Line": 176, + "Column": 10 + }, + "Resolved": true + }, + { + "Parent": 29, + "Name": "expect", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4586, + "Line": 215, + "Column": 10 + }, + "Resolved": true + }, + { + "Parent": 29, + "Name": "expect", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4723, + "Line": 219, + "Column": 10 + }, + "Resolved": true + }, + { + "Parent": 31, + "Name": "expect", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4186, + "Line": 197, + "Column": 10 + }, + "Resolved": true + }, + { + "Parent": 32, + "Name": "expect", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3964, + "Line": 187, + "Column": 10 + }, + "Resolved": true + }, + { + "Parent": 33, + "Name": "expect", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 1179, + "Line": 69, + "Column": 10 + }, + "Resolved": true + } + ] + }, + "31": { + "ID": 31, + "Name": "scalar", + "RecvType": "*gopkg.in/yaml.v2.parser", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4013, + "Line": 191, + "Column": 18 + }, + "CallSites": [ + { + "Parent": 26, + "Name": "scalar", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 2975, + "Line": 145, + "Column": 18 + }, + "Resolved": true + } + ] + }, + "32": { + "ID": 32, + "Name": "alias", + "RecvType": "*gopkg.in/yaml.v2.parser", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3772, + "Line": 180, + "Column": 18 + }, + "CallSites": [ + { + "Parent": 26, + "Name": "alias", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3018, + "Line": 147, + "Column": 17 + }, + "Resolved": true + } + ] + }, + "33": { + "ID": 33, + "Name": "init", + "RecvType": "*gopkg.in/yaml.v2.parser", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 1132, + "Line": 65, + "Column": 18 + }, + "CallSites": [ + { + "Parent": 26, + "Name": "init", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 2911, + "Line": 142, + "Column": 8 + }, + "Resolved": true + } + ] + }, + "34": { + "ID": 34, + "Name": "yaml_parser_parse_block_mapping_value", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 23171, + "Line": 733, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_block_mapping_value", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 5244, + "Line": 137, + "Column": 47 + }, + "Resolved": true + } + ] + }, + "35": { + "ID": 35, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 12309, + "Line": 359, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 34, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 23697, + "Line": 749, + "Column": 33 + }, + "Resolved": true + }, + { + "Parent": 36, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 31619, + "Line": 987, + "Column": 33 + }, + "Resolved": true + }, + { + "Parent": 37, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 20560, + "Line": 649, + "Column": 33 + }, + "Resolved": true + }, + { + "Parent": 38, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 30111, + "Line": 943, + "Column": 34 + }, + "Resolved": true + }, + { + "Parent": 38, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 30461, + "Line": 950, + "Column": 33 + }, + "Resolved": true + }, + { + "Parent": 39, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 22064, + "Line": 698, + "Column": 33 + }, + "Resolved": true + }, + { + "Parent": 40, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 27636, + "Line": 867, + "Column": 33 + }, + "Resolved": true + }, + { + "Parent": 22, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 4329, + "Line": 113, + "Column": 32 + }, + "Resolved": true + }, + { + "Parent": 22, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 4448, + "Line": 116, + "Column": 32 + }, + "Resolved": true + }, + { + "Parent": 22, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 4542, + "Line": 119, + "Column": 32 + }, + "Resolved": true + }, + { + "Parent": 41, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 26748, + "Line": 842, + "Column": 32 + }, + "Resolved": true + }, + { + "Parent": 42, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 10237, + "Line": 297, + "Column": 31 + }, + "Resolved": true + }, + { + "Parent": 43, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 25816, + "Line": 810, + "Column": 33 + }, + "Resolved": true + }, + { + "Parent": 44, + "Name": "yaml_parser_parse_node", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 19032, + "Line": 600, + "Column": 33 + }, + "Resolved": true + } + ] + }, + "36": { + "ID": 36, + "Name": "yaml_parser_parse_flow_mapping_value", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 30992, + "Line": 970, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_flow_mapping_value", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 6200, + "Line": 161, + "Column": 46 + }, + "Resolved": true + }, + { + "Parent": 22, + "Name": "yaml_parser_parse_flow_mapping_value", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 6318, + "Line": 164, + "Column": 46 + }, + "Resolved": true + } + ] + }, + "37": { + "ID": 37, + "Name": "yaml_parser_parse_indentless_sequence_entry", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 19971, + "Line": 631, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_indentless_sequence_entry", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 4912, + "Line": 128, + "Column": 53 + }, + "Resolved": true + } + ] + }, + "38": { + "ID": 38, + "Name": "yaml_parser_parse_flow_mapping_key", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 28953, + "Line": 904, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_flow_mapping_key", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 5981, + "Line": 155, + "Column": 44 + }, + "Resolved": true + }, + { + "Parent": 22, + "Name": "yaml_parser_parse_flow_mapping_key", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 6088, + "Line": 158, + "Column": 44 + }, + "Resolved": true + } + ] + }, + "39": { + "ID": 39, + "Name": "yaml_parser_parse_block_mapping_key", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 21404, + "Line": 675, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_block_mapping_key", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 5021, + "Line": 131, + "Column": 45 + }, + "Resolved": true + }, + { + "Parent": 22, + "Name": "yaml_parser_parse_block_mapping_key", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 5130, + "Line": 134, + "Column": 45 + }, + "Resolved": true + } + ] + }, + "4": { + "ID": 4, + "Name": "Testcase", + "RecvType": "", + "PkgPath": "github.com/Templum/playground/pkg/yaml", + "Pos": { + "Filename": "/workspaces/govulncheck-action/pkg/yaml/testcase.go", + "Offset": 306, + "Line": 26, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 1, + "Name": "Testcase", + "RecvType": "", + "Pos": { + "Filename": "/workspaces/govulncheck-action/main.go", + "Offset": 244, + "Line": 13, + "Column": 15 + }, + "Resolved": true + } + ] + }, + "40": { + "ID": 40, + "Name": "yaml_parser_parse_flow_sequence_entry_mapping_value", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 27130, + "Line": 854, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_flow_sequence_entry_mapping_value", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 5743, + "Line": 149, + "Column": 61 + }, + "Resolved": true + } + ] + }, + "41": { + "ID": 41, + "Name": "yaml_parser_parse_flow_sequence_entry_mapping_key", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 26335, + "Line": 833, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_flow_sequence_entry_mapping_key", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 5608, + "Line": 146, + "Column": 59 + }, + "Resolved": true + } + ] + }, + "42": { + "ID": 42, + "Name": "yaml_parser_parse_document_content", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 9649, + "Line": 282, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_document_content", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 4153, + "Line": 107, + "Column": 44 + }, + "Resolved": true + } + ] + }, + "43": { + "ID": 43, + "Name": "yaml_parser_parse_flow_sequence_entry", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 24503, + "Line": 770, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_flow_sequence_entry", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 5357, + "Line": 140, + "Column": 47 + }, + "Resolved": true + }, + { + "Parent": 22, + "Name": "yaml_parser_parse_flow_sequence_entry", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 5470, + "Line": 143, + "Column": 47 + }, + "Resolved": true + } + ] + }, + "44": { + "ID": 44, + "Name": "yaml_parser_parse_block_sequence_entry", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 18391, + "Line": 579, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_block_sequence_entry", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 4671, + "Line": 122, + "Column": 48 + }, + "Resolved": true + }, + { + "Parent": 22, + "Name": "yaml_parser_parse_block_sequence_entry", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 4786, + "Line": 125, + "Column": 48 + }, + "Resolved": true + } + ] + }, + "45": { + "ID": 45, + "Name": "yaml_parser_parse_stream_start", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 6526, + "Line": 174, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_stream_start", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 3836, + "Line": 98, + "Column": 40 + }, + "Resolved": true + } + ] + }, + "46": { + "ID": 46, + "Name": "yaml_parser_parse_document_start", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 7323, + "Line": 198, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_document_start", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 3942, + "Line": 101, + "Column": 42 + }, + "Resolved": true + }, + { + "Parent": 22, + "Name": "yaml_parser_parse_document_start", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 4045, + "Line": 104, + "Column": 42 + }, + "Resolved": true + } + ] + }, + "47": { + "ID": 47, + "Name": "yaml_parser_process_directives", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 32300, + "Line": 1013, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 46, + "Name": "yaml_parser_process_directives", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 7951, + "Line": 221, + "Column": 37 + }, + "Resolved": true + }, + { + "Parent": 46, + "Name": "yaml_parser_process_directives", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 8489, + "Line": 238, + "Column": 37 + }, + "Resolved": true + } + ] + }, + "48": { + "ID": 48, + "Name": "yaml_parser_parse_document_end", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 10489, + "Line": 305, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "yaml_parser_parse_document_end", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 4246, + "Line": 110, + "Column": 40 + }, + "Resolved": true + } + ] + }, + "49": { + "ID": 49, + "Name": "document", + "RecvType": "*gopkg.in/yaml.v2.decoder", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 7917, + "Line": 341, + "Column": 19 + }, + "CallSites": [ + { + "Parent": 9, + "Name": "document", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 7511, + "Line": 320, + "Column": 20 + }, + "Resolved": true + } + ] + }, + "5": { + "ID": 5, + "Name": "yaml_parser_increase_flow_level", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 27111, + "Line": 910, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 18, + "Name": "yaml_parser_increase_flow_level", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 32293, + "Line": 1106, + "Column": 37 + }, + "Resolved": true + } + ] + }, + "50": { + "ID": 50, + "Name": "merge", + "RecvType": "*gopkg.in/yaml.v2.decoder", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 17803, + "Line": 744, + "Column": 19 + }, + "CallSites": [ + { + "Parent": 51, + "Name": "merge", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 14719, + "Line": 621, + "Column": 11 + }, + "Resolved": true + }, + { + "Parent": 52, + "Name": "merge", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 16710, + "Line": 705, + "Column": 11 + }, + "Resolved": true + }, + { + "Parent": 53, + "Name": "merge", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 15783, + "Line": 665, + "Column": 11 + }, + "Resolved": true + } + ] + }, + "51": { + "ID": 51, + "Name": "mapping", + "RecvType": "*gopkg.in/yaml.v2.decoder", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 13861, + "Line": 581, + "Column": 19 + }, + "CallSites": [ + { + "Parent": 9, + "Name": "mapping", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 7743, + "Line": 332, + "Column": 19 + }, + "Resolved": true + } + ] + }, + "52": { + "ID": 52, + "Name": "mappingStruct", + "RecvType": "*gopkg.in/yaml.v2.decoder", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 16136, + "Line": 682, + "Column": 19 + }, + "CallSites": [ + { + "Parent": 51, + "Name": "mappingStruct", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 13978, + "Line": 584, + "Column": 25 + }, + "Resolved": true + } + ] + }, + "53": { + "ID": 53, + "Name": "mappingSlice", + "RecvType": "*gopkg.in/yaml.v2.decoder", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 15467, + "Line": 651, + "Column": 19 + }, + "CallSites": [ + { + "Parent": 51, + "Name": "mappingSlice", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 14031, + "Line": 586, + "Column": 24 + }, + "Resolved": true + }, + { + "Parent": 51, + "Name": "mappingSlice", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 14278, + "Line": 596, + "Column": 22 + }, + "Resolved": true + } + ] + }, + "54": { + "ID": 54, + "Name": "alias", + "RecvType": "*gopkg.in/yaml.v2.decoder", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 8093, + "Line": 350, + "Column": 19 + }, + "CallSites": [ + { + "Parent": 9, + "Name": "alias", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 7553, + "Line": 322, + "Column": 17 + }, + "Resolved": true + } + ] + }, + "55": { + "ID": 55, + "Name": "sequence", + "RecvType": "*gopkg.in/yaml.v2.decoder", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 13038, + "Line": 543, + "Column": 19 + }, + "CallSites": [ + { + "Parent": 9, + "Name": "sequence", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 7791, + "Line": 334, + "Column": 20 + }, + "Resolved": true + } + ] + }, + "56": { + "ID": 56, + "Name": "yaml_parser_fetch_key", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 35499, + "Line": 1229, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 19, + "Name": "yaml_parser_fetch_key", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 21495, + "Line": 754, + "Column": 31 + }, + "Resolved": true + } + ] + }, + "57": { + "ID": 57, + "Name": "yaml_parser_fetch_block_entry", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 34213, + "Line": 1187, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 19, + "Name": "yaml_parser_fetch_block_entry", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 21301, + "Line": 749, + "Column": 39 + }, + "Resolved": true + } + ] + }, + "58": { + "ID": 58, + "Name": "yaml_parser_fetch_value", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 36627, + "Line": 1268, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 19, + "Name": "yaml_parser_fetch_value", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 21693, + "Line": 759, + "Column": 33 + }, + "Resolved": true + } + ] + }, + "6": { + "ID": 6, + "Name": "parseObject", + "RecvType": "", + "PkgPath": "github.com/tidwall/gjson", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 21927, + "Line": 1114, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 17, + "Name": "parseObject", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 28823, + "Line": 1462, + "Column": 26 + }, + "Resolved": true + }, + { + "Parent": 6, + "Name": "parseObject", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 24057, + "Line": 1212, + "Column": 26 + }, + "Resolved": true + }, + { + "Parent": 8, + "Name": "parseObject", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 39894, + "Line": 1963, + "Column": 16 + }, + "Resolved": true + } + ] + }, + "7": { + "ID": 7, + "Name": "Unmarshal", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/yaml.go", + "Offset": 2757, + "Line": 80, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 4, + "Name": "Unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/workspaces/govulncheck-action/pkg/yaml/testcase.go", + "Offset": 348, + "Line": 28, + "Column": 20 + }, + "Resolved": true + } + ] + }, + "8": { + "ID": 8, + "Name": "Get", + "RecvType": "", + "PkgPath": "github.com/tidwall/gjson", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 37859, + "Line": 1873, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 2, + "Name": "Get", + "RecvType": "", + "Pos": { + "Filename": "/workspaces/govulncheck-action/pkg/json/testcase.go", + "Offset": 162, + "Line": 11, + "Column": 20 + }, + "Resolved": true + }, + { + "Parent": 11, + "Name": "Get", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 5781, + "Line": 297, + "Column": 12 + }, + "Resolved": true + }, + { + "Parent": 8, + "Name": "Get", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 38198, + "Line": 1885, + "Column": 17 + }, + "Resolved": true + }, + { + "Parent": 8, + "Name": "Get", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 38654, + "Line": 1905, + "Column": 17 + }, + "Resolved": true + } + ] + }, + "9": { + "ID": 9, + "Name": "unmarshal", + "RecvType": "*gopkg.in/yaml.v2.decoder", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 7403, + "Line": 317, + "Column": 19 + }, + "CallSites": [ + { + "Parent": 27, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/yaml.go", + "Offset": 4635, + "Line": 148, + "Column": 14 + }, + "Resolved": true + }, + { + "Parent": 49, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 8020, + "Line": 344, + "Column": 14 + }, + "Resolved": true + }, + { + "Parent": 50, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 17888, + "Line": 747, + "Column": 14 + }, + "Resolved": true + }, + { + "Parent": 50, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 18019, + "Line": 753, + "Column": 14 + }, + "Resolved": true + }, + { + "Parent": 50, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 18376, + "Line": 766, + "Column": 15 + }, + "Resolved": true + }, + { + "Parent": 52, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 16766, + "Line": 708, + "Column": 18 + }, + "Resolved": true + }, + { + "Parent": 52, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 17240, + "Line": 725, + "Column": 15 + }, + "Resolved": true + }, + { + "Parent": 52, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 17440, + "Line": 731, + "Column": 15 + }, + "Resolved": true + }, + { + "Parent": 53, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 15899, + "Line": 670, + "Column": 17 + }, + "Resolved": true + }, + { + "Parent": 53, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 15981, + "Line": 672, + "Column": 18 + }, + "Resolved": true + }, + { + "Parent": 51, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 14804, + "Line": 625, + "Column": 17 + }, + "Resolved": true + }, + { + "Parent": 51, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 15071, + "Line": 634, + "Column": 18 + }, + "Resolved": true + }, + { + "Parent": 54, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 8321, + "Line": 356, + "Column": 20 + }, + "Resolved": true + }, + { + "Parent": 55, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 13659, + "Line": 567, + "Column": 23 + }, + "Resolved": true + } + ] + } + }, + "Entries": [ + 1, + 2, + 3, + 4 + ] + }, + "Imports": { + "Packages": { + "1": { + "ID": 1, + "Name": "gjson", + "Path": "github.com/tidwall/gjson", + "Module": 1, + "ImportedBy": [ + 2 + ] + }, + "2": { + "ID": 2, + "Name": "json", + "Path": "github.com/Templum/playground/pkg/json", + "Module": 2, + "ImportedBy": [ + 7 + ] + }, + "3": { + "ID": 3, + "Name": "language", + "Path": "golang.org/x/text/language", + "Module": 3, + "ImportedBy": [ + 4, + 7 + ] + }, + "4": { + "ID": 4, + "Name": "text", + "Path": "github.com/Templum/playground/pkg/text", + "Module": 2, + "ImportedBy": [ + 7 + ] + }, + "5": { + "ID": 5, + "Name": "yaml", + "Path": "gopkg.in/yaml.v2", + "Module": 4, + "ImportedBy": [ + 6 + ] + }, + "6": { + "ID": 6, + "Name": "yaml", + "Path": "github.com/Templum/playground/pkg/yaml", + "Module": 2, + "ImportedBy": [ + 7 + ] + }, + "7": { + "ID": 7, + "Name": "main", + "Path": "github.com/Templum/playground", + "Module": 2, + "ImportedBy": null + } + }, + "Entries": [ + 7, + 2, + 4, + 6 + ] + }, + "Requires": { + "Modules": { + "1": { + "ID": 1, + "Path": "github.com/tidwall/gjson", + "Version": "v1.6.4", + "Replace": 0, + "RequiredBy": [ + 2 + ] + }, + "2": { + "ID": 2, + "Path": "github.com/Templum/playground", + "Version": "", + "Replace": 0, + "RequiredBy": null + }, + "3": { + "ID": 3, + "Path": "golang.org/x/text", + "Version": "v0.3.6", + "Replace": 0, + "RequiredBy": [ + 2 + ] + }, + "4": { + "ID": 4, + "Path": "gopkg.in/yaml.v2", + "Version": "v2.2.0", + "Replace": 0, + "RequiredBy": [ + 2 + ] + } + }, + "Entries": [ + 2 + ] + }, + "Vulns": [ + { + "OSV": { + "id": "GO-2022-0957", + "published": "2022-08-25T06:28:20Z", + "modified": "2022-08-29T16:50:59Z", + "aliases": [ + "CVE-2020-36066", + "GHSA-wjm3-fq3r-5x46" + ], + "details": "A maliciously crafted JSON input can cause a denial of service attack.", + "affected": [ + { + "package": { + "name": "github.com/tidwall/gjson", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.6.5" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0957" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/tidwall/gjson", + "symbols": [ + "Get", + "GetBytes", + "GetMany", + "GetManyBytes", + "Result.Get", + "parseObject", + "queryMatches" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/commit/9f58baa7a613f89dfdc764c39e47fd3a15606153" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/issues/195" + } + ] + }, + "Symbol": "Get", + "PkgPath": "github.com/tidwall/gjson", + "ModPath": "github.com/tidwall/gjson", + "CallSink": 8, + "ImportSink": 1, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-0957", + "published": "2022-08-25T06:28:20Z", + "modified": "2022-08-29T16:50:59Z", + "aliases": [ + "CVE-2020-36066", + "GHSA-wjm3-fq3r-5x46" + ], + "details": "A maliciously crafted JSON input can cause a denial of service attack.", + "affected": [ + { + "package": { + "name": "github.com/tidwall/gjson", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.6.5" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0957" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/tidwall/gjson", + "symbols": [ + "Get", + "GetBytes", + "GetMany", + "GetManyBytes", + "Result.Get", + "parseObject", + "queryMatches" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/commit/9f58baa7a613f89dfdc764c39e47fd3a15606153" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/issues/195" + } + ] + }, + "Symbol": "Result.Get", + "PkgPath": "github.com/tidwall/gjson", + "ModPath": "github.com/tidwall/gjson", + "CallSink": 11, + "ImportSink": 1, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-0957", + "published": "2022-08-25T06:28:20Z", + "modified": "2022-08-29T16:50:59Z", + "aliases": [ + "CVE-2020-36066", + "GHSA-wjm3-fq3r-5x46" + ], + "details": "A maliciously crafted JSON input can cause a denial of service attack.", + "affected": [ + { + "package": { + "name": "github.com/tidwall/gjson", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.6.5" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0957" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/tidwall/gjson", + "symbols": [ + "Get", + "GetBytes", + "GetMany", + "GetManyBytes", + "Result.Get", + "parseObject", + "queryMatches" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/commit/9f58baa7a613f89dfdc764c39e47fd3a15606153" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/issues/195" + } + ] + }, + "Symbol": "parseObject", + "PkgPath": "github.com/tidwall/gjson", + "ModPath": "github.com/tidwall/gjson", + "CallSink": 6, + "ImportSink": 1, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-0957", + "published": "2022-08-25T06:28:20Z", + "modified": "2022-08-29T16:50:59Z", + "aliases": [ + "CVE-2020-36066", + "GHSA-wjm3-fq3r-5x46" + ], + "details": "A maliciously crafted JSON input can cause a denial of service attack.", + "affected": [ + { + "package": { + "name": "github.com/tidwall/gjson", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.6.5" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0957" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/tidwall/gjson", + "symbols": [ + "Get", + "GetBytes", + "GetMany", + "GetManyBytes", + "Result.Get", + "parseObject", + "queryMatches" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/commit/9f58baa7a613f89dfdc764c39e47fd3a15606153" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/issues/195" + } + ] + }, + "Symbol": "queryMatches", + "PkgPath": "github.com/tidwall/gjson", + "ModPath": "github.com/tidwall/gjson", + "CallSink": 13, + "ImportSink": 1, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-0956", + "published": "2022-08-29T22:15:46Z", + "modified": "2022-08-30T18:28:49Z", + "aliases": [ + "CVE-2022-3064" + ], + "details": "Parsing malicious or large YAML documents can consume excessive amounts of\nCPU or memory.\n", + "affected": [ + { + "package": { + "name": "gopkg.in/yaml.v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.2.4" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0956" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "gopkg.in/yaml.v2", + "symbols": [ + "Decoder.Decode", + "Unmarshal", + "UnmarshalStrict", + "decoder.unmarshal", + "yaml_parser_increase_flow_level", + "yaml_parser_roll_indent" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5" + }, + { + "type": "WEB", + "url": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4" + } + ] + }, + "Symbol": "Unmarshal", + "PkgPath": "gopkg.in/yaml.v2", + "ModPath": "gopkg.in/yaml.v2", + "CallSink": 7, + "ImportSink": 5, + "RequireSink": 4 + }, + { + "OSV": { + "id": "GO-2022-0956", + "published": "2022-08-29T22:15:46Z", + "modified": "2022-08-30T18:28:49Z", + "aliases": [ + "CVE-2022-3064" + ], + "details": "Parsing malicious or large YAML documents can consume excessive amounts of\nCPU or memory.\n", + "affected": [ + { + "package": { + "name": "gopkg.in/yaml.v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.2.4" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0956" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "gopkg.in/yaml.v2", + "symbols": [ + "Decoder.Decode", + "Unmarshal", + "UnmarshalStrict", + "decoder.unmarshal", + "yaml_parser_increase_flow_level", + "yaml_parser_roll_indent" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5" + }, + { + "type": "WEB", + "url": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4" + } + ] + }, + "Symbol": "yaml_parser_roll_indent", + "PkgPath": "gopkg.in/yaml.v2", + "ModPath": "gopkg.in/yaml.v2", + "CallSink": 15, + "ImportSink": 5, + "RequireSink": 4 + }, + { + "OSV": { + "id": "GO-2022-0956", + "published": "2022-08-29T22:15:46Z", + "modified": "2022-08-30T18:28:49Z", + "aliases": [ + "CVE-2022-3064" + ], + "details": "Parsing malicious or large YAML documents can consume excessive amounts of\nCPU or memory.\n", + "affected": [ + { + "package": { + "name": "gopkg.in/yaml.v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.2.4" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0956" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "gopkg.in/yaml.v2", + "symbols": [ + "Decoder.Decode", + "Unmarshal", + "UnmarshalStrict", + "decoder.unmarshal", + "yaml_parser_increase_flow_level", + "yaml_parser_roll_indent" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5" + }, + { + "type": "WEB", + "url": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4" + } + ] + }, + "Symbol": "yaml_parser_increase_flow_level", + "PkgPath": "gopkg.in/yaml.v2", + "ModPath": "gopkg.in/yaml.v2", + "CallSink": 5, + "ImportSink": 5, + "RequireSink": 4 + }, + { + "OSV": { + "id": "GO-2022-0956", + "published": "2022-08-29T22:15:46Z", + "modified": "2022-08-30T18:28:49Z", + "aliases": [ + "CVE-2022-3064" + ], + "details": "Parsing malicious or large YAML documents can consume excessive amounts of\nCPU or memory.\n", + "affected": [ + { + "package": { + "name": "gopkg.in/yaml.v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.2.4" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0956" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "gopkg.in/yaml.v2", + "symbols": [ + "Decoder.Decode", + "Unmarshal", + "UnmarshalStrict", + "decoder.unmarshal", + "yaml_parser_increase_flow_level", + "yaml_parser_roll_indent" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5" + }, + { + "type": "WEB", + "url": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4" + } + ] + }, + "Symbol": "decoder.unmarshal", + "PkgPath": "gopkg.in/yaml.v2", + "ModPath": "gopkg.in/yaml.v2", + "CallSink": 9, + "ImportSink": 5, + "RequireSink": 4 + }, + { + "OSV": { + "id": "GO-2021-0265", + "published": "2022-08-15T18:06:07Z", + "modified": "2022-08-29T16:50:59Z", + "aliases": [ + "CVE-2021-42248", + "CVE-2021-42836", + "GHSA-c9gm-7rfj-8w5h", + "GHSA-ppj4-34rq-v8j9" + ], + "details": "A maliciously crafted path can cause Get and other query functions\nto consume excessive amounts of CPU and time.\n", + "affected": [ + { + "package": { + "name": "github.com/tidwall/gjson", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.9.3" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2021-0265" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/tidwall/gjson", + "symbols": [ + "Get", + "GetBytes", + "GetMany", + "GetManyBytes", + "Result.Get", + "parseObject", + "queryMatches" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/issues/237" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/issues/236" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944" + } + ] + }, + "Symbol": "Result.Get", + "PkgPath": "github.com/tidwall/gjson", + "ModPath": "github.com/tidwall/gjson", + "CallSink": 11, + "ImportSink": 1, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2021-0265", + "published": "2022-08-15T18:06:07Z", + "modified": "2022-08-29T16:50:59Z", + "aliases": [ + "CVE-2021-42248", + "CVE-2021-42836", + "GHSA-c9gm-7rfj-8w5h", + "GHSA-ppj4-34rq-v8j9" + ], + "details": "A maliciously crafted path can cause Get and other query functions\nto consume excessive amounts of CPU and time.\n", + "affected": [ + { + "package": { + "name": "github.com/tidwall/gjson", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.9.3" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2021-0265" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/tidwall/gjson", + "symbols": [ + "Get", + "GetBytes", + "GetMany", + "GetManyBytes", + "Result.Get", + "parseObject", + "queryMatches" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/issues/237" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/issues/236" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944" + } + ] + }, + "Symbol": "parseObject", + "PkgPath": "github.com/tidwall/gjson", + "ModPath": "github.com/tidwall/gjson", + "CallSink": 6, + "ImportSink": 1, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2021-0265", + "published": "2022-08-15T18:06:07Z", + "modified": "2022-08-29T16:50:59Z", + "aliases": [ + "CVE-2021-42248", + "CVE-2021-42836", + "GHSA-c9gm-7rfj-8w5h", + "GHSA-ppj4-34rq-v8j9" + ], + "details": "A maliciously crafted path can cause Get and other query functions\nto consume excessive amounts of CPU and time.\n", + "affected": [ + { + "package": { + "name": "github.com/tidwall/gjson", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.9.3" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2021-0265" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/tidwall/gjson", + "symbols": [ + "Get", + "GetBytes", + "GetMany", + "GetManyBytes", + "Result.Get", + "parseObject", + "queryMatches" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/issues/237" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/issues/236" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944" + } + ] + }, + "Symbol": "queryMatches", + "PkgPath": "github.com/tidwall/gjson", + "ModPath": "github.com/tidwall/gjson", + "CallSink": 13, + "ImportSink": 1, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2021-0265", + "published": "2022-08-15T18:06:07Z", + "modified": "2022-08-29T16:50:59Z", + "aliases": [ + "CVE-2021-42248", + "CVE-2021-42836", + "GHSA-c9gm-7rfj-8w5h", + "GHSA-ppj4-34rq-v8j9" + ], + "details": "A maliciously crafted path can cause Get and other query functions\nto consume excessive amounts of CPU and time.\n", + "affected": [ + { + "package": { + "name": "github.com/tidwall/gjson", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.9.3" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2021-0265" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/tidwall/gjson", + "symbols": [ + "Get", + "GetBytes", + "GetMany", + "GetManyBytes", + "Result.Get", + "parseObject", + "queryMatches" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/issues/237" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/issues/236" + }, + { + "type": "WEB", + "url": "https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944" + } + ] + }, + "Symbol": "Get", + "PkgPath": "github.com/tidwall/gjson", + "ModPath": "github.com/tidwall/gjson", + "CallSink": 8, + "ImportSink": 1, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2021-0113", + "published": "2021-10-06T17:51:21Z", + "modified": "2022-08-29T16:50:59Z", + "aliases": [ + "CVE-2021-38561" + ], + "details": "Due to improper index calculation, an incorrectly formatted language tag can cause Parse\nto panic via an out of bounds read. If Parse is used to process untrusted user inputs,\nthis may be used as a vector for a denial of service attack.\n", + "affected": [ + { + "package": { + "name": "golang.org/x/text", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.3.7" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2021-0113" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "golang.org/x/text/language", + "symbols": [ + "MatchStrings", + "MustParse", + "Parse", + "ParseAcceptLanguage" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://go.dev/cl/340830" + }, + { + "type": "FIX", + "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f" + } + ] + }, + "Symbol": "MustParse", + "PkgPath": "golang.org/x/text/language", + "ModPath": "golang.org/x/text", + "CallSink": 12, + "ImportSink": 3, + "RequireSink": 3 + }, + { + "OSV": { + "id": "GO-2021-0113", + "published": "2021-10-06T17:51:21Z", + "modified": "2022-08-29T16:50:59Z", + "aliases": [ + "CVE-2021-38561" + ], + "details": "Due to improper index calculation, an incorrectly formatted language tag can cause Parse\nto panic via an out of bounds read. If Parse is used to process untrusted user inputs,\nthis may be used as a vector for a denial of service attack.\n", + "affected": [ + { + "package": { + "name": "golang.org/x/text", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.3.7" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2021-0113" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "golang.org/x/text/language", + "symbols": [ + "MatchStrings", + "MustParse", + "Parse", + "ParseAcceptLanguage" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://go.dev/cl/340830" + }, + { + "type": "FIX", + "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f" + } + ] + }, + "Symbol": "Parse", + "PkgPath": "golang.org/x/text/language", + "ModPath": "golang.org/x/text", + "CallSink": 10, + "ImportSink": 3, + "RequireSink": 3 + }, + { + "OSV": { + "id": "GO-2021-0061", + "published": "2021-04-14T20:04:52Z", + "modified": "2022-08-29T16:50:59Z", + "aliases": [ + "CVE-2021-4235" + ], + "details": "Due to unbounded alias chasing, a maliciously crafted YAML file\ncan cause the system to consume significant system resources. If\nparsing user input, this may be used as a denial of service vector.\n", + "affected": [ + { + "package": { + "name": "gopkg.in/yaml.v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.2.3" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2021-0061" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "gopkg.in/yaml.v2", + "symbols": [ + "Decoder.Decode", + "Unmarshal", + "UnmarshalStrict", + "decoder.unmarshal" + ] + } + ] + } + }, + { + "package": { + "name": "github.com/go-yaml/yaml", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2021-0061" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/go-yaml/yaml", + "symbols": [ + "Decoder.Decode", + "Unmarshal", + "UnmarshalStrict", + "decoder.unmarshal" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/go-yaml/yaml/pull/375" + }, + { + "type": "FIX", + "url": "https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241" } ] }, - "3": { - "ID": 3, - "Name": "Parse", - "RecvType": "", - "PkgPath": "golang.org/x/text/language", - "Pos": { - "Filename": "/go/pkg/mod/golang.org/x/text@v0.3.6/language/parse.go", - "Offset": 1121, - "Line": 33, - "Column": 6 - }, - "CallSites": [ + "Symbol": "decoder.unmarshal", + "PkgPath": "gopkg.in/yaml.v2", + "ModPath": "gopkg.in/yaml.v2", + "CallSink": 9, + "ImportSink": 5, + "RequireSink": 4 + }, + { + "OSV": { + "id": "GO-2021-0061", + "published": "2021-04-14T20:04:52Z", + "modified": "2022-08-29T16:50:59Z", + "aliases": [ + "CVE-2021-4235" + ], + "details": "Due to unbounded alias chasing, a maliciously crafted YAML file\ncan cause the system to consume significant system resources. If\nparsing user input, this may be used as a denial of service vector.\n", + "affected": [ { - "Parent": 2, - "Name": "Parse", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/golang.org/x/text@v0.3.6/language/tags.go", - "Offset": 469, - "Line": 14, - "Column": 17 + "package": { + "name": "gopkg.in/yaml.v2", + "ecosystem": "Go" }, - "Resolved": true + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.2.3" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2021-0061" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "gopkg.in/yaml.v2", + "symbols": [ + "Decoder.Decode", + "Unmarshal", + "UnmarshalStrict", + "decoder.unmarshal" + ] + } + ] + } + }, + { + "package": { + "name": "github.com/go-yaml/yaml", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2021-0061" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/go-yaml/yaml", + "symbols": [ + "Decoder.Decode", + "Unmarshal", + "UnmarshalStrict", + "decoder.unmarshal" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://github.com/go-yaml/yaml/pull/375" + }, + { + "type": "FIX", + "url": "https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241" } - ] - } - }, - "Entries": [ - 1 - ] - }, - "Imports": { - "Packages": { - "1": { - "ID": 1, - "Name": "language", - "Path": "golang.org/x/text/language", - "Module": 1, - "ImportedBy": [ - 2 - ] - }, - "2": { - "ID": 2, - "Name": "main", - "Path": "github.com/Templum/playground", - "Module": 2, - "ImportedBy": null - } - }, - "Entries": [ - 2 - ] - }, - "Requires": { - "Modules": { - "1": { - "ID": 1, - "Path": "golang.org/x/text", - "Version": "v0.3.6", - "Replace": 0, - "RequiredBy": [ - 2 ] }, - "2": { - "ID": 2, - "Path": "github.com/Templum/playground", - "Version": "", - "Replace": 0, - "RequiredBy": null - } + "Symbol": "Unmarshal", + "PkgPath": "gopkg.in/yaml.v2", + "ModPath": "gopkg.in/yaml.v2", + "CallSink": 7, + "ImportSink": 5, + "RequireSink": 4 }, - "Entries": [ - 2 - ] - }, - "Vulns": [ { "OSV": { - "id": "GO-2021-0113", - "published": "2021-10-06T17:51:21Z", + "id": "GO-2020-0036", + "published": "2021-04-14T20:04:52Z", "modified": "2022-08-29T16:50:59Z", "aliases": [ - "CVE-2021-38561" + "CVE-2019-11254", + "GHSA-wxc4-f4m6-wwqv" ], - "details": "Due to improper index calculation, an incorrectly formatted language tag can cause Parse\nto panic via an out of bounds read. If Parse is used to process untrusted user inputs,\nthis may be used as a vector for a denial of service attack.\n", + "details": "Due to unbounded aliasing, a crafted YAML file can cause consumption\nof significant system resources. If parsing user supplied input, this\nmay be used as a denial of service vector.\n", "affected": [ { "package": { - "name": "golang.org/x/text", + "name": "gopkg.in/yaml.v2", "ecosystem": "Go" }, "ranges": [ @@ -141,23 +4098,55 @@ "introduced": "0" }, { - "fixed": "0.3.7" + "fixed": "2.2.8" } ] } ], "database_specific": { - "url": "https://pkg.go.dev/vuln/GO-2021-0113" + "url": "https://pkg.go.dev/vuln/GO-2020-0036" }, "ecosystem_specific": { "imports": [ { - "path": "golang.org/x/text/language", + "path": "gopkg.in/yaml.v2", "symbols": [ - "MatchStrings", - "MustParse", - "Parse", - "ParseAcceptLanguage" + "Decoder.Decode", + "Unmarshal", + "UnmarshalStrict", + "yaml_parser_fetch_more_tokens" + ] + } + ] + } + }, + { + "package": { + "name": "github.com/go-yaml/yaml", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2020-0036" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/go-yaml/yaml", + "symbols": [ + "Decoder.Decode", + "Unmarshal", + "UnmarshalStrict", + "yaml_parser_fetch_more_tokens" ] } ] @@ -167,34 +4156,39 @@ "references": [ { "type": "FIX", - "url": "https://go.dev/cl/340830" + "url": "https://github.com/go-yaml/yaml/pull/555" }, { "type": "FIX", - "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f" + "url": "https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48" + }, + { + "type": "WEB", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496" } ] }, - "Symbol": "MustParse", - "PkgPath": "golang.org/x/text/language", - "ModPath": "golang.org/x/text", - "CallSink": 2, - "ImportSink": 1, - "RequireSink": 1 + "Symbol": "yaml_parser_fetch_more_tokens", + "PkgPath": "gopkg.in/yaml.v2", + "ModPath": "gopkg.in/yaml.v2", + "CallSink": 14, + "ImportSink": 5, + "RequireSink": 4 }, { "OSV": { - "id": "GO-2021-0113", - "published": "2021-10-06T17:51:21Z", + "id": "GO-2020-0036", + "published": "2021-04-14T20:04:52Z", "modified": "2022-08-29T16:50:59Z", "aliases": [ - "CVE-2021-38561" + "CVE-2019-11254", + "GHSA-wxc4-f4m6-wwqv" ], - "details": "Due to improper index calculation, an incorrectly formatted language tag can cause Parse\nto panic via an out of bounds read. If Parse is used to process untrusted user inputs,\nthis may be used as a vector for a denial of service attack.\n", + "details": "Due to unbounded aliasing, a crafted YAML file can cause consumption\nof significant system resources. If parsing user supplied input, this\nmay be used as a denial of service vector.\n", "affected": [ { "package": { - "name": "golang.org/x/text", + "name": "gopkg.in/yaml.v2", "ecosystem": "Go" }, "ranges": [ @@ -205,23 +4199,55 @@ "introduced": "0" }, { - "fixed": "0.3.7" + "fixed": "2.2.8" } ] } ], "database_specific": { - "url": "https://pkg.go.dev/vuln/GO-2021-0113" + "url": "https://pkg.go.dev/vuln/GO-2020-0036" }, "ecosystem_specific": { "imports": [ { - "path": "golang.org/x/text/language", + "path": "gopkg.in/yaml.v2", "symbols": [ - "MatchStrings", - "MustParse", - "Parse", - "ParseAcceptLanguage" + "Decoder.Decode", + "Unmarshal", + "UnmarshalStrict", + "yaml_parser_fetch_more_tokens" + ] + } + ] + } + }, + { + "package": { + "name": "github.com/go-yaml/yaml", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2020-0036" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/go-yaml/yaml", + "symbols": [ + "Decoder.Decode", + "Unmarshal", + "UnmarshalStrict", + "yaml_parser_fetch_more_tokens" ] } ] @@ -231,20 +4257,24 @@ "references": [ { "type": "FIX", - "url": "https://go.dev/cl/340830" + "url": "https://github.com/go-yaml/yaml/pull/555" }, { "type": "FIX", - "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f" + "url": "https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48" + }, + { + "type": "WEB", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496" } ] }, - "Symbol": "Parse", - "PkgPath": "golang.org/x/text/language", - "ModPath": "golang.org/x/text", - "CallSink": 3, - "ImportSink": 1, - "RequireSink": 1 + "Symbol": "Unmarshal", + "PkgPath": "gopkg.in/yaml.v2", + "ModPath": "gopkg.in/yaml.v2", + "CallSink": 7, + "ImportSink": 5, + "RequireSink": 4 } ], "Modules": [ @@ -254,12 +4284,36 @@ "Dir": "", "Replace": null }, + { + "Path": "github.com/tidwall/gjson", + "Version": "v1.6.4", + "Dir": "", + "Replace": null + }, + { + "Path": "github.com/tidwall/match", + "Version": "v1.0.1", + "Dir": "", + "Replace": null + }, + { + "Path": "github.com/tidwall/pretty", + "Version": "v1.0.2", + "Dir": "", + "Replace": null + }, { "Path": "golang.org/x/text", "Version": "v0.3.6", "Dir": "", "Replace": null }, + { + "Path": "gopkg.in/yaml.v2", + "Version": "v2.2.0", + "Dir": "", + "Replace": null + }, { "Path": "stdlib", "Version": "v1.19.1", diff --git a/main.go b/main.go index 54a8bd1..ecebdbd 100644 --- a/main.go +++ b/main.go @@ -11,25 +11,30 @@ import ( func main() { scanner := vulncheck.NewScanner() + + if os.Getenv("LOCAL") == "true" { + scanner = vulncheck.NewLocalScanner() + } + reporter := sarif.NewSarifReporter() converter := vulncheck.NewVulncheckConverter(reporter) github := github.NewSarifUploader() result, err := scanner.Scan() if err != nil { - fmt.Println(err) // TODO: Start using proper logger + fmt.Printf("%v \n", err) // TODO: Start using proper logger os.Exit(2) } err = converter.Convert(result) if err != nil { - fmt.Println(err) // TODO: Start using proper logger + fmt.Printf("%v \n", err) // TODO: Start using proper logger os.Exit(2) } err = github.UploadReport(reporter) if err != nil { - fmt.Println(err) // TODO: Start using proper logger + fmt.Printf("%v \n", err) // TODO: Start using proper logger os.Exit(2) } diff --git a/pkg/sarif/reporter.go b/pkg/sarif/reporter.go index 2528e6d..0712c48 100644 --- a/pkg/sarif/reporter.go +++ b/pkg/sarif/reporter.go @@ -3,6 +3,8 @@ package sarif import ( "fmt" "io" + "os" + "strings" "github.com/owenrumney/go-sarif/v2/sarif" "golang.org/x/vuln/osv" @@ -10,19 +12,18 @@ import ( ) const ( - RULENAME = "LanguageSpecificPackageVulnerability" // TODO: Research if more specific rule name is possible - SEVERITY = "warning" // There are no Severities published on that page + ruleName = "LanguageSpecificPackageVulnerability" // TODO: Research if more specific rule name is possible + severity = "warning" // There are no Severities published on that page shortName = "govulncheck" fullName = "Golang Vulncheck" uri = "https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck" + baseURI = "SRCROOT" ) -var rootPath = "file:///" - type Reporter interface { CreateEmptyReport(vulncheckVersion string) error AddRule(vuln vulncheck.Vuln) - AddCallResult(vuln *vulncheck.Vuln, call *vulncheck.CallSite) + AddCallResult(vuln *vulncheck.Vuln, call *vulncheck.CallSite, parent *vulncheck.FuncNode) AddImportResult(vuln *vulncheck.Vuln, pkg *vulncheck.PkgNode) } @@ -65,11 +66,11 @@ func (sr *SarifReporter) AddRule(vuln vulncheck.Vuln) { // sr.run.AddRule does check if the rule is present prior to adding it sr.run.AddRule(vuln.OSV.ID). - WithName(RULENAME). + WithName(ruleName). WithDescription(vuln.OSV.ID). WithFullDescription(sarif.NewMultiformatMessageString(vuln.OSV.Details)). WithHelp(sarif.NewMultiformatMessageString(text).WithMarkdown(markdown)). - WithDefaultConfiguration(sarif.NewReportingConfiguration().WithLevel(SEVERITY)). + WithDefaultConfiguration(sarif.NewReportingConfiguration().WithLevel(severity)). WithProperties(sarif.Properties{ "tags": []string{ "vulnerability", @@ -83,10 +84,12 @@ func (sr *SarifReporter) AddRule(vuln vulncheck.Vuln) { WithHelpURI(fmt.Sprintf("https://pkg.go.dev/vuln/%s", vuln.OSV.ID)) } -func (sr *SarifReporter) AddCallResult(vuln *vulncheck.Vuln, call *vulncheck.CallSite) { +func (sr *SarifReporter) AddCallResult(vuln *vulncheck.Vuln, call *vulncheck.CallSite, parent *vulncheck.FuncNode) { + localDir, _ := os.Getwd() + result := sarif.NewRuleResult(vuln.OSV.ID). - WithLevel(SEVERITY). - WithMessage(sarif.NewTextMessage(fmt.Sprintf("Vulnerable Code [%s] is getting called", call.Name))) + WithLevel(severity). + WithMessage(sarif.NewTextMessage(generateResultMessage(vuln, call, parent))) region := sarif.NewRegion(). WithStartLine(call.Pos.Line). WithEndLine(call.Pos.Line). @@ -95,7 +98,7 @@ func (sr *SarifReporter) AddCallResult(vuln *vulncheck.Vuln, call *vulncheck.Cal WithCharOffset(call.Pos.Offset) location := sarif.NewPhysicalLocation(). - WithArtifactLocation(sarif.NewSimpleArtifactLocation(call.Pos.Filename).WithUriBaseId("ROOTPATH")). + WithArtifactLocation(sarif.NewSimpleArtifactLocation(makePathRelative(call.Pos.Filename, localDir)).WithUriBaseId(baseURI)). WithRegion(region) result.WithLocations([]*sarif.Location{sarif.NewLocationWithPhysicalLocation(location)}) @@ -109,7 +112,7 @@ func (sr *SarifReporter) AddCallResult(vuln *vulncheck.Vuln, call *vulncheck.Cal func (sr *SarifReporter) AddImportResult(vuln *vulncheck.Vuln, pkg *vulncheck.PkgNode) { result := sarif.NewRuleResult(vuln.OSV.ID). - WithLevel(SEVERITY). + WithLevel(severity). WithMessage(sarif.NewTextMessage(fmt.Sprintf("Import of vulnerable package %s", pkg.Path))) ruleIdx := sr.getRuleIndex(vuln.OSV.ID) @@ -121,9 +124,6 @@ func (sr *SarifReporter) AddImportResult(vuln *vulncheck.Vuln, pkg *vulncheck.Pk func (sr *SarifReporter) Flush(writer io.Writer) error { sr.run.ColumnKind = "utf16CodeUnits" - sr.run.OriginalUriBaseIDs = map[string]*sarif.ArtifactLocation{ - "ROOTPATH": {URI: &rootPath}, - } sr.report.AddRun(sr.run) return sr.report.PrettyWrite(writer) @@ -154,7 +154,20 @@ func searchFixVersion(versions []osv.Affected) string { func generateRuleHelp(vuln vulncheck.Vuln) (text string, markdown string) { fixVersion := searchFixVersion(vuln.OSV.Affected) + uri := fmt.Sprintf("https://pkg.go.dev/vuln/%s", vuln.OSV.ID) return fmt.Sprintf("Vulnerability %s \n Module: %s \n Package: %s \n Fixed in Version: %s \n", vuln.OSV.ID, vuln.ModPath, vuln.PkgPath, fixVersion), - fmt.Sprintf("**Vulnerability %s**\n| Module | Package | Fixed in Version |\n| --- | --- |:---:|\n|%s|%s|%s|\n\n %s", vuln.OSV.ID, vuln.ModPath, vuln.PkgPath, fixVersion, vuln.OSV.Details) + fmt.Sprintf("**Vulnerability [%s](%s)**\n%s\n| Module | Package | Fixed in Version |\n| --- | --- |:---:|\n|%s|%s|%s|\n", vuln.OSV.ID, uri, vuln.OSV.Details, vuln.ModPath, vuln.PkgPath, fixVersion) +} + +func generateResultMessage(vuln *vulncheck.Vuln, call *vulncheck.CallSite, parent *vulncheck.FuncNode) string { + localDir, _ := os.Getwd() + caller := fmt.Sprintf("%s:%d:%d %s.%s", makePathRelative(call.Pos.Filename, localDir), call.Pos.Line, call.Pos.Column, parent.PkgPath, parent.Name) + calledVuln := fmt.Sprintf("%s.%s", vuln.ModPath, vuln.Symbol) + + return fmt.Sprintf("%s calls %s which has vulnerability %s", caller, calledVuln, vuln.OSV.ID) +} + +func makePathRelative(absolute string, workdir string) string { + return strings.Replace(absolute, workdir, "", 1) } diff --git a/pkg/vulncheck/converter.go b/pkg/vulncheck/converter.go index 38a7a0b..2e2fba5 100644 --- a/pkg/vulncheck/converter.go +++ b/pkg/vulncheck/converter.go @@ -3,6 +3,7 @@ package vulncheck import ( "fmt" "os" + "strings" "github.com/Templum/govulncheck-action/pkg/sarif" "golang.org/x/vuln/vulncheck" @@ -27,6 +28,8 @@ func (c *Converter) getVulncheckVersion() string { } func (c *Converter) Convert(result *vulncheck.Result) error { + localDir, _ := os.Getwd() + err := c.reporter.CreateEmptyReport(c.getVulncheckVersion()) if err != nil { return err @@ -36,19 +39,23 @@ func (c *Converter) Convert(result *vulncheck.Result) error { c.reporter.AddRule(*current) if current.CallSink == 0 { - if len(result.Imports.Packages) <= current.ImportSink { + if len(result.Imports.Packages) >= current.ImportSink { c.reporter.AddImportResult(current, result.Imports.Packages[current.ImportSink]) } } else { - if len(result.Calls.Functions) == current.CallSink { + if len(result.Calls.Functions) >= current.CallSink { for _, call := range result.Calls.Functions[current.CallSink].CallSites { - c.reporter.AddCallResult(current, call) + // Only reporting code that is used + if strings.Contains(call.Pos.Filename, localDir) { + parent := result.Calls.Functions[call.Parent] + c.reporter.AddCallResult(current, call, parent) + } } } } } - fmt.Printf("Converted Report to Sarif format found %d Vulnerabilities\n", len(result.Vulns)) + fmt.Println("Converted Report to Sarif format") return nil } diff --git a/pkg/vulncheck/runner.go b/pkg/vulncheck/runner.go index 6bba495..18f2a53 100644 --- a/pkg/vulncheck/runner.go +++ b/pkg/vulncheck/runner.go @@ -32,7 +32,7 @@ func (r *CmdScanner) Scan() (*vulncheck.Result, error) { workDir, _ := os.Getwd() fmt.Printf("Running govulncheck for package %s in dir %s\n", pkg, workDir) - cmd := exec.Command("govulncheck", "-json", pkg) + cmd := exec.Command(command, flag, pkg) cmd.Dir = workDir out, cmdErr := cmd.Output() @@ -41,6 +41,13 @@ func (r *CmdScanner) Scan() (*vulncheck.Result, error) { println("Scan found vulnerabilities in codebase") } + if len(err.Stderr) > 0 { + fmt.Printf("Stderr: %s\n", string(err.Stderr)) + fmt.Printf("Error: %v\n", err) + } + + } else if cmdErr != nil { + return nil, cmdErr } var result vulncheck.Result diff --git a/pkg/vulncheck/static_runner.go b/pkg/vulncheck/static_runner.go new file mode 100644 index 0000000..430008b --- /dev/null +++ b/pkg/vulncheck/static_runner.go @@ -0,0 +1,30 @@ +package vulncheck + +import ( + "encoding/json" + "errors" + "fmt" + "os" + + "golang.org/x/vuln/vulncheck" +) + +type StaticScanner struct { +} + +func NewLocalScanner() Scanner { + return &StaticScanner{} +} + +func (r *StaticScanner) Scan() (*vulncheck.Result, error) { + out, _ := os.ReadFile("/workspaces/govulncheck-action/hack/found.json") + + var result vulncheck.Result + err := json.Unmarshal(out, &result) + if err != nil { + return nil, errors.New("scan failed to produce proper report") + } + + fmt.Println("Successfully parsed report") + return &result, nil +}