cmd/govulncheck/testdata: add test for json mode for multiple entry points

julieqiu · julieqiu · commit 1a5d3d8790ff · 2023-04-18T18:03:08.000Z
When govulncheck finds that the same vulnerable symbol is called more than once, only one invocation is displayed to the user in -json mode. Add a test for this behavior, before it is changed in a later CL. For golang/go#59485 Change-Id: I667e3e3c9c113991383b040191edb25858f992bb Reviewed-on: https://go-review.googlesource.com/c/vuln/+/485898 Auto-Submit: Julie Qiu <julieqiu@google.com> Run-TryBot: Julie Qiu <julie@golang.org> Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/cmd/govulncheck/testdata/multientry_json.ct b/cmd/govulncheck/testdata/multientry_json.ct
@@ -0,0 +1,165 @@
+$ govulncheck -json -C ${moddir}/multientry .
+{
+  "config": {
+    "version": govulncheck@v0.0.0-00000000000-20000101010101
+    "data_source": "testdata/vulndb-v1",
+    "last_modified": "2023-04-03T15:57:51Z",
+    "go_version": "go1.18"
+  }
+}
+{
+  "progress": {
+    "message": "Scanning your code and P packages across M dependent module for known vulnerabilities..."
+  }
+}
+{
+  "vulnerability": {
+    "osv": {
+      "schema_version": "1.3.1",
+      "id": "GO-2021-0113",
+      "modified": "2023-04-03T15:57:51Z",
+      "published": "2021-10-06T17:51:21Z",
+      "aliases": [
+        "CVE-2021-38561",
+        "GHSA-ppp9-7jff-5vj2"
+      ],
+      "details": "Due to improper index calculation, an incorrectly formatted language tag can cause Parse to panic via an out of bounds read. If Parse is used to process untrusted user inputs, this may be used as a vector for a denial of service attack.",
+      "affected": [
+        {
+          "package": {
+            "name": "golang.org/x/text",
+            "ecosystem": "Go"
+          },
+          "ranges": [
+            {
+              "type": "SEMVER",
+              "events": [
+                {
+                  "introduced": "0"
+                },
+                {
+                  "fixed": "0.3.7"
+                }
+              ]
+            }
+          ],
+          "ecosystem_specific": {
+            "imports": [
+              {
+                "path": "golang.org/x/text/language",
+                "symbols": [
+                  "MatchStrings",
+                  "MustParse",
+                  "Parse",
+                  "ParseAcceptLanguage"
+                ]
+              }
+            ]
+          }
+        }
+      ],
+      "references": [
+        {
+          "type": "FIX",
+          "url": "https://go.dev/cl/340830"
+        },
+        {
+          "type": "FIX",
+          "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f"
+        }
+      ],
+      "credits": [
+        {
+          "name": "Guido Vranken"
+        }
+      ],
+      "database_specific": {
+        "url": "https://pkg.go.dev/vuln/GO-2021-0113"
+      }
+    },
+    "modules": [
+      {
+        "path": "golang.org/x/text",
+        "found_version": "v0.3.5",
+        "fixed_version": "v0.3.7",
+        "packages": [
+          {
+            "path": "golang.org/x/text/language",
+            "callstacks": [
+              {
+                "symbol": "MustParse",
+                "summary": ".../main.go:99:20: golang.org/multientry.foobar calls golang.org/x/text/language.MustParse",
+                "frames": [
+                  {
+                    "package": "golang.org/multientry",
+                    "function": "main",
+                    "position": {
+                      "filename": ".../main.go",
+                      "offset": 441,
+                      "line": 26,
+                      "column": 3
+                    }
+                  },
+                  {
+                    "package": "golang.org/multientry",
+                    "function": "D",
+                    "position": {
+                      "filename": ".../main.go",
+                      "offset": 705,
+                      "line": 48,
+                      "column": 8
+                    }
+                  },
+                  {
+                    "package": "golang.org/multientry",
+                    "function": "foobar",
+                    "position": {
+                      "filename": ".../main.go",
+                      "offset": 1694,
+                      "line": 99,
+                      "column": 20
+                    }
+                  },
+                  {
+                    "package": "golang.org/x/text/language",
+                    "function": "MustParse"
+                  }
+                ]
+              },
+              {
+                "symbol": "Parse",
+                "summary": ".../main.go:44:23: golang.org/multientry.C calls golang.org/x/text/language.Parse",
+                "frames": [
+                  {
+                    "package": "golang.org/multientry",
+                    "function": "main",
+                    "position": {
+                      "filename": ".../main.go",
+                      "offset": 340,
+                      "line": 22,
+                      "column": 3
+                    }
+                  },
+                  {
+                    "package": "golang.org/multientry",
+                    "function": "C",
+                    "position": {
+                      "filename": ".../main.go",
+                      "offset": 679,
+                      "line": 44,
+                      "column": 23
+                    }
+                  },
+                  {
+                    "package": "golang.org/x/text/language",
+                    "function": "Parse"
+                  }
+                ]
+              }
+            ]
+          }
+        ]
+      }
+    ]
+  }
+}
