From db747f26bd13a48ca06d543348dd4f9984f0bf59 Mon Sep 17 00:00:00 2001 From: Simon Date: Sat, 17 Sep 2022 23:33:51 +0200 Subject: [PATCH] :bug: :sparkles: Implemented proper Resolution of Callsites (#4) * :recycle: Ensured pointer are used * :arrow_up: Updated golang.org/x/vuln * :monocle_face: Updated Data to have example with multiple callsites * :sparkles: Implemented Callstack resolver for Vuln * :sparkles: Implemented Preprocessor It currently removes duplicates * :recycle: Switched Convert to use new format * :recycle: Wired together new implementation * :wrench: Included Dynamic Integration Test * :wrench: Running Integration only on main & tags * :sparkles: Added Markdown FOrmat * :bug: Link was not correct * :bug: Switched away from relative link * :sparkles: Added Link to Vuln * :recycle: Reused Stack for PrintStack * :recycle: Minor Refactoring --- .github/workflows/integration.yml | 11 +- .gitignore | 3 +- go.mod | 2 +- go.sum | 4 +- hack/found.json | 2161 +++++++++++++++-------------- main.go | 9 +- pkg/action/preprocessor.go | 79 ++ pkg/sarif/reporter.go | 127 +- pkg/types/call_chain.go | 51 + pkg/types/reporter.go | 4 +- pkg/types/result.go | 5 + pkg/vulncheck/resolver.go | 177 +++ 12 files changed, 1496 insertions(+), 1137 deletions(-) create mode 100644 pkg/action/preprocessor.go create mode 100644 pkg/types/call_chain.go create mode 100644 pkg/types/result.go create mode 100644 pkg/vulncheck/resolver.go diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index fd0bc10..9e1fd08 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -1,7 +1,12 @@ name: Integration Test -on: [push] +on: + push: + branches: + - main + tags: + - v* jobs: - build: + test: runs-on: ubuntu-latest steps: - uses: actions/checkout@main @@ -10,4 +15,4 @@ jobs: shell: bash - name: Integration Test id: integration-test - uses: Templum/govulncheck-action@feature/2 + uses: Templum/govulncheck-action@main diff --git a/.gitignore b/.gitignore index 82dfa51..6076df8 100644 --- a/.gitignore +++ b/.gitignore @@ -18,4 +18,5 @@ # vendor/ # Used for testing locally -.env \ No newline at end of file +.env +hack/output.json \ No newline at end of file diff --git a/go.mod b/go.mod index 9ed61ed..8c62cc2 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/Templum/govulncheck-action go 1.19 -require golang.org/x/vuln v0.0.0-20220908210932-64dbbd7bba4f +require golang.org/x/vuln v0.0.0-20220914160157-cac67f5c7c81 require ( github.com/golang/protobuf v1.5.2 // indirect diff --git a/go.sum b/go.sum index 05d9a00..538dac3 100644 --- a/go.sum +++ b/go.sum @@ -65,8 +65,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.1.13-0.20220803210227-8b9a1fbdf5c3 h1:aE4T3aJwdCNz+s35ScSQYUzeGu7BOLDHZ1bBHVurqqY= golang.org/x/tools v0.1.13-0.20220803210227-8b9a1fbdf5c3/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/vuln v0.0.0-20220908210932-64dbbd7bba4f h1:U6Ghm6NTeUUiGUOaQuYC4ELjCMig8hb7nVAyIg7XThg= -golang.org/x/vuln v0.0.0-20220908210932-64dbbd7bba4f/go.mod h1:7tDfEDtOLlzHQRi4Yzfg5seVBSvouUIjyPzBx4q5CxQ= +golang.org/x/vuln v0.0.0-20220914160157-cac67f5c7c81 h1:PlNfGv/lMyN1WatEzczf4kNOrjQ0dg3KFuqJIo+18Tw= +golang.org/x/vuln v0.0.0-20220914160157-cac67f5c7c81/go.mod h1:7tDfEDtOLlzHQRi4Yzfg5seVBSvouUIjyPzBx4q5CxQ= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= diff --git a/hack/found.json b/hack/found.json index 07a7fc3..76a340c 100644 --- a/hack/found.json +++ b/hack/found.json @@ -8,33 +8,69 @@ "PkgPath": "github.com/Templum/playground", "Pos": { "Filename": "/workspaces/govulncheck-action/main.go", - "Offset": 187, - "Line": 10, + "Offset": 232, + "Line": 11, "Column": 6 }, "CallSites": null }, "10": { "ID": 10, - "Name": "Parse", + "Name": "yaml_parser_roll_indent", "RecvType": "", - "PkgPath": "golang.org/x/text/language", + "PkgPath": "gopkg.in/yaml.v2", "Pos": { - "Filename": "/go/pkg/mod/golang.org/x/text@v0.3.6/language/parse.go", - "Offset": 1121, - "Line": 33, + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 27804, + "Line": 931, "Column": 6 }, "CallSites": [ { - "Parent": 12, - "Name": "Parse", + "Parent": 57, + "Name": "yaml_parser_roll_indent", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/golang.org/x/text@v0.3.6/language/tags.go", - "Offset": 469, - "Line": 14, - "Column": 17 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 34648, + "Line": 1196, + "Column": 30 + }, + "Resolved": true + }, + { + "Parent": 58, + "Name": "yaml_parser_roll_indent", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 37172, + "Line": 1283, + "Column": 30 + }, + "Resolved": true + }, + { + "Parent": 58, + "Name": "yaml_parser_roll_indent", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 37897, + "Line": 1308, + "Column": 31 + }, + "Resolved": true + }, + { + "Parent": 59, + "Name": "yaml_parser_roll_indent", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 35945, + "Line": 1239, + "Column": 30 }, "Resolved": true } @@ -42,80 +78,132 @@ }, "11": { "ID": 11, + "Name": "yaml_parser_fetch_more_tokens", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 17667, + "Line": 626, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 27, + "Name": "yaml_parser_fetch_more_tokens", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 2220, + "Line": 47, + "Column": 60 + }, + "Resolved": true + } + ] + }, + "12": { + "ID": 12, "Name": "Get", - "RecvType": "github.com/tidwall/gjson.Result", + "RecvType": "", "PkgPath": "github.com/tidwall/gjson", "Pos": { "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 5744, - "Line": 296, - "Column": 17 + "Offset": 37859, + "Line": 1873, + "Column": 6 }, "CallSites": [ { - "Parent": 16, + "Parent": 3, "Name": "Get", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 27159, - "Line": 1370, + "Filename": "/workspaces/govulncheck-action/pkg/seconds/mixer.go", + "Offset": 257, + "Line": 15, "Column": 18 }, "Resolved": true }, { - "Parent": 16, + "Parent": 7, "Name": "Get", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 27446, - "Line": 1385, - "Column": 19 + "Offset": 5781, + "Line": 297, + "Column": 12 }, "Resolved": true }, { - "Parent": 17, + "Parent": 12, "Name": "Get", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 31327, - "Line": 1579, - "Column": 24 + "Offset": 38198, + "Line": 1885, + "Column": 17 }, "Resolved": true }, { - "Parent": 8, + "Parent": 12, "Name": "Get", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 39584, - "Line": 1945, - "Column": 20 + "Offset": 38654, + "Line": 1905, + "Column": 17 }, "Resolved": true }, { - "Parent": 8, + "Parent": 2, "Name": "Get", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 40038, - "Line": 1974, - "Column": 21 + "Filename": "/workspaces/govulncheck-action/pkg/json/testcase.go", + "Offset": 162, + "Line": 11, + "Column": 20 }, "Resolved": true } ] }, - "12": { - "ID": 12, + "13": { + "ID": 13, + "Name": "yaml_parser_increase_flow_level", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 27111, + "Line": 910, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 55, + "Name": "yaml_parser_increase_flow_level", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 32293, + "Line": 1106, + "Column": 37 + }, + "Resolved": true + } + ] + }, + "14": { + "ID": 14, "Name": "MustParse", "RecvType": "", "PkgPath": "golang.org/x/text/language", @@ -130,6 +218,18 @@ "Parent": 3, "Name": "MustParse", "RecvType": "", + "Pos": { + "Filename": "/workspaces/govulncheck-action/pkg/seconds/mixer.go", + "Offset": 204, + "Line": 12, + "Column": 29 + }, + "Resolved": true + }, + { + "Parent": 4, + "Name": "MustParse", + "RecvType": "", "Pos": { "Filename": "/workspaces/govulncheck-action/pkg/text/testcase.go", "Offset": 102, @@ -140,8 +240,8 @@ } ] }, - "13": { - "ID": 13, + "15": { + "ID": 15, "Name": "queryMatches", "RecvType": "", "PkgPath": "github.com/tidwall/gjson", @@ -153,7 +253,7 @@ }, "CallSites": [ { - "Parent": 16, + "Parent": 18, "Name": "queryMatches", "RecvType": "", "Pos": { @@ -166,96 +266,120 @@ } ] }, - "14": { - "ID": 14, - "Name": "yaml_parser_fetch_more_tokens", + "16": { + "ID": 16, + "Name": "parseObject", "RecvType": "", - "PkgPath": "gopkg.in/yaml.v2", + "PkgPath": "github.com/tidwall/gjson", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 17667, - "Line": 626, + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 21927, + "Line": 1114, "Column": 6 }, "CallSites": [ { - "Parent": 20, - "Name": "yaml_parser_fetch_more_tokens", + "Parent": 17, + "Name": "parseObject", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 2220, - "Line": 47, - "Column": 60 + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 28823, + "Line": 1462, + "Column": 26 + }, + "Resolved": true + }, + { + "Parent": 16, + "Name": "parseObject", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 24057, + "Line": 1212, + "Column": 26 + }, + "Resolved": true + }, + { + "Parent": 12, + "Name": "parseObject", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 39894, + "Line": 1963, + "Column": 16 }, "Resolved": true } ] }, - "15": { - "ID": 15, - "Name": "yaml_parser_roll_indent", + "17": { + "ID": 17, + "Name": "parseArray", "RecvType": "", - "PkgPath": "gopkg.in/yaml.v2", + "PkgPath": "github.com/tidwall/gjson", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 27804, - "Line": 931, + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 26587, + "Line": 1341, "Column": 6 }, "CallSites": [ { - "Parent": 56, - "Name": "yaml_parser_roll_indent", + "Parent": 12, + "Name": "parseArray", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 35945, - "Line": 1239, - "Column": 30 + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 39788, + "Line": 1958, + "Column": 13 }, "Resolved": true }, { - "Parent": 57, - "Name": "yaml_parser_roll_indent", - "RecvType": "", + "Parent": 16, + "Name": "parseArray", + "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 34648, - "Line": 1196, - "Column": 30 + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 24326, + "Line": 1226, + "Column": 25 }, "Resolved": true }, { - "Parent": 58, - "Name": "yaml_parser_roll_indent", + "Parent": 17, + "Name": "parseArray", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 37172, - "Line": 1283, - "Column": 30 + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 29286, + "Line": 1486, + "Column": 25 }, "Resolved": true }, { - "Parent": 58, - "Name": "yaml_parser_roll_indent", + "Parent": 12, + "Name": "parseArray", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 37897, - "Line": 1308, - "Column": 31 + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 39969, + "Line": 1968, + "Column": 15 }, "Resolved": true } ] }, - "16": { - "ID": 16, + "18": { + "ID": 18, "Name": "parseArray$1", "RecvType": "", "PkgPath": "github.com/tidwall/gjson", @@ -328,208 +452,314 @@ } ] }, - "17": { - "ID": 17, - "Name": "parseArray", + "19": { + "ID": 19, + "Name": "unmarshal", "RecvType": "", - "PkgPath": "github.com/tidwall/gjson", + "PkgPath": "gopkg.in/yaml.v2", "Pos": { - "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 26587, - "Line": 1341, + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/yaml.go", + "Offset": 4340, + "Line": 137, "Column": 6 }, "CallSites": [ { "Parent": 8, - "Name": "parseArray", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 39788, - "Line": 1958, - "Column": 13 - }, - "Resolved": true - }, - { - "Parent": 6, - "Name": "parseArray", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 24326, - "Line": 1226, - "Column": 25 - }, - "Resolved": true - }, - { - "Parent": 17, - "Name": "parseArray", + "Name": "unmarshal", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 29286, - "Line": 1486, - "Column": 25 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/yaml.go", + "Offset": 2826, + "Line": 81, + "Column": 18 }, "Resolved": true - }, + } + ] + }, + "2": { + "ID": 2, + "Name": "Testcase", + "RecvType": "", + "PkgPath": "github.com/Templum/playground/pkg/json", + "Pos": { + "Filename": "/workspaces/govulncheck-action/pkg/json/testcase.go", + "Offset": 130, + "Line": 10, + "Column": 6 + }, + "CallSites": [ { - "Parent": 8, - "Name": "parseArray", + "Parent": 1, + "Name": "Testcase", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 39969, - "Line": 1968, + "Filename": "/workspaces/govulncheck-action/main.go", + "Offset": 255, + "Line": 12, "Column": 15 }, "Resolved": true } ] }, - "18": { - "ID": 18, - "Name": "yaml_parser_fetch_flow_collection_start", - "RecvType": "", + "20": { + "ID": 20, + "Name": "merge", + "RecvType": "*gopkg.in/yaml.v2.decoder", "PkgPath": "gopkg.in/yaml.v2", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 32018, - "Line": 1099, - "Column": 6 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 17803, + "Line": 744, + "Column": 19 }, "CallSites": [ { - "Parent": 19, - "Name": "yaml_parser_fetch_flow_collection_start", + "Parent": 21, + "Name": "merge", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 20412, - "Line": 722, - "Column": 49 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 16710, + "Line": 705, + "Column": 11 }, "Resolved": true }, { - "Parent": 19, - "Name": "yaml_parser_fetch_flow_collection_start", + "Parent": 22, + "Name": "merge", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 20595, - "Line": 727, - "Column": 49 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 14719, + "Line": 621, + "Column": 11 + }, + "Resolved": true + }, + { + "Parent": 23, + "Name": "merge", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 15783, + "Line": 665, + "Column": 11 }, "Resolved": true } ] }, - "19": { - "ID": 19, - "Name": "yaml_parser_fetch_next_token", - "RecvType": "", + "21": { + "ID": 21, + "Name": "mappingStruct", + "RecvType": "*gopkg.in/yaml.v2.decoder", "PkgPath": "gopkg.in/yaml.v2", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 18571, - "Line": 665, - "Column": 6 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 16136, + "Line": 682, + "Column": 19 }, "CallSites": [ { - "Parent": 14, - "Name": "yaml_parser_fetch_next_token", + "Parent": 22, + "Name": "mappingStruct", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 18446, - "Line": 655, - "Column": 35 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 13978, + "Line": 584, + "Column": 25 }, "Resolved": true } ] }, - "2": { - "ID": 2, - "Name": "Testcase", - "RecvType": "", - "PkgPath": "github.com/Templum/playground/pkg/json", + "22": { + "ID": 22, + "Name": "mapping", + "RecvType": "*gopkg.in/yaml.v2.decoder", + "PkgPath": "gopkg.in/yaml.v2", "Pos": { - "Filename": "/workspaces/govulncheck-action/pkg/json/testcase.go", - "Offset": 130, - "Line": 10, - "Column": 6 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 13861, + "Line": 581, + "Column": 19 }, "CallSites": [ { - "Parent": 1, - "Name": "Testcase", + "Parent": 9, + "Name": "mapping", "RecvType": "", "Pos": { - "Filename": "/workspaces/govulncheck-action/main.go", - "Offset": 210, - "Line": 11, - "Column": 15 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 7743, + "Line": 332, + "Column": 19 }, "Resolved": true } ] }, - "20": { - "ID": 20, - "Name": "peek_token", - "RecvType": "", + "23": { + "ID": 23, + "Name": "mappingSlice", + "RecvType": "*gopkg.in/yaml.v2.decoder", "PkgPath": "gopkg.in/yaml.v2", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 2111, - "Line": 46, - "Column": 6 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 15467, + "Line": 651, + "Column": 19 }, "CallSites": [ { - "Parent": 21, - "Name": "peek_token", + "Parent": 22, + "Name": "mappingSlice", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 28119, - "Line": 879, - "Column": 21 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 14031, + "Line": 586, + "Column": 24 }, "Resolved": true }, { - "Parent": 34, - "Name": "peek_token", + "Parent": 22, + "Name": "mappingSlice", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 23280, - "Line": 734, - "Column": 21 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 14278, + "Line": 596, + "Column": 22 + }, + "Resolved": true + } + ] + }, + "24": { + "ID": 24, + "Name": "document", + "RecvType": "*gopkg.in/yaml.v2.decoder", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 7917, + "Line": 341, + "Column": 19 + }, + "CallSites": [ + { + "Parent": 9, + "Name": "document", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 7511, + "Line": 320, + "Column": 20 + }, + "Resolved": true + } + ] + }, + "25": { + "ID": 25, + "Name": "sequence", + "RecvType": "*gopkg.in/yaml.v2.decoder", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 13038, + "Line": 543, + "Column": 19 + }, + "CallSites": [ + { + "Parent": 9, + "Name": "sequence", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 7791, + "Line": 334, + "Column": 20 + }, + "Resolved": true + } + ] + }, + "26": { + "ID": 26, + "Name": "alias", + "RecvType": "*gopkg.in/yaml.v2.decoder", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 8093, + "Line": 350, + "Column": 19 + }, + "CallSites": [ + { + "Parent": 9, + "Name": "alias", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 7553, + "Line": 322, + "Column": 17 + }, + "Resolved": true + } + ] + }, + "27": { + "ID": 27, + "Name": "peek_token", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 2111, + "Line": 46, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 28, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 31112, + "Line": 971, + "Column": 21 }, "Resolved": true }, { - "Parent": 34, + "Parent": 28, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 23428, - "Line": 741, + "Offset": 31376, + "Line": 981, "Column": 21 }, "Resolved": true }, { - "Parent": 35, + "Parent": 40, "Name": "peek_token", "RecvType": "", "Pos": { @@ -541,7 +771,7 @@ "Resolved": true }, { - "Parent": 35, + "Parent": 40, "Name": "peek_token", "RecvType": "", "Pos": { @@ -553,7 +783,7 @@ "Resolved": true }, { - "Parent": 35, + "Parent": 40, "Name": "peek_token", "RecvType": "", "Pos": { @@ -565,7 +795,7 @@ "Resolved": true }, { - "Parent": 35, + "Parent": 40, "Name": "peek_token", "RecvType": "", "Pos": { @@ -577,7 +807,7 @@ "Resolved": true }, { - "Parent": 35, + "Parent": 40, "Name": "peek_token", "RecvType": "", "Pos": { @@ -589,331 +819,331 @@ "Resolved": true }, { - "Parent": 36, + "Parent": 41, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 31112, - "Line": 971, + "Offset": 23280, + "Line": 734, "Column": 21 }, "Resolved": true }, { - "Parent": 36, + "Parent": 41, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 31376, - "Line": 981, + "Offset": 23428, + "Line": 741, "Column": 21 }, "Resolved": true }, { - "Parent": 37, + "Parent": 42, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 20086, - "Line": 632, + "Offset": 26456, + "Line": 834, "Column": 21 }, "Resolved": true }, { - "Parent": 37, + "Parent": 43, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 20241, - "Line": 640, - "Column": 21 + "Offset": 29084, + "Line": 906, + "Column": 22 }, "Resolved": true }, { - "Parent": 45, + "Parent": 43, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 6628, - "Line": 175, + "Offset": 29194, + "Line": 911, "Column": 21 }, "Resolved": true }, { - "Parent": 46, + "Parent": 43, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 7443, - "Line": 200, - "Column": 21 + "Offset": 29390, + "Line": 920, + "Column": 23 }, "Resolved": true }, { - "Parent": 46, + "Parent": 43, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 7635, - "Line": 209, + "Offset": 29819, + "Line": 935, "Column": 22 }, "Resolved": true }, { - "Parent": 46, + "Parent": 44, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 8577, - "Line": 241, - "Column": 21 + "Offset": 24637, + "Line": 772, + "Column": 22 }, "Resolved": true }, { - "Parent": 47, + "Parent": 44, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 32571, - "Line": 1020, + "Offset": 24746, + "Line": 776, "Column": 21 }, "Resolved": true }, { - "Parent": 47, + "Parent": 44, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 33523, - "Line": 1053, - "Column": 21 + "Offset": 24942, + "Line": 784, + "Column": 23 }, "Resolved": true }, { - "Parent": 38, + "Parent": 45, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 29084, - "Line": 906, + "Offset": 21536, + "Line": 677, "Column": 22 }, "Resolved": true }, { - "Parent": 38, + "Parent": 45, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 29194, - "Line": 911, + "Offset": 21646, + "Line": 682, "Column": 21 }, "Resolved": true }, { - "Parent": 38, + "Parent": 45, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 29390, - "Line": 920, - "Column": 23 + "Offset": 21793, + "Line": 690, + "Column": 21 }, "Resolved": true }, { - "Parent": 38, + "Parent": 46, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 29819, - "Line": 935, - "Column": 22 + "Offset": 20086, + "Line": 632, + "Column": 21 }, "Resolved": true }, { - "Parent": 39, + "Parent": 46, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 21536, - "Line": 677, - "Column": 22 + "Offset": 20241, + "Line": 640, + "Column": 21 }, "Resolved": true }, { - "Parent": 39, + "Parent": 47, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 21646, - "Line": 682, + "Offset": 27253, + "Line": 855, "Column": 21 }, "Resolved": true }, { - "Parent": 39, + "Parent": 47, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 21793, - "Line": 690, - "Column": 21 + "Offset": 27377, + "Line": 861, + "Column": 22 }, "Resolved": true }, { - "Parent": 40, + "Parent": 48, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 27253, - "Line": 855, + "Offset": 9755, + "Line": 283, "Column": 21 }, "Resolved": true }, { - "Parent": 40, + "Parent": 49, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 27377, - "Line": 861, + "Offset": 18526, + "Line": 581, "Column": 22 }, "Resolved": true }, { - "Parent": 41, + "Parent": 49, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 26456, - "Line": 834, + "Offset": 18636, + "Line": 586, "Column": 21 }, "Resolved": true }, { - "Parent": 42, + "Parent": 49, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 9755, - "Line": 283, + "Offset": 18791, + "Line": 594, "Column": 21 }, "Resolved": true }, { - "Parent": 43, + "Parent": 50, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 24637, - "Line": 772, - "Column": 22 + "Offset": 28119, + "Line": 879, + "Column": 21 }, "Resolved": true }, { - "Parent": 43, + "Parent": 51, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 24746, - "Line": 776, + "Offset": 7443, + "Line": 200, "Column": 21 }, "Resolved": true }, { - "Parent": 43, + "Parent": 51, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 24942, - "Line": 784, - "Column": 23 + "Offset": 7635, + "Line": 209, + "Column": 22 }, "Resolved": true }, { - "Parent": 44, + "Parent": 51, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 18526, - "Line": 581, - "Column": 22 + "Offset": 8577, + "Line": 241, + "Column": 21 }, "Resolved": true }, { - "Parent": 44, + "Parent": 52, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 18636, - "Line": 586, + "Offset": 32571, + "Line": 1020, "Column": 21 }, "Resolved": true }, { - "Parent": 44, + "Parent": 52, "Name": "peek_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 18791, - "Line": 594, + "Offset": 33523, + "Line": 1053, "Column": 21 }, "Resolved": true }, { - "Parent": 48, + "Parent": 53, "Name": "peek_token", "RecvType": "", "Pos": { @@ -923,37 +1153,61 @@ "Column": 21 }, "Resolved": true + }, + { + "Parent": 54, + "Name": "peek_token", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 6628, + "Line": 175, + "Column": 21 + }, + "Resolved": true } ] }, - "21": { - "ID": 21, - "Name": "yaml_parser_parse_flow_sequence_entry_mapping_end", + "28": { + "ID": 28, + "Name": "yaml_parser_parse_flow_mapping_value", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 27998, - "Line": 878, + "Offset": 30992, + "Line": 970, "Column": 6 }, "CallSites": [ { - "Parent": 22, - "Name": "yaml_parser_parse_flow_sequence_entry_mapping_end", + "Parent": 29, + "Name": "yaml_parser_parse_flow_mapping_value", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 5874, - "Line": 152, - "Column": 59 + "Offset": 6200, + "Line": 161, + "Column": 46 + }, + "Resolved": true + }, + { + "Parent": 29, + "Name": "yaml_parser_parse_flow_mapping_value", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 6318, + "Line": 164, + "Column": 46 }, "Resolved": true } ] }, - "22": { - "ID": 22, + "29": { + "ID": 29, "Name": "yaml_parser_state_machine", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", @@ -965,7 +1219,7 @@ }, "CallSites": [ { - "Parent": 23, + "Parent": 30, "Name": "yaml_parser_state_machine", "RecvType": "", "Pos": { @@ -978,8 +1232,34 @@ } ] }, - "23": { - "ID": 23, + "3": { + "ID": 3, + "Name": "Testcase", + "RecvType": "", + "PkgPath": "github.com/Templum/playground/pkg/seconds", + "Pos": { + "Filename": "/workspaces/govulncheck-action/pkg/seconds/mixer.go", + "Offset": 162, + "Line": 10, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 1, + "Name": "Testcase", + "RecvType": "", + "Pos": { + "Filename": "/workspaces/govulncheck-action/main.go", + "Offset": 309, + "Line": 15, + "Column": 18 + }, + "Resolved": true + } + ] + }, + "30": { + "ID": 30, "Name": "yaml_parser_parse", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", @@ -991,7 +1271,7 @@ }, "CallSites": [ { - "Parent": 24, + "Parent": 31, "Name": "yaml_parser_parse", "RecvType": "", "Pos": { @@ -1003,7 +1283,7 @@ "Resolved": true }, { - "Parent": 30, + "Parent": 36, "Name": "yaml_parser_parse", "RecvType": "", "Pos": { @@ -1016,8 +1296,8 @@ } ] }, - "24": { - "ID": 24, + "31": { + "ID": 31, "Name": "peek", "RecvType": "*gopkg.in/yaml.v2.parser", "PkgPath": "gopkg.in/yaml.v2", @@ -1029,71 +1309,45 @@ }, "CallSites": [ { - "Parent": 25, + "Parent": 32, "Name": "peek", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 4359, - "Line": 205, - "Column": 12 + "Offset": 2928, + "Line": 143, + "Column": 15 }, "Resolved": true }, { - "Parent": 29, + "Parent": 33, "Name": "peek", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 4624, - "Line": 216, + "Offset": 4359, + "Line": 205, "Column": 12 }, "Resolved": true }, { - "Parent": 26, + "Parent": 34, "Name": "peek", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 2928, - "Line": 143, - "Column": 15 - }, - "Resolved": true - } - ] - }, - "25": { - "ID": 25, - "Name": "sequence", - "RecvType": "*gopkg.in/yaml.v2.parser", - "PkgPath": "gopkg.in/yaml.v2", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 4236, - "Line": 201, - "Column": 18 - }, - "CallSites": [ - { - "Parent": 26, - "Name": "sequence", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 3126, - "Line": 151, - "Column": 20 + "Offset": 4624, + "Line": 216, + "Column": 12 }, "Resolved": true } ] }, - "26": { - "ID": 26, + "32": { + "ID": 32, "Name": "parse", "RecvType": "*gopkg.in/yaml.v2.parser", "PkgPath": "gopkg.in/yaml.v2", @@ -1105,7 +1359,7 @@ }, "CallSites": [ { - "Parent": 27, + "Parent": 19, "Name": "parse", "RecvType": "", "Pos": { @@ -1117,7 +1371,7 @@ "Resolved": true }, { - "Parent": 25, + "Parent": 33, "Name": "parse", "RecvType": "", "Pos": { @@ -1129,109 +1383,83 @@ "Resolved": true }, { - "Parent": 28, + "Parent": 34, "Name": "parse", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 3703, - "Line": 175, - "Column": 41 + "Offset": 4696, + "Line": 217, + "Column": 42 }, "Resolved": true }, { - "Parent": 29, + "Parent": 34, "Name": "parse", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 4696, + "Offset": 4707, "Line": 217, - "Column": 42 + "Column": 53 }, "Resolved": true }, { - "Parent": 29, + "Parent": 35, "Name": "parse", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 4707, - "Line": 217, - "Column": 53 + "Offset": 3703, + "Line": 175, + "Column": 41 }, "Resolved": true } ] }, - "27": { - "ID": 27, - "Name": "unmarshal", - "RecvType": "", + "33": { + "ID": 33, + "Name": "sequence", + "RecvType": "*gopkg.in/yaml.v2.parser", "PkgPath": "gopkg.in/yaml.v2", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/yaml.go", - "Offset": 4340, - "Line": 137, - "Column": 6 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 4236, + "Line": 201, + "Column": 18 }, "CallSites": [ { - "Parent": 7, - "Name": "unmarshal", + "Parent": 32, + "Name": "sequence", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/yaml.go", - "Offset": 2826, - "Line": 81, - "Column": 18 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3126, + "Line": 151, + "Column": 20 }, "Resolved": true } ] }, - "28": { - "ID": 28, - "Name": "document", + "34": { + "ID": 34, + "Name": "mapping", "RecvType": "*gopkg.in/yaml.v2.parser", "PkgPath": "gopkg.in/yaml.v2", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 3533, - "Line": 170, + "Offset": 4504, + "Line": 212, "Column": 18 }, "CallSites": [ { - "Parent": 26, - "Name": "document", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 3181, - "Line": 153, - "Column": 20 - }, - "Resolved": true - } - ] - }, - "29": { - "ID": 29, - "Name": "mapping", - "RecvType": "*gopkg.in/yaml.v2.parser", - "PkgPath": "gopkg.in/yaml.v2", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 4504, - "Line": 212, - "Column": 18 - }, - "CallSites": [ - { - "Parent": 26, + "Parent": 32, "Name": "mapping", "RecvType": "", "Pos": { @@ -1244,34 +1472,34 @@ } ] }, - "3": { - "ID": 3, - "Name": "Testcase", - "RecvType": "", - "PkgPath": "github.com/Templum/playground/pkg/text", + "35": { + "ID": 35, + "Name": "document", + "RecvType": "*gopkg.in/yaml.v2.parser", + "PkgPath": "gopkg.in/yaml.v2", "Pos": { - "Filename": "/workspaces/govulncheck-action/pkg/text/testcase.go", - "Offset": 61, - "Line": 7, - "Column": 6 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3533, + "Line": 170, + "Column": 18 }, "CallSites": [ { - "Parent": 1, - "Name": "Testcase", + "Parent": 32, + "Name": "document", "RecvType": "", "Pos": { - "Filename": "/workspaces/govulncheck-action/main.go", - "Offset": 227, - "Line": 12, - "Column": 15 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 3181, + "Line": 153, + "Column": 20 }, "Resolved": true } ] }, - "30": { - "ID": 30, + "36": { + "ID": 36, "Name": "expect", "RecvType": "*gopkg.in/yaml.v2.parser", "PkgPath": "gopkg.in/yaml.v2", @@ -1283,7 +1511,7 @@ }, "CallSites": [ { - "Parent": 25, + "Parent": 33, "Name": "expect", "RecvType": "", "Pos": { @@ -1295,7 +1523,7 @@ "Resolved": true }, { - "Parent": 25, + "Parent": 33, "Name": "expect", "RecvType": "", "Pos": { @@ -1307,79 +1535,79 @@ "Resolved": true }, { - "Parent": 28, + "Parent": 34, "Name": "expect", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 3635, - "Line": 174, + "Offset": 4586, + "Line": 215, "Column": 10 }, "Resolved": true }, { - "Parent": 28, + "Parent": 34, "Name": "expect", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 3716, - "Line": 176, + "Offset": 4723, + "Line": 219, "Column": 10 }, "Resolved": true }, { - "Parent": 29, + "Parent": 35, "Name": "expect", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 4586, - "Line": 215, + "Offset": 3635, + "Line": 174, "Column": 10 }, "Resolved": true }, { - "Parent": 29, + "Parent": 35, "Name": "expect", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 4723, - "Line": 219, + "Offset": 3716, + "Line": 176, "Column": 10 }, "Resolved": true }, { - "Parent": 31, + "Parent": 37, "Name": "expect", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 4186, - "Line": 197, + "Offset": 3964, + "Line": 187, "Column": 10 }, "Resolved": true }, { - "Parent": 32, + "Parent": 38, "Name": "expect", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 3964, - "Line": 187, + "Offset": 4186, + "Line": 197, "Column": 10 }, "Resolved": true }, { - "Parent": 33, + "Parent": 39, "Name": "expect", "RecvType": "", "Pos": { @@ -1392,60 +1620,60 @@ } ] }, - "31": { - "ID": 31, - "Name": "scalar", + "37": { + "ID": 37, + "Name": "alias", "RecvType": "*gopkg.in/yaml.v2.parser", "PkgPath": "gopkg.in/yaml.v2", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 4013, - "Line": 191, + "Offset": 3772, + "Line": 180, "Column": 18 }, "CallSites": [ { - "Parent": 26, - "Name": "scalar", + "Parent": 32, + "Name": "alias", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 2975, - "Line": 145, - "Column": 18 + "Offset": 3018, + "Line": 147, + "Column": 17 }, "Resolved": true } ] }, - "32": { - "ID": 32, - "Name": "alias", + "38": { + "ID": 38, + "Name": "scalar", "RecvType": "*gopkg.in/yaml.v2.parser", "PkgPath": "gopkg.in/yaml.v2", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 3772, - "Line": 180, + "Offset": 4013, + "Line": 191, "Column": 18 }, "CallSites": [ { - "Parent": 26, - "Name": "alias", + "Parent": 32, + "Name": "scalar", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 3018, - "Line": 147, - "Column": 17 + "Offset": 2975, + "Line": 145, + "Column": 18 }, "Resolved": true } ] }, - "33": { - "ID": 33, + "39": { + "ID": 39, "Name": "init", "RecvType": "*gopkg.in/yaml.v2.parser", "PkgPath": "gopkg.in/yaml.v2", @@ -1457,7 +1685,7 @@ }, "CallSites": [ { - "Parent": 26, + "Parent": 32, "Name": "init", "RecvType": "", "Pos": { @@ -1470,34 +1698,34 @@ } ] }, - "34": { - "ID": 34, - "Name": "yaml_parser_parse_block_mapping_value", + "4": { + "ID": 4, + "Name": "Testcase", "RecvType": "", - "PkgPath": "gopkg.in/yaml.v2", + "PkgPath": "github.com/Templum/playground/pkg/text", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 23171, - "Line": 733, + "Filename": "/workspaces/govulncheck-action/pkg/text/testcase.go", + "Offset": 61, + "Line": 7, "Column": 6 }, "CallSites": [ { - "Parent": 22, - "Name": "yaml_parser_parse_block_mapping_value", + "Parent": 1, + "Name": "Testcase", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 5244, - "Line": 137, - "Column": 47 + "Filename": "/workspaces/govulncheck-action/main.go", + "Offset": 272, + "Line": 13, + "Column": 15 }, "Resolved": true } ] }, - "35": { - "ID": 35, + "40": { + "ID": 40, "Name": "yaml_parser_parse_node", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", @@ -1509,43 +1737,43 @@ }, "CallSites": [ { - "Parent": 34, + "Parent": 28, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 23697, - "Line": 749, + "Offset": 31619, + "Line": 987, "Column": 33 }, "Resolved": true }, { - "Parent": 36, + "Parent": 41, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 31619, - "Line": 987, + "Offset": 23697, + "Line": 749, "Column": 33 }, "Resolved": true }, { - "Parent": 37, + "Parent": 42, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 20560, - "Line": 649, - "Column": 33 + "Offset": 26748, + "Line": 842, + "Column": 32 }, "Resolved": true }, { - "Parent": 38, + "Parent": 43, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { @@ -1557,7 +1785,7 @@ "Resolved": true }, { - "Parent": 38, + "Parent": 43, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { @@ -1569,31 +1797,31 @@ "Resolved": true }, { - "Parent": 39, + "Parent": 44, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 22064, - "Line": 698, + "Offset": 25816, + "Line": 810, "Column": 33 }, "Resolved": true }, { - "Parent": 40, + "Parent": 45, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 27636, - "Line": 867, + "Offset": 22064, + "Line": 698, "Column": 33 }, "Resolved": true }, { - "Parent": 22, + "Parent": 29, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { @@ -1605,7 +1833,7 @@ "Resolved": true }, { - "Parent": 22, + "Parent": 29, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { @@ -1617,7 +1845,7 @@ "Resolved": true }, { - "Parent": 22, + "Parent": 29, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { @@ -1629,43 +1857,43 @@ "Resolved": true }, { - "Parent": 41, + "Parent": 46, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 26748, - "Line": 842, - "Column": 32 + "Offset": 20560, + "Line": 649, + "Column": 33 }, "Resolved": true }, { - "Parent": 42, + "Parent": 47, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 10237, - "Line": 297, - "Column": 31 + "Offset": 27636, + "Line": 867, + "Column": 33 }, "Resolved": true }, { - "Parent": 43, + "Parent": 48, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 25816, - "Line": 810, - "Column": 33 + "Offset": 10237, + "Line": 297, + "Column": 31 }, "Resolved": true }, { - "Parent": 44, + "Parent": 49, "Name": "yaml_parser_parse_node", "RecvType": "", "Pos": { @@ -1678,72 +1906,60 @@ } ] }, - "36": { - "ID": 36, - "Name": "yaml_parser_parse_flow_mapping_value", + "41": { + "ID": 41, + "Name": "yaml_parser_parse_block_mapping_value", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 30992, - "Line": 970, + "Offset": 23171, + "Line": 733, "Column": 6 }, "CallSites": [ { - "Parent": 22, - "Name": "yaml_parser_parse_flow_mapping_value", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 6200, - "Line": 161, - "Column": 46 - }, - "Resolved": true - }, - { - "Parent": 22, - "Name": "yaml_parser_parse_flow_mapping_value", + "Parent": 29, + "Name": "yaml_parser_parse_block_mapping_value", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 6318, - "Line": 164, - "Column": 46 + "Offset": 5244, + "Line": 137, + "Column": 47 }, "Resolved": true } ] }, - "37": { - "ID": 37, - "Name": "yaml_parser_parse_indentless_sequence_entry", + "42": { + "ID": 42, + "Name": "yaml_parser_parse_flow_sequence_entry_mapping_key", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 19971, - "Line": 631, + "Offset": 26335, + "Line": 833, "Column": 6 }, "CallSites": [ { - "Parent": 22, - "Name": "yaml_parser_parse_indentless_sequence_entry", + "Parent": 29, + "Name": "yaml_parser_parse_flow_sequence_entry_mapping_key", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 4912, - "Line": 128, - "Column": 53 + "Offset": 5608, + "Line": 146, + "Column": 59 }, "Resolved": true } ] }, - "38": { - "ID": 38, + "43": { + "ID": 43, "Name": "yaml_parser_parse_flow_mapping_key", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", @@ -1755,7 +1971,7 @@ }, "CallSites": [ { - "Parent": 22, + "Parent": 29, "Name": "yaml_parser_parse_flow_mapping_key", "RecvType": "", "Pos": { @@ -1767,7 +1983,7 @@ "Resolved": true }, { - "Parent": 22, + "Parent": 29, "Name": "yaml_parser_parse_flow_mapping_key", "RecvType": "", "Pos": { @@ -1780,8 +1996,46 @@ } ] }, - "39": { - "ID": 39, + "44": { + "ID": 44, + "Name": "yaml_parser_parse_flow_sequence_entry", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 24503, + "Line": 770, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 29, + "Name": "yaml_parser_parse_flow_sequence_entry", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 5357, + "Line": 140, + "Column": 47 + }, + "Resolved": true + }, + { + "Parent": 29, + "Name": "yaml_parser_parse_flow_sequence_entry", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 5470, + "Line": 143, + "Column": 47 + }, + "Resolved": true + } + ] + }, + "45": { + "ID": 45, "Name": "yaml_parser_parse_block_mapping_key", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", @@ -1793,7 +2047,7 @@ }, "CallSites": [ { - "Parent": 22, + "Parent": 29, "Name": "yaml_parser_parse_block_mapping_key", "RecvType": "", "Pos": { @@ -1805,7 +2059,7 @@ "Resolved": true }, { - "Parent": 22, + "Parent": 29, "Name": "yaml_parser_parse_block_mapping_key", "RecvType": "", "Pos": { @@ -1818,34 +2072,34 @@ } ] }, - "4": { - "ID": 4, - "Name": "Testcase", + "46": { + "ID": 46, + "Name": "yaml_parser_parse_indentless_sequence_entry", "RecvType": "", - "PkgPath": "github.com/Templum/playground/pkg/yaml", + "PkgPath": "gopkg.in/yaml.v2", "Pos": { - "Filename": "/workspaces/govulncheck-action/pkg/yaml/testcase.go", - "Offset": 306, - "Line": 26, + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 19971, + "Line": 631, "Column": 6 }, "CallSites": [ { - "Parent": 1, - "Name": "Testcase", + "Parent": 29, + "Name": "yaml_parser_parse_indentless_sequence_entry", "RecvType": "", "Pos": { - "Filename": "/workspaces/govulncheck-action/main.go", - "Offset": 244, - "Line": 13, - "Column": 15 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 4912, + "Line": 128, + "Column": 53 }, "Resolved": true } ] }, - "40": { - "ID": 40, + "47": { + "ID": 47, "Name": "yaml_parser_parse_flow_sequence_entry_mapping_value", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", @@ -1857,7 +2111,7 @@ }, "CallSites": [ { - "Parent": 22, + "Parent": 29, "Name": "yaml_parser_parse_flow_sequence_entry_mapping_value", "RecvType": "", "Pos": { @@ -1870,34 +2124,8 @@ } ] }, - "41": { - "ID": 41, - "Name": "yaml_parser_parse_flow_sequence_entry_mapping_key", - "RecvType": "", - "PkgPath": "gopkg.in/yaml.v2", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 26335, - "Line": 833, - "Column": 6 - }, - "CallSites": [ - { - "Parent": 22, - "Name": "yaml_parser_parse_flow_sequence_entry_mapping_key", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 5608, - "Line": 146, - "Column": 59 - }, - "Resolved": true - } - ] - }, - "42": { - "ID": 42, + "48": { + "ID": 48, "Name": "yaml_parser_parse_document_content", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", @@ -1909,7 +2137,7 @@ }, "CallSites": [ { - "Parent": 22, + "Parent": 29, "Name": "yaml_parser_parse_document_content", "RecvType": "", "Pos": { @@ -1922,110 +2150,98 @@ } ] }, - "43": { - "ID": 43, - "Name": "yaml_parser_parse_flow_sequence_entry", + "49": { + "ID": 49, + "Name": "yaml_parser_parse_block_sequence_entry", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 24503, - "Line": 770, + "Offset": 18391, + "Line": 579, "Column": 6 }, "CallSites": [ { - "Parent": 22, - "Name": "yaml_parser_parse_flow_sequence_entry", + "Parent": 29, + "Name": "yaml_parser_parse_block_sequence_entry", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 5357, - "Line": 140, - "Column": 47 + "Offset": 4671, + "Line": 122, + "Column": 48 }, "Resolved": true }, { - "Parent": 22, - "Name": "yaml_parser_parse_flow_sequence_entry", + "Parent": 29, + "Name": "yaml_parser_parse_block_sequence_entry", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 5470, - "Line": 143, - "Column": 47 + "Offset": 4786, + "Line": 125, + "Column": 48 }, "Resolved": true } ] }, - "44": { - "ID": 44, - "Name": "yaml_parser_parse_block_sequence_entry", + "5": { + "ID": 5, + "Name": "Testcase", "RecvType": "", - "PkgPath": "gopkg.in/yaml.v2", + "PkgPath": "github.com/Templum/playground/pkg/yaml", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 18391, - "Line": 579, + "Filename": "/workspaces/govulncheck-action/pkg/yaml/testcase.go", + "Offset": 306, + "Line": 26, "Column": 6 }, "CallSites": [ { - "Parent": 22, - "Name": "yaml_parser_parse_block_sequence_entry", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 4671, - "Line": 122, - "Column": 48 - }, - "Resolved": true - }, - { - "Parent": 22, - "Name": "yaml_parser_parse_block_sequence_entry", + "Parent": 1, + "Name": "Testcase", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 4786, - "Line": 125, - "Column": 48 + "Filename": "/workspaces/govulncheck-action/main.go", + "Offset": 289, + "Line": 14, + "Column": 15 }, "Resolved": true } ] }, - "45": { - "ID": 45, - "Name": "yaml_parser_parse_stream_start", + "50": { + "ID": 50, + "Name": "yaml_parser_parse_flow_sequence_entry_mapping_end", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 6526, - "Line": 174, + "Offset": 27998, + "Line": 878, "Column": 6 }, "CallSites": [ { - "Parent": 22, - "Name": "yaml_parser_parse_stream_start", + "Parent": 29, + "Name": "yaml_parser_parse_flow_sequence_entry_mapping_end", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", - "Offset": 3836, - "Line": 98, - "Column": 40 + "Offset": 5874, + "Line": 152, + "Column": 59 }, "Resolved": true } ] }, - "46": { - "ID": 46, + "51": { + "ID": 51, "Name": "yaml_parser_parse_document_start", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", @@ -2037,7 +2253,7 @@ }, "CallSites": [ { - "Parent": 22, + "Parent": 29, "Name": "yaml_parser_parse_document_start", "RecvType": "", "Pos": { @@ -2049,7 +2265,7 @@ "Resolved": true }, { - "Parent": 22, + "Parent": 29, "Name": "yaml_parser_parse_document_start", "RecvType": "", "Pos": { @@ -2062,8 +2278,8 @@ } ] }, - "47": { - "ID": 47, + "52": { + "ID": 52, "Name": "yaml_parser_process_directives", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", @@ -2075,7 +2291,7 @@ }, "CallSites": [ { - "Parent": 46, + "Parent": 51, "Name": "yaml_parser_process_directives", "RecvType": "", "Pos": { @@ -2087,7 +2303,7 @@ "Resolved": true }, { - "Parent": 46, + "Parent": 51, "Name": "yaml_parser_process_directives", "RecvType": "", "Pos": { @@ -2100,8 +2316,8 @@ } ] }, - "48": { - "ID": 48, + "53": { + "ID": 53, "Name": "yaml_parser_parse_document_end", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", @@ -2113,7 +2329,7 @@ }, "CallSites": [ { - "Parent": 22, + "Parent": 29, "Name": "yaml_parser_parse_document_end", "RecvType": "", "Pos": { @@ -2126,245 +2342,65 @@ } ] }, - "49": { - "ID": 49, - "Name": "document", - "RecvType": "*gopkg.in/yaml.v2.decoder", + "54": { + "ID": 54, + "Name": "yaml_parser_parse_stream_start", + "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 7917, - "Line": 341, - "Column": 19 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 6526, + "Line": 174, + "Column": 6 }, "CallSites": [ { - "Parent": 9, - "Name": "document", + "Parent": 29, + "Name": "yaml_parser_parse_stream_start", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 7511, - "Line": 320, - "Column": 20 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/parserc.go", + "Offset": 3836, + "Line": 98, + "Column": 40 }, "Resolved": true } ] }, - "5": { - "ID": 5, - "Name": "yaml_parser_increase_flow_level", + "55": { + "ID": 55, + "Name": "yaml_parser_fetch_flow_collection_start", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 27111, - "Line": 910, + "Offset": 32018, + "Line": 1099, "Column": 6 }, "CallSites": [ { - "Parent": 18, - "Name": "yaml_parser_increase_flow_level", + "Parent": 56, + "Name": "yaml_parser_fetch_flow_collection_start", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 32293, - "Line": 1106, - "Column": 37 - }, - "Resolved": true - } - ] - }, - "50": { - "ID": 50, - "Name": "merge", - "RecvType": "*gopkg.in/yaml.v2.decoder", - "PkgPath": "gopkg.in/yaml.v2", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 17803, - "Line": 744, - "Column": 19 - }, - "CallSites": [ - { - "Parent": 51, - "Name": "merge", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 14719, - "Line": 621, - "Column": 11 - }, - "Resolved": true - }, - { - "Parent": 52, - "Name": "merge", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 16710, - "Line": 705, - "Column": 11 - }, - "Resolved": true - }, - { - "Parent": 53, - "Name": "merge", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 15783, - "Line": 665, - "Column": 11 - }, - "Resolved": true - } - ] - }, - "51": { - "ID": 51, - "Name": "mapping", - "RecvType": "*gopkg.in/yaml.v2.decoder", - "PkgPath": "gopkg.in/yaml.v2", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 13861, - "Line": 581, - "Column": 19 - }, - "CallSites": [ - { - "Parent": 9, - "Name": "mapping", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 7743, - "Line": 332, - "Column": 19 - }, - "Resolved": true - } - ] - }, - "52": { - "ID": 52, - "Name": "mappingStruct", - "RecvType": "*gopkg.in/yaml.v2.decoder", - "PkgPath": "gopkg.in/yaml.v2", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 16136, - "Line": 682, - "Column": 19 - }, - "CallSites": [ - { - "Parent": 51, - "Name": "mappingStruct", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 13978, - "Line": 584, - "Column": 25 - }, - "Resolved": true - } - ] - }, - "53": { - "ID": 53, - "Name": "mappingSlice", - "RecvType": "*gopkg.in/yaml.v2.decoder", - "PkgPath": "gopkg.in/yaml.v2", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 15467, - "Line": 651, - "Column": 19 - }, - "CallSites": [ - { - "Parent": 51, - "Name": "mappingSlice", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 14031, - "Line": 586, - "Column": 24 + "Offset": 20412, + "Line": 722, + "Column": 49 }, "Resolved": true }, { - "Parent": 51, - "Name": "mappingSlice", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 14278, - "Line": 596, - "Column": 22 - }, - "Resolved": true - } - ] - }, - "54": { - "ID": 54, - "Name": "alias", - "RecvType": "*gopkg.in/yaml.v2.decoder", - "PkgPath": "gopkg.in/yaml.v2", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 8093, - "Line": 350, - "Column": 19 - }, - "CallSites": [ - { - "Parent": 9, - "Name": "alias", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 7553, - "Line": 322, - "Column": 17 - }, - "Resolved": true - } - ] - }, - "55": { - "ID": 55, - "Name": "sequence", - "RecvType": "*gopkg.in/yaml.v2.decoder", - "PkgPath": "gopkg.in/yaml.v2", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 13038, - "Line": 543, - "Column": 19 - }, - "CallSites": [ - { - "Parent": 9, - "Name": "sequence", + "Parent": 56, + "Name": "yaml_parser_fetch_flow_collection_start", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 7791, - "Line": 334, - "Column": 20 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 20595, + "Line": 727, + "Column": 49 }, "Resolved": true } @@ -2372,25 +2408,25 @@ }, "56": { "ID": 56, - "Name": "yaml_parser_fetch_key", + "Name": "yaml_parser_fetch_next_token", "RecvType": "", "PkgPath": "gopkg.in/yaml.v2", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 35499, - "Line": 1229, + "Offset": 18571, + "Line": 665, "Column": 6 }, "CallSites": [ { - "Parent": 19, - "Name": "yaml_parser_fetch_key", + "Parent": 11, + "Name": "yaml_parser_fetch_next_token", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 21495, - "Line": 754, - "Column": 31 + "Offset": 18446, + "Line": 655, + "Column": 35 }, "Resolved": true } @@ -2409,7 +2445,7 @@ }, "CallSites": [ { - "Parent": 19, + "Parent": 56, "Name": "yaml_parser_fetch_block_entry", "RecvType": "", "Pos": { @@ -2435,152 +2471,166 @@ }, "CallSites": [ { - "Parent": 19, - "Name": "yaml_parser_fetch_value", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", - "Offset": 21693, - "Line": 759, - "Column": 33 - }, - "Resolved": true - } - ] - }, - "6": { - "ID": 6, - "Name": "parseObject", - "RecvType": "", - "PkgPath": "github.com/tidwall/gjson", - "Pos": { - "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 21927, - "Line": 1114, - "Column": 6 - }, - "CallSites": [ - { - "Parent": 17, - "Name": "parseObject", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 28823, - "Line": 1462, - "Column": 26 - }, - "Resolved": true - }, - { - "Parent": 6, - "Name": "parseObject", + "Parent": 56, + "Name": "yaml_parser_fetch_value", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 24057, - "Line": 1212, - "Column": 26 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 21693, + "Line": 759, + "Column": 33 }, "Resolved": true - }, + } + ] + }, + "59": { + "ID": 59, + "Name": "yaml_parser_fetch_key", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 35499, + "Line": 1229, + "Column": 6 + }, + "CallSites": [ { - "Parent": 8, - "Name": "parseObject", + "Parent": 56, + "Name": "yaml_parser_fetch_key", "RecvType": "", "Pos": { - "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 39894, - "Line": 1963, - "Column": 16 + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/scannerc.go", + "Offset": 21495, + "Line": 754, + "Column": 31 }, "Resolved": true } ] }, - "7": { - "ID": 7, - "Name": "Unmarshal", + "6": { + "ID": 6, + "Name": "Parse", "RecvType": "", - "PkgPath": "gopkg.in/yaml.v2", + "PkgPath": "golang.org/x/text/language", "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/yaml.go", - "Offset": 2757, - "Line": 80, + "Filename": "/go/pkg/mod/golang.org/x/text@v0.3.6/language/parse.go", + "Offset": 1121, + "Line": 33, "Column": 6 }, "CallSites": [ { - "Parent": 4, - "Name": "Unmarshal", + "Parent": 14, + "Name": "Parse", "RecvType": "", "Pos": { - "Filename": "/workspaces/govulncheck-action/pkg/yaml/testcase.go", - "Offset": 348, - "Line": 28, - "Column": 20 + "Filename": "/go/pkg/mod/golang.org/x/text@v0.3.6/language/tags.go", + "Offset": 469, + "Line": 14, + "Column": 17 }, "Resolved": true } ] }, - "8": { - "ID": 8, + "7": { + "ID": 7, "Name": "Get", - "RecvType": "", + "RecvType": "github.com/tidwall/gjson.Result", "PkgPath": "github.com/tidwall/gjson", "Pos": { "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 37859, - "Line": 1873, - "Column": 6 + "Offset": 5744, + "Line": 296, + "Column": 17 }, "CallSites": [ { - "Parent": 2, + "Parent": 17, "Name": "Get", "RecvType": "", "Pos": { - "Filename": "/workspaces/govulncheck-action/pkg/json/testcase.go", - "Offset": 162, - "Line": 11, - "Column": 20 + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 31327, + "Line": 1579, + "Column": 24 }, "Resolved": true }, { - "Parent": 11, + "Parent": 18, "Name": "Get", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 5781, - "Line": 297, - "Column": 12 + "Offset": 27159, + "Line": 1370, + "Column": 18 }, "Resolved": true }, { - "Parent": 8, + "Parent": 18, "Name": "Get", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 38198, - "Line": 1885, - "Column": 17 + "Offset": 27446, + "Line": 1385, + "Column": 19 }, "Resolved": true }, { - "Parent": 8, + "Parent": 12, "Name": "Get", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", - "Offset": 38654, - "Line": 1905, - "Column": 17 + "Offset": 39584, + "Line": 1945, + "Column": 20 + }, + "Resolved": true + }, + { + "Parent": 12, + "Name": "Get", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/github.com/tidwall/gjson@v1.6.4/gjson.go", + "Offset": 40038, + "Line": 1974, + "Column": 21 + }, + "Resolved": true + } + ] + }, + "8": { + "ID": 8, + "Name": "Unmarshal", + "RecvType": "", + "PkgPath": "gopkg.in/yaml.v2", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/yaml.go", + "Offset": 2757, + "Line": 80, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 5, + "Name": "Unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/workspaces/govulncheck-action/pkg/yaml/testcase.go", + "Offset": 348, + "Line": 28, + "Column": 20 }, "Resolved": true } @@ -2599,7 +2649,7 @@ }, "CallSites": [ { - "Parent": 27, + "Parent": 19, "Name": "unmarshal", "RecvType": "", "Pos": { @@ -2611,19 +2661,7 @@ "Resolved": true }, { - "Parent": 49, - "Name": "unmarshal", - "RecvType": "", - "Pos": { - "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 8020, - "Line": 344, - "Column": 14 - }, - "Resolved": true - }, - { - "Parent": 50, + "Parent": 20, "Name": "unmarshal", "RecvType": "", "Pos": { @@ -2635,7 +2673,7 @@ "Resolved": true }, { - "Parent": 50, + "Parent": 20, "Name": "unmarshal", "RecvType": "", "Pos": { @@ -2647,7 +2685,7 @@ "Resolved": true }, { - "Parent": 50, + "Parent": 20, "Name": "unmarshal", "RecvType": "", "Pos": { @@ -2659,7 +2697,7 @@ "Resolved": true }, { - "Parent": 52, + "Parent": 21, "Name": "unmarshal", "RecvType": "", "Pos": { @@ -2671,7 +2709,7 @@ "Resolved": true }, { - "Parent": 52, + "Parent": 21, "Name": "unmarshal", "RecvType": "", "Pos": { @@ -2683,7 +2721,7 @@ "Resolved": true }, { - "Parent": 52, + "Parent": 21, "Name": "unmarshal", "RecvType": "", "Pos": { @@ -2695,7 +2733,7 @@ "Resolved": true }, { - "Parent": 53, + "Parent": 23, "Name": "unmarshal", "RecvType": "", "Pos": { @@ -2707,7 +2745,7 @@ "Resolved": true }, { - "Parent": 53, + "Parent": 23, "Name": "unmarshal", "RecvType": "", "Pos": { @@ -2719,7 +2757,7 @@ "Resolved": true }, { - "Parent": 51, + "Parent": 22, "Name": "unmarshal", "RecvType": "", "Pos": { @@ -2731,7 +2769,7 @@ "Resolved": true }, { - "Parent": 51, + "Parent": 22, "Name": "unmarshal", "RecvType": "", "Pos": { @@ -2743,19 +2781,19 @@ "Resolved": true }, { - "Parent": 54, + "Parent": 24, "Name": "unmarshal", "RecvType": "", "Pos": { "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", - "Offset": 8321, - "Line": 356, - "Column": 20 + "Offset": 8020, + "Line": 344, + "Column": 14 }, "Resolved": true }, { - "Parent": 55, + "Parent": 25, "Name": "unmarshal", "RecvType": "", "Pos": { @@ -2765,6 +2803,18 @@ "Column": 23 }, "Resolved": true + }, + { + "Parent": 26, + "Name": "unmarshal", + "RecvType": "", + "Pos": { + "Filename": "/go/pkg/mod/gopkg.in/yaml.v2@v2.2.0/decode.go", + "Offset": 8321, + "Line": 356, + "Column": 20 + }, + "Resolved": true } ] } @@ -2773,7 +2823,8 @@ 1, 2, 3, - 4 + 4, + 5 ] }, "Imports": { @@ -2784,7 +2835,8 @@ "Path": "github.com/tidwall/gjson", "Module": 1, "ImportedBy": [ - 2 + 2, + 4 ] }, "2": { @@ -2793,7 +2845,7 @@ "Path": "github.com/Templum/playground/pkg/json", "Module": 2, "ImportedBy": [ - 7 + 8 ] }, "3": { @@ -2803,38 +2855,48 @@ "Module": 3, "ImportedBy": [ 4, - 7 + 5, + 8 ] }, "4": { "ID": 4, - "Name": "text", - "Path": "github.com/Templum/playground/pkg/text", + "Name": "seconds", + "Path": "github.com/Templum/playground/pkg/seconds", "Module": 2, "ImportedBy": [ - 7 + 8 ] }, "5": { "ID": 5, - "Name": "yaml", - "Path": "gopkg.in/yaml.v2", - "Module": 4, + "Name": "text", + "Path": "github.com/Templum/playground/pkg/text", + "Module": 2, "ImportedBy": [ - 6 + 8 ] }, "6": { "ID": 6, "Name": "yaml", - "Path": "github.com/Templum/playground/pkg/yaml", - "Module": 2, + "Path": "gopkg.in/yaml.v2", + "Module": 4, "ImportedBy": [ 7 ] }, "7": { "ID": 7, + "Name": "yaml", + "Path": "github.com/Templum/playground/pkg/yaml", + "Module": 2, + "ImportedBy": [ + 8 + ] + }, + "8": { + "ID": 8, "Name": "main", "Path": "github.com/Templum/playground", "Module": 2, @@ -2842,10 +2904,11 @@ } }, "Entries": [ - 7, + 8, 2, 4, - 6 + 5, + 7 ] }, "Requires": { @@ -2958,7 +3021,7 @@ "Symbol": "Get", "PkgPath": "github.com/tidwall/gjson", "ModPath": "github.com/tidwall/gjson", - "CallSink": 8, + "CallSink": 12, "ImportSink": 1, "RequireSink": 1 }, @@ -3030,7 +3093,7 @@ "Symbol": "Result.Get", "PkgPath": "github.com/tidwall/gjson", "ModPath": "github.com/tidwall/gjson", - "CallSink": 11, + "CallSink": 7, "ImportSink": 1, "RequireSink": 1 }, @@ -3102,7 +3165,7 @@ "Symbol": "parseObject", "PkgPath": "github.com/tidwall/gjson", "ModPath": "github.com/tidwall/gjson", - "CallSink": 6, + "CallSink": 16, "ImportSink": 1, "RequireSink": 1 }, @@ -3174,7 +3237,7 @@ "Symbol": "queryMatches", "PkgPath": "github.com/tidwall/gjson", "ModPath": "github.com/tidwall/gjson", - "CallSink": 13, + "CallSink": 15, "ImportSink": 1, "RequireSink": 1 }, @@ -3240,8 +3303,8 @@ "Symbol": "Unmarshal", "PkgPath": "gopkg.in/yaml.v2", "ModPath": "gopkg.in/yaml.v2", - "CallSink": 7, - "ImportSink": 5, + "CallSink": 8, + "ImportSink": 6, "RequireSink": 4 }, { @@ -3306,8 +3369,8 @@ "Symbol": "yaml_parser_roll_indent", "PkgPath": "gopkg.in/yaml.v2", "ModPath": "gopkg.in/yaml.v2", - "CallSink": 15, - "ImportSink": 5, + "CallSink": 10, + "ImportSink": 6, "RequireSink": 4 }, { @@ -3372,8 +3435,8 @@ "Symbol": "yaml_parser_increase_flow_level", "PkgPath": "gopkg.in/yaml.v2", "ModPath": "gopkg.in/yaml.v2", - "CallSink": 5, - "ImportSink": 5, + "CallSink": 13, + "ImportSink": 6, "RequireSink": 4 }, { @@ -3439,7 +3502,7 @@ "PkgPath": "gopkg.in/yaml.v2", "ModPath": "gopkg.in/yaml.v2", "CallSink": 9, - "ImportSink": 5, + "ImportSink": 6, "RequireSink": 4 }, { @@ -3516,7 +3579,7 @@ "Symbol": "Result.Get", "PkgPath": "github.com/tidwall/gjson", "ModPath": "github.com/tidwall/gjson", - "CallSink": 11, + "CallSink": 7, "ImportSink": 1, "RequireSink": 1 }, @@ -3594,7 +3657,7 @@ "Symbol": "parseObject", "PkgPath": "github.com/tidwall/gjson", "ModPath": "github.com/tidwall/gjson", - "CallSink": 6, + "CallSink": 16, "ImportSink": 1, "RequireSink": 1 }, @@ -3672,7 +3735,7 @@ "Symbol": "queryMatches", "PkgPath": "github.com/tidwall/gjson", "ModPath": "github.com/tidwall/gjson", - "CallSink": 13, + "CallSink": 15, "ImportSink": 1, "RequireSink": 1 }, @@ -3750,7 +3813,7 @@ "Symbol": "Get", "PkgPath": "github.com/tidwall/gjson", "ModPath": "github.com/tidwall/gjson", - "CallSink": 8, + "CallSink": 12, "ImportSink": 1, "RequireSink": 1 }, @@ -3814,7 +3877,7 @@ "Symbol": "MustParse", "PkgPath": "golang.org/x/text/language", "ModPath": "golang.org/x/text", - "CallSink": 12, + "CallSink": 14, "ImportSink": 3, "RequireSink": 3 }, @@ -3878,7 +3941,7 @@ "Symbol": "Parse", "PkgPath": "golang.org/x/text/language", "ModPath": "golang.org/x/text", - "CallSink": 10, + "CallSink": 6, "ImportSink": 3, "RequireSink": 3 }, @@ -3975,7 +4038,7 @@ "PkgPath": "gopkg.in/yaml.v2", "ModPath": "gopkg.in/yaml.v2", "CallSink": 9, - "ImportSink": 5, + "ImportSink": 6, "RequireSink": 4 }, { @@ -4070,8 +4133,8 @@ "Symbol": "Unmarshal", "PkgPath": "gopkg.in/yaml.v2", "ModPath": "gopkg.in/yaml.v2", - "CallSink": 7, - "ImportSink": 5, + "CallSink": 8, + "ImportSink": 6, "RequireSink": 4 }, { @@ -4171,8 +4234,8 @@ "Symbol": "yaml_parser_fetch_more_tokens", "PkgPath": "gopkg.in/yaml.v2", "ModPath": "gopkg.in/yaml.v2", - "CallSink": 14, - "ImportSink": 5, + "CallSink": 11, + "ImportSink": 6, "RequireSink": 4 }, { @@ -4272,8 +4335,8 @@ "Symbol": "Unmarshal", "PkgPath": "gopkg.in/yaml.v2", "ModPath": "gopkg.in/yaml.v2", - "CallSink": 7, - "ImportSink": 5, + "CallSink": 8, + "ImportSink": 6, "RequireSink": 4 } ], @@ -4321,4 +4384,4 @@ "Replace": null } ] -} \ No newline at end of file +} diff --git a/main.go b/main.go index 3bff9ec..4e59f34 100644 --- a/main.go +++ b/main.go @@ -4,6 +4,7 @@ import ( "os" "runtime" + "github.com/Templum/govulncheck-action/pkg/action" "github.com/Templum/govulncheck-action/pkg/github" "github.com/Templum/govulncheck-action/pkg/sarif" "github.com/Templum/govulncheck-action/pkg/vulncheck" @@ -21,12 +22,13 @@ func main() { reporter := sarif.NewSarifReporter(logger) github := github.NewSarifUploader(logger) scanner := vulncheck.NewScanner(logger) + processor := action.NewVulncheckProcessor() if os.Getenv("DEBUG") == "true" { zerolog.SetGlobalLevel(zerolog.DebugLevel) logger.Debug().Msg("Running in Debug-Mode will use hardcoded scan result and enable debug logs") - scanner = vulncheck.NewLocalScanner(logger, "/workspaces/govulncheck-action/hack/output.json") + scanner = vulncheck.NewLocalScanner(logger, "/workspaces/govulncheck-action/hack/found.json") } logger.Info(). @@ -41,7 +43,10 @@ func main() { os.Exit(2) } - err = reporter.Convert(result) + vulnerableStacks := vulncheck.Resolve(result) + vulnerableStacks = processor.RemoveDuplicates(vulnerableStacks) + + err = reporter.Convert(vulnerableStacks) if err != nil { logger.Error().Err(err).Msg("Conversion of Scan yielded error") os.Exit(2) diff --git a/pkg/action/preprocessor.go b/pkg/action/preprocessor.go new file mode 100644 index 0000000..cdbc955 --- /dev/null +++ b/pkg/action/preprocessor.go @@ -0,0 +1,79 @@ +package action + +import ( + "os" + "strings" + + "github.com/Templum/govulncheck-action/pkg/types" + "golang.org/x/vuln/vulncheck" +) + +type VulncheckProcessor struct { + workDir string +} + +func NewVulncheckProcessor() *VulncheckProcessor { + workDir, _ := os.Getwd() + + return &VulncheckProcessor{ + workDir: workDir, + } +} + +func (p *VulncheckProcessor) RemoveDuplicates(vulnerableStacks types.VulnerableStacks) types.VulnerableStacks { + // Will hold all unique items and there stacks + uniqueVulnStacks := make(types.VulnerableStacks) + // Sometimes vulnerabilities are included for each affected symbol + lookupTable := make(map[string]map[string]bool) + + for vuln, stacks := range vulnerableStacks { + ref := findRef(vuln.OSV.ID, uniqueVulnStacks) + if ref == nil { + uniqueVulnStacks[vuln] = make([]vulncheck.CallStack, 0) + ref = vuln + } + + if _, ok := lookupTable[vuln.OSV.ID]; !ok { + lookupTable[vuln.OSV.ID] = make(map[string]bool) + } + + for _, current := range stacks { + entry := FindVulnerableCallSite(p.workDir, current) + + if entry.Function != nil && entry.Call != nil { + callLocation := entry.Call.Pos.String() + + if _, ok := lookupTable[vuln.OSV.ID][callLocation]; !ok { + lookupTable[vuln.OSV.ID][callLocation] = true + uniqueVulnStacks[ref] = append(uniqueVulnStacks[ref], current) + } + } + + } + } + + return uniqueVulnStacks +} + +func FindVulnerableCallSite(workDir string, stack vulncheck.CallStack) vulncheck.StackEntry { + // We start from the back as that is the entrypoint for the reported vulnerability + for i := range stack { + current := stack[len(stack)-1-i] + + if current.Call != nil && strings.Contains(current.Call.Pos.Filename, workDir) { + return current + } + } + + return vulncheck.StackEntry{Function: nil, Call: nil} +} + +func findRef(osvID string, lookup types.VulnerableStacks) *vulncheck.Vuln { + for key := range lookup { + if key.OSV.ID == osvID { + return key + } + } + + return nil +} diff --git a/pkg/sarif/reporter.go b/pkg/sarif/reporter.go index 2aba883..3ceca2b 100644 --- a/pkg/sarif/reporter.go +++ b/pkg/sarif/reporter.go @@ -6,6 +6,7 @@ import ( "os" "strings" + "github.com/Templum/govulncheck-action/pkg/action" "github.com/Templum/govulncheck-action/pkg/types" "github.com/owenrumney/go-sarif/v2/sarif" "github.com/rs/zerolog" @@ -20,6 +21,7 @@ const ( fullName = "Golang Vulncheck" uri = "https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck" baseURI = "SRCROOT" + envRepo = "GITHUB_REPOSITORY" ) type SarifReporter struct { @@ -36,31 +38,27 @@ func NewSarifReporter(logger zerolog.Logger) types.Reporter { return &SarifReporter{report: nil, run: nil, log: logger, workDir: localDir} } -func (sr *SarifReporter) Convert(result *vulncheck.Result) error { +func (sr *SarifReporter) Convert(result types.VulnerableStacks) error { if err := sr.createEmptyReport("initial"); err != nil { return fmt.Errorf("failed to create an empty sarif report due to %v", err) } - for _, current := range result.Vulns { - sr.addRule(*current) + sr.log.Debug().Msgf("Scan showed code being impacted by %d vulnerabilities", len(result)) + for vuln, callStacks := range result { + sr.addRule(vuln) - callingVuln := sr.searchCallChainForUserCode(current, result.Calls) + for _, current := range callStacks { + // callSite can never have Call=nil Function=nil as the curator is using + // the same method and filtering out those cases + callSite := action.FindVulnerableCallSite(sr.workDir, current) - if callingVuln == nil { - if len(result.Imports.Packages) >= current.ImportSink { - pkg := result.Imports.Packages[current.ImportSink] - message := fmt.Sprintf("Project is indirectly using vulnerable package %s", pkg.Path) - - sr.addResult(current, message, nil) - } - break + text, markdown := sr.generateResultMessage(vuln, callSite, current) + sr.addResult(vuln, callSite.Call, text, markdown) } - parent := result.Calls.Functions[callingVuln.Parent] - message := sr.generateResultMessage(current, callingVuln, parent) - sr.addResult(current, message, callingVuln) } + sr.log.Info().Int("Vulnerabilities", len(result)).Int("Call Sites", len(sr.run.Results)).Msg("Conversion yielded following stats") return nil } @@ -87,7 +85,7 @@ func (sr *SarifReporter) createEmptyReport(vulncheckVersion string) error { return nil } -func (sr *SarifReporter) addRule(vuln vulncheck.Vuln) { +func (sr *SarifReporter) addRule(vuln *vulncheck.Vuln) { text, markdown := sr.generateRuleHelp(vuln) // sr.run.AddRule does check if the rule is present prior to adding it @@ -110,25 +108,16 @@ func (sr *SarifReporter) addRule(vuln vulncheck.Vuln) { WithHelpURI(fmt.Sprintf("https://pkg.go.dev/vuln/%s", vuln.OSV.ID)) } -func (sr *SarifReporter) addResult(vuln *vulncheck.Vuln, message string, call *vulncheck.CallSite) { - if sr.alreadyReported(vuln, message) { - sr.log.Debug(). - Str("ID", vuln.OSV.ID). - Str("Pkg", vuln.PkgPath). - Str("Caller", call.Name). - Msg("There is already a result for this vuln-call tuple") - return - } - - sr.log.Debug(). - Str("Symbol", vuln.Symbol). - Msgf("[Add Result] %s", message) - +func (sr *SarifReporter) addResult(vuln *vulncheck.Vuln, call *vulncheck.CallSite, text string, markdown string) { result := sarif.NewRuleResult(vuln.OSV.ID). WithLevel(severity). - WithMessage(sarif.NewTextMessage(message)) + WithMessage(sarif.NewMessage().WithMarkdown(markdown).WithText(text)) if call != nil { + sr.log.Debug(). + Str("Symbol", vuln.Symbol). + Msgf("Add result for %s called from %s", vuln.OSV.ID, call.Pos) + region := sarif.NewRegion(). WithStartLine(call.Pos.Line). WithEndLine(call.Pos.Line). @@ -143,6 +132,9 @@ func (sr *SarifReporter) addResult(vuln *vulncheck.Vuln, message string, call *v result.WithLocations([]*sarif.Location{sarif.NewLocationWithPhysicalLocation(location)}) } + // TODO: Research option to provide fix instructions + // result.Fixes = append(result.Fixes, sarif.NewFix().WithDescription(fmt.Sprintf("Was fixed with version %s"))) + ruleIdx := sr.getRule(vuln.OSV.ID) if ruleIdx >= 0 { result.WithRuleIndex(ruleIdx) @@ -159,49 +151,10 @@ func (sr *SarifReporter) getRule(ruleId string) int { return -1 } -func (sr *SarifReporter) searchCallChainForUserCode(vuln *vulncheck.Vuln, graph *vulncheck.CallGraph) *vulncheck.CallSite { - if vuln.CallSink == 0 { - return nil - } - - // TODO: It might be that graph.Functions[vuln.CallSink] itself is a vulnerability - callChain := graph.Functions[vuln.CallSink].CallSites - - for len(callChain) > 0 { - var updatedChain []*vulncheck.CallSite - for _, current := range callChain { - parent := graph.Functions[current.Parent] - - if strings.Contains(current.Pos.Filename, sr.workDir) { - return current - } - - updatedChain = append(updatedChain, parent.CallSites...) - } - - callChain = updatedChain - } - - return nil -} - func (sr *SarifReporter) makePathRelative(absolute string) string { return strings.ReplaceAll(absolute, sr.workDir, "") } -func (sr *SarifReporter) alreadyReported(vuln *vulncheck.Vuln, message string) bool { - for _, current := range sr.run.Results { - ruleId := *current.RuleID - text := *current.Message.Text - - if ruleId == vuln.OSV.ID && text == message { - return true - } - } - - return false -} - func (sr *SarifReporter) searchFixVersion(versions []osv.Affected) string { for _, current := range versions { for _, r := range current.Ranges { @@ -216,7 +169,7 @@ func (sr *SarifReporter) searchFixVersion(versions []osv.Affected) string { return "None" } -func (sr *SarifReporter) generateRuleHelp(vuln vulncheck.Vuln) (text string, markdown string) { +func (sr *SarifReporter) generateRuleHelp(vuln *vulncheck.Vuln) (text string, markdown string) { fixVersion := sr.searchFixVersion(vuln.OSV.Affected) uri := fmt.Sprintf("https://pkg.go.dev/vuln/%s", vuln.OSV.ID) @@ -224,11 +177,33 @@ func (sr *SarifReporter) generateRuleHelp(vuln vulncheck.Vuln) (text string, mar fmt.Sprintf("**Vulnerability [%s](%s)**\n%s\n| Module | Package | Fixed in Version |\n| --- | --- |:---:|\n|%s|%s|%s|\n", vuln.OSV.ID, uri, vuln.OSV.Details, vuln.ModPath, vuln.PkgPath, fixVersion) } -func (sr *SarifReporter) generateResultMessage(vuln *vulncheck.Vuln, call *vulncheck.CallSite, parent *vulncheck.FuncNode) string { - relativeFile := sr.makePathRelative(call.Pos.String()) +func (sr *SarifReporter) generateResultMessage(vuln *vulncheck.Vuln, entry vulncheck.StackEntry, stack vulncheck.CallStack) (text string, markdown string) { + relativeFile := sr.makePathRelative(entry.Call.Pos.String()) + linkToFile := fmt.Sprintf("https://github.com/%s/blob/main/%s#L%d", os.Getenv(envRepo), sr.makePathRelative(entry.Call.Pos.Filename), entry.Call.Pos.Line) + linkToVuln := fmt.Sprintf("https://pkg.go.dev/vuln/%s", vuln.OSV.ID) + + var txtBuilder strings.Builder + var markBuilder strings.Builder - caller := fmt.Sprintf("[%s] %s.%s", relativeFile, parent.PkgPath, parent.Name) - calledVuln := fmt.Sprintf("%s.%s", vuln.PkgPath, call.Name) + txtBuilder.WriteString(fmt.Sprintf("%s calls %s which has vulnerability %s\n", + fmt.Sprintf("[%s] %s.%s", relativeFile, entry.Function.PkgPath, entry.Function.Name), + fmt.Sprintf("%s.%s", vuln.PkgPath, entry.Call.Name), + vuln.OSV.ID)) + txtBuilder.WriteString("Stacktrace: \n") + + markBuilder.WriteString(fmt.Sprintf("%s calls %s which has vulnerability [%s](%s)\n", + fmt.Sprintf("[%s](%s) %s.%s", relativeFile, linkToFile, entry.Function.PkgPath, entry.Function.Name), + fmt.Sprintf("%s.%s", vuln.PkgPath, entry.Call.Name), + vuln.OSV.ID, + linkToVuln, + )) + + markBuilder.WriteString("Stacktrace: \n") + + for _, line := range types.Stack(stack) { + txtBuilder.WriteString(fmt.Sprintf("%s \n", line)) + markBuilder.WriteString(fmt.Sprintf("* %s \n", line)) + } - return fmt.Sprintf("%s calls %s which has vulnerability %s", caller, calledVuln, vuln.OSV.ID) + return txtBuilder.String(), markBuilder.String() } diff --git a/pkg/types/call_chain.go b/pkg/types/call_chain.go new file mode 100644 index 0000000..54481f9 --- /dev/null +++ b/pkg/types/call_chain.go @@ -0,0 +1,51 @@ +package types + +import ( + "fmt" + + "github.com/rs/zerolog" + "golang.org/x/vuln/vulncheck" +) + +type CallChain struct { + Fn *vulncheck.FuncNode + Called *vulncheck.CallSite + Child *CallChain +} + +func NewCallChainLeave(fn *vulncheck.FuncNode, call *vulncheck.CallSite, child *CallChain) *CallChain { + return &CallChain{ + Fn: fn, + Called: call, + Child: child, + } +} + +func (c *CallChain) CreateCallStack() vulncheck.CallStack { + if c == nil { + return make(vulncheck.CallStack, 0) + } + + return append(vulncheck.CallStack{vulncheck.StackEntry{Function: c.Fn, Call: c.Called}}, c.Child.CreateCallStack()...) +} + +func PrintStack(log zerolog.Logger, stack vulncheck.CallStack) { + for _, line := range Stack(stack) { + log.Info().Msg(line) + } +} + +func Stack(stack vulncheck.CallStack) []string { + var output []string + + for i, current := range stack { + if current.Call == nil { + output = append(output, fmt.Sprintf("[%d] Vulnerability %s.%s", i, current.Function.PkgPath, current.Function.Name)) + } else { + output = append(output, fmt.Sprintf("[%d] %s %s => %s", i, current.Function.PkgPath, current.Function.Name, current.Call.Name)) + } + + } + + return output +} diff --git a/pkg/types/reporter.go b/pkg/types/reporter.go index 26464d5..92a2def 100644 --- a/pkg/types/reporter.go +++ b/pkg/types/reporter.go @@ -2,11 +2,9 @@ package types import ( "io" - - "golang.org/x/vuln/vulncheck" ) type Reporter interface { - Convert(result *vulncheck.Result) error + Convert(result VulnerableStacks) error Write(dest io.Writer) error } diff --git a/pkg/types/result.go b/pkg/types/result.go new file mode 100644 index 0000000..e22e3de --- /dev/null +++ b/pkg/types/result.go @@ -0,0 +1,5 @@ +package types + +import "golang.org/x/vuln/vulncheck" + +type VulnerableStacks map[*vulncheck.Vuln][]vulncheck.CallStack diff --git a/pkg/vulncheck/resolver.go b/pkg/vulncheck/resolver.go new file mode 100644 index 0000000..4e68632 --- /dev/null +++ b/pkg/vulncheck/resolver.go @@ -0,0 +1,177 @@ +package vulncheck + +import ( + "container/list" + "sort" + "strings" + "sync" + + "github.com/Templum/govulncheck-action/pkg/types" + "golang.org/x/vuln/vulncheck" +) + +// Resolve is based on code from the vuln package, which is released under BSD-style license: https://github.com/golang/vuln/blob/cac67f5c7c815b458cf683c41541d157d8217beb/vulncheck/witness.go#L146-L168 +// Resolve will collect all callstacks related to a vulnerability +// This occurs in parallel with one goroutine per vulnerability +func Resolve(result *vulncheck.Result) types.VulnerableStacks { + var ( + wg sync.WaitGroup + mu sync.Mutex + ) + vulnLookup := make(types.VulnerableStacks) + for _, current := range result.Vulns { + wg.Add(1) + go func(vulnerability *vulncheck.Vuln) { + var cs []vulncheck.CallStack + if vulnerability.CallSink != 0 { + cs = resolveCallstacks(vulnerability.CallSink, result) + } + + // sort call stacks by the estimated value to the user + sort.Slice(cs, func(i, j int) bool { + return stackLess(cs[i], cs[j]) + }) + + mu.Lock() + vulnLookup[vulnerability] = cs + mu.Unlock() + wg.Done() + }(current) + } + wg.Wait() + return vulnLookup +} + +// searchUnvisitedCallSites is based on code from the vuln package, which is released under BSD-style license: https://github.com/golang/vuln/blob/cac67f5c7c815b458cf683c41541d157d8217beb/vulncheck/witness.go#L172-L211 +// resolveCallstacks fetches all callstacks based on the provided entrypoint +func resolveCallstacks(entryID int, result *vulncheck.Result) []vulncheck.CallStack { + visitedSites := make(map[int]bool) + + vulEntryPoints := make(map[int]bool) + for _, current := range result.Calls.Entries { + vulEntryPoints[current] = true + } + + var stacks []vulncheck.CallStack + + queue := list.New() + queue.PushBack(types.NewCallChainLeave(result.Calls.Functions[entryID], nil, nil)) + + for queue.Len() > 0 { + ref := queue.Front() + current := ref.Value.(*types.CallChain) + queue.Remove(ref) + + if visitedSites[current.Fn.ID] { + continue + } + visitedSites[current.Fn.ID] = true + + for _, cs := range searchUnvisitedCallSites(current.Fn.CallSites, visitedSites, result) { + caller := result.Calls.Functions[cs.Parent] + chain := types.NewCallChainLeave(caller, cs, current) + + if vulEntryPoints[caller.ID] { + stacks = append(stacks, chain.CreateCallStack()) + } + + queue.PushBack(chain) + } + } + + return stacks +} + +// searchUnvisitedCallSites is based on code from the vuln package, which is released under BSD-style license: https://github.com/golang/vuln/blob/cac67f5c7c815b458cf683c41541d157d8217beb/vulncheck/witness.go#L217-L239 +// searchUnvisitedCallSites will go through the provided input and checkout the parent, while ensuring previously visited sites are not visited again +// It finally returns a list of all new callsites based on input +func searchUnvisitedCallSites(input []*vulncheck.CallSite, visitedSites map[int]bool, result *vulncheck.Result) []*vulncheck.CallSite { + callSites := make(map[int]*vulncheck.CallSite) + for _, cs := range input { + if visitedSites[cs.Parent] { + continue + } + + callSites[cs.Parent] = cs + } + + var functions []*vulncheck.FuncNode + for id := range callSites { + functions = append(functions, result.Calls.Functions[id]) + } + + var unvisitedSites []*vulncheck.CallSite + for _, fn := range functions { + unvisitedSites = append(unvisitedSites, callSites[fn.ID]) + } + + return unvisitedSites +} + +// confidence was taken directly from the vuln package, which is released under BSD-style license: https://github.com/golang/vuln/blob/cac67f5c7c815b458cf683c41541d157d8217beb/vulncheck/witness.go#L302-L320 +// stackLess compares two call stacks in terms of their estimated +// value to the user. Shorter stacks generally come earlier in the ordering. +// +// Two stacks are lexicographically ordered by: +// 1) their estimated level of confidence in being a real call stack, +// 2) their length, and 3) the number of dynamic call sites in the stack. +func stackLess(left vulncheck.CallStack, right vulncheck.CallStack) bool { + if c1, c2 := confidence(left), confidence(right); c1 != c2 { + return c1 < c2 + } + + if len(left) != len(right) { + return len(left) < len(right) + } + + if w1, w2 := weight(left), weight(right); w1 != w2 { + return w1 < w2 + } + + return true +} + +// confidence was taken directly from the vuln package, which is released under BSD-style license: https://github.com/golang/vuln/blob/cac67f5c7c815b458cf683c41541d157d8217beb/vulncheck/witness.go#L286-L294 +// confidence computes an approximate measure of whether the stack +// is realizable in practice. Currently, it equals the number of call +// sites in stack that go through standard libraries. Such call stacks +// have been experimentally shown to often result in false positives. +func confidence(stack vulncheck.CallStack) int { + c := 0 + for _, e := range stack { + if isStdPackage(e.Function.PkgPath) { + c += 1 + } + } + return c +} + +// weight was taken directly from the vuln package, which is released under BSD-style license: https://github.com/golang/vuln/blob/cac67f5c7c815b458cf683c41541d157d8217beb/vulncheck/witness.go#L270-L280 +// isStdPackage checks if the provided pkg is a standard package +func isStdPackage(pkg string) bool { + if pkg == "" { + return false + } + // std packages do not have a "." in their path. For instance, see + // Contains in pkgsite/+/refs/heads/master/internal/stdlbib/stdlib.go. + if i := strings.IndexByte(pkg, '/'); i != -1 { + pkg = pkg[:i] + } + return !strings.Contains(pkg, ".") +} + +// weight was taken directly from the vuln package, which is released under BSD-style license: https://github.com/golang/vuln/blob/cac67f5c7c815b458cf683c41541d157d8217beb/vulncheck/witness.go#L260-L268 +// weight computes an approximate measure of how easy is to understand the call +// stack when presented to the client as a witness. The smaller the value, the more +// understandable the stack is. Currently defined as the number of unresolved +// call sites in the stack. +func weight(stack vulncheck.CallStack) int { + // + w := 0 + for _, e := range stack { + if e.Call != nil && !e.Call.Resolved { + w += 1 + } + } + return w +}