dragonheim/gagent
dragonheim/gagent
1
0
Fork 0
mirror of https://github.com/dragonheim/gagent.git synced 2025-01-18 04:56:28 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updating security scan with new Golang and updated modules.

Browse source
This commit is contained in:
James Wells 2022-03-16 16:33:56 -07:00
parent af5407f2e6
commit 06147db215
Signed by: jwells
GPG key ID: 73196D10B8E65666
2 changed files with 17 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.trivyignore
View file

@ -1,2 +1,2 @@
# No impact in our project
CVE-2020-29652
CVE-2021-3121

39
docs/VULNERABILITIES.md
View file

@ -1,32 +1,25 @@
### [Source Code Scan](#source)
IGNORED: We are not using the SSH features of golang.org/x/crypto
IGNORED: We are not using the protocol buffers provided by gogo/protobuf
```
2021-11-13T10:25:13.188-0800 INFO Need to update DB
2021-11-13T10:25:13.188-0800 INFO Downloading DB...
24.70 MiB / 24.70 MiB [----------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 6.04 MiB p/s 4s
2021-11-13T10:25:18.570-0800 INFO Detected OS: unknown
2021-11-13T10:25:18.570-0800 INFO Number of PL dependency files: 2
2021-11-13T10:25:18.570-0800 INFO Detecting gobinary vulnerabilities...
2021-11-13T10:25:18.571-0800 INFO Detecting gomod vulnerabilities...
2022-03-16T16:27:43.221-0700 INFO Need to update DB
2022-03-16T16:27:43.221-0700 INFO Downloading DB...
26.43 MiB / 26.43 MiB [---------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 5.71 MiB p/s 5s
2022-03-16T16:27:49.073-0700 INFO Number of language-specific files: 1
2022-03-16T16:27:49.073-0700 INFO Detecting gomod vulnerabilities...
bin/gagent
==========
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
go.sum
======
go.sum (gomod)
==============
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+---------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
| golang.org/x/crypto | CVE-2020-29652 | HIGH | 0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f | golang: crypto/ssh: crafted |
| | | | | | authentication request can |
| | | | | | lead to nil pointer dereference |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-29652 |
+---------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
+--------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+--------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
| github.com/gogo/protobuf | CVE-2021-3121 | HIGH | 1.1.1 | 1.3.2 | gogo/protobuf: |
| | | | | | plugin/unmarshal/unmarshal.go |
| | | | | | lacks certain index validation |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3121 |
+--------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
```
---
### [Image Scan](#image)