index,vul_code,is_vulnerable,programming_language,method_name,file_name,repo_url,repo_owner,committer,committer_date,commit_msg,cwe_id,cwe_name,cwe_description,cwe_url,cve_id,patch
1,"private HandshakeMessage createServerHandshakeMessage( HandshakeType type, byte[] buffer) { ClientContext context = (ClientContext)this.context; switch (type) { case HandshakeType.HelloRequest: if (context.HandshakeState != HandshakeState.Started) { context.HandshakeState = HandshakeState.None; } else { this.SendAlert( AlertLevel.Warning, AlertDescription.NoRenegotiation); } return null; case HandshakeType.ServerHello: return new TlsServerHello(this.context, buffer); case HandshakeType.Certificate: return new TlsServerCertificate(this.context, buffer); case HandshakeType.ServerKeyExchange: return new TlsServerKeyExchange(this.context, buffer); case HandshakeType.CertificateRequest: return new TlsServerCertificateRequest(this.context, buffer); case HandshakeType.ServerHelloDone: return new TlsServerHelloDone(this.context, buffer); case HandshakeType.Finished: return new TlsServerFinished(this.context, buffer); default: throw new TlsException( AlertDescription.UnexpectedMessage, String.Format(CultureInfo.CurrentUICulture, ""Unknown server handshake message received ({0})"", type.ToString())); } }",True,Go,Mono.Security.Protocol.Tls::ClientRecordProtocol::createServerHandshakeMessage,ClientRecordProtocol.cs,https://github.com/mono/mono,mono,Miguel de Icaza,2015-03-06 10:34:14-05:00,TLS protocol: add handshake state validation,CWE-295,Improper Certificate Validation,"The product does not validate, or incorrectly validates, a certificate.",https://cwe.mitre.org/data/definitions/295.html,CVE-2015-2318,"private HandshakeMessage createServerHandshakeMessage( HandshakeType type, byte[] buffer) { ClientContext context = (ClientContext)this.context; var last = context.LastHandshakeMsg; switch (type) { case HandshakeType.HelloRequest: if (context.HandshakeState != HandshakeState.Started) { context.HandshakeState = HandshakeState.None; } else { this.SendAlert( AlertLevel.Warning, AlertDescription.NoRenegotiation); } return null; case HandshakeType.ServerHello: if (last != HandshakeType.HelloRequest) break; return new TlsServerHello(this.context, buffer); case HandshakeType.Certificate: if (last != HandshakeType.ServerHello) break; return new TlsServerCertificate(this.context, buffer); case HandshakeType.ServerKeyExchange: if (last == HandshakeType.Certificate && context.Current.Cipher.IsExportable) return new TlsServerKeyExchange(this.context, buffer); break; case HandshakeType.CertificateRequest: if (last == HandshakeType.ServerKeyExchange || last == HandshakeType.Certificate) return new TlsServerCertificateRequest(this.context, buffer); break; case HandshakeType.ServerHelloDone: if (last == HandshakeType.CertificateRequest || last == HandshakeType.Certificate || last == HandshakeType.ServerHello) return new TlsServerHelloDone(this.context, buffer); break; case HandshakeType.Finished: bool check = context.AbbreviatedHandshake ? (last == HandshakeType.ServerHello) : (last == HandshakeType.ServerHelloDone); if (check && context.ChangeCipherSpecDone) { context.ChangeCipherSpecDone = false; return new TlsServerFinished (this.context, buffer); } break; default: throw new TlsException( AlertDescription.UnexpectedMessage, String.Format(CultureInfo.CurrentUICulture, ""Unknown server handshake message received ({0})"", type.ToString())); } throw new TlsException (AlertDescription.HandshakeFailiure, String.Format (""Protocol error, unexpected protocol transition from {0} to {1}"", last, type)); }"
2,"private HandshakeMessage createClientHandshakeMessage( HandshakeType type, byte[] buffer) { switch (type) { case HandshakeType.ClientHello: return new TlsClientHello(this.context, buffer); case HandshakeType.Certificate: return new TlsClientCertificate(this.context, buffer); case HandshakeType.ClientKeyExchange: return new TlsClientKeyExchange(this.context, buffer); case HandshakeType.CertificateVerify: return new TlsClientCertificateVerify(this.context, buffer); case HandshakeType.Finished: return new TlsClientFinished(this.context, buffer); default: throw new TlsException( AlertDescription.UnexpectedMessage, String.Format(CultureInfo.CurrentUICulture, ""Unknown server handshake message received ({0})"", type.ToString())); } }",True,Go,Mono.Security.Protocol.Tls::ServerRecordProtocol::createClientHandshakeMessage,ServerRecordProtocol.cs,https://github.com/mono/mono,mono,Miguel de Icaza,2015-03-06 10:34:14-05:00,TLS protocol: add handshake state validation,CWE-295,Improper Certificate Validation,"The product does not validate, or incorrectly validates, a certificate.",https://cwe.mitre.org/data/definitions/295.html,CVE-2015-2318,"private HandshakeMessage createClientHandshakeMessage( HandshakeType type, byte[] buffer) { var last = context.LastHandshakeMsg; switch (type) { case HandshakeType.ClientHello: return new TlsClientHello(this.context, buffer); case HandshakeType.Certificate: if (last != HandshakeType.ClientHello) break; cert = new TlsClientCertificate(this.context, buffer); return cert; case HandshakeType.ClientKeyExchange: if (last == HandshakeType.ClientHello || last == HandshakeType.Certificate) return new TlsClientKeyExchange(this.context, buffer); break; case HandshakeType.CertificateVerify: if (last == HandshakeType.ClientKeyExchange && cert != null) return new TlsClientCertificateVerify(this.context, buffer); break; case HandshakeType.Finished: bool check = (cert == null) ? (last == HandshakeType.ClientKeyExchange) : (last == HandshakeType.CertificateVerify); if (check && context.ChangeCipherSpecDone) { context.ChangeCipherSpecDone = false; return new TlsClientFinished(this.context, buffer); } break; default: throw new TlsException(AlertDescription.UnexpectedMessage, String.Format(CultureInfo.CurrentUICulture, ""Unknown server handshake message received ({0})"", type.ToString())); break; } throw new TlsException (AlertDescription.HandshakeFailiure, String.Format (""Protocol error, unexpected protocol transition from {0} to {1}"", last, type)); }"
8,"private HandshakeMessage createServerHandshakeMessage( HandshakeType type, byte[] buffer) { ClientContext context = (ClientContext)this.context; var last = context.LastHandshakeMsg; switch (type) { case HandshakeType.HelloRequest: if (context.HandshakeState != HandshakeState.Started) { context.HandshakeState = HandshakeState.None; } else { this.SendAlert( AlertLevel.Warning, AlertDescription.NoRenegotiation); } return null; case HandshakeType.ServerHello: if (last != HandshakeType.HelloRequest) break; return new TlsServerHello(this.context, buffer); case HandshakeType.Certificate: if (last != HandshakeType.ServerHello) break; return new TlsServerCertificate(this.context, buffer); case HandshakeType.ServerKeyExchange: if (last == HandshakeType.Certificate && context.Current.Cipher.IsExportable) return new TlsServerKeyExchange(this.context, buffer); break; case HandshakeType.CertificateRequest: if (last == HandshakeType.ServerKeyExchange || last == HandshakeType.Certificate) return new TlsServerCertificateRequest(this.context, buffer); break; case HandshakeType.ServerHelloDone: if (last == HandshakeType.CertificateRequest || last == HandshakeType.Certificate || last == HandshakeType.ServerHello) return new TlsServerHelloDone(this.context, buffer); break; case HandshakeType.Finished: bool check = context.AbbreviatedHandshake ? (last == HandshakeType.ServerHello) : (last == HandshakeType.ServerHelloDone); if (check && context.ChangeCipherSpecDone) { context.ChangeCipherSpecDone = false; return new TlsServerFinished (this.context, buffer); } break; default: throw new TlsException( AlertDescription.UnexpectedMessage, String.Format(CultureInfo.CurrentUICulture, ""Unknown server handshake message received ({0})"", type.ToString())); } throw new TlsException (AlertDescription.HandshakeFailiure, String.Format (""Protocol error, unexpected protocol transition from {0} to {1}"", last, type)); }",True,Go,Mono.Security.Protocol.Tls::ClientRecordProtocol::createServerHandshakeMessage,ClientRecordProtocol.cs,https://github.com/mono/mono,mono,Miguel de Icaza,2015-03-06 10:35:27-05:00,"Remove the EXPORT ciphers and related code path

    That was still useful in 2003/2004 but the technical and legal landscape
    changed a lot since then. Removing the old, limited key size, cipher
    suites also allow removed additional parts of the code that deals with
    them.",CWE-295,Improper Certificate Validation,"The product does not validate, or incorrectly validates, a certificate.",https://cwe.mitre.org/data/definitions/295.html,CVE-2015-2319,"func canonicalMIMEHeaderKey(a []byte) string { for _, c := range a { if validHeaderFieldByte(c) { continue } return string(a) } upper := true for i, c := range a { if upper && 'a' <= c && c <= 'z' { c -= toLower } else if !upper && 'A' <= c && c <= 'Z' { c += toLower } a[i] = c upper = c == '-' } if v := commonHeader[string(a)]; v != """" { return v } return string(a) }"
11,"func canonicalMIMEHeaderKey(a []byte) string { upper := true for i, c := range a { if c == ' ' { c = '-' } else if upper && 'a' <= c && c <= 'z' { c -= toLower } else if !upper && 'A' <= c && c <= 'Z' { c += toLower } a[i] = c upper = c == '-' } if v := commonHeader[string(a)]; v != """" { return v } return string(a) }",True,Go,canonicalMIMEHeaderKey,reader.go,https://github.com/golang/go,golang,Brad Fitzpatrick,2015-06-30 17:59:02+00:00,"net/textproto: don't treat spaces as hyphens in header keys

This was originally done in https://codereview.appspot.com/5690059
(Feb 2012) to deal with bad response headers coming back from webcams,
but it presents a potential security problem with HTTP request
smuggling for request headers containing ""Content Length"" instead of
""Content-Length"".

Part of overall HTTP hardening for request smuggling. See RFC 7230.

Thanks to Régis Leroy for the report.

Change-Id: I92b17fb637c9171c5774ea1437979ae2c17ca88a
Reviewed-on: https://go-review.googlesource.com/11772
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>",CWE-444,Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'),"The product acts as an intermediary HTTP agent
         (such as a proxy or firewall) in the data flow between two
         entities such as a client and server, but it does not
         interpret malformed HTTP requests or responses in ways that
         are consistent with how the messages will be processed by
         those entities that are at the ultimate destination.",https://cwe.mitre.org/data/definitions/444.html,CVE-2015-5739,"func TestReadMIMEHeaderNonCompliant(t *testing.T) { r := reader(""Foo: bar\r\n"" + ""Content-Language: en\r\n"" + ""SID : 0\r\n"" + ""Audio Mode : None\r\n"" + ""Privilege : 127\r\n\r\n"") m, err := r.ReadMIMEHeader() want := MIMEHeader{ ""Foo"": {""bar""}, ""Content-Language"": {""en""}, ""Sid"": {""0""}, ""Audio Mode"": {""None""}, ""Privilege"": {""127""}, } if !reflect.DeepEqual(m, want) || err != nil { t.Fatalf(""ReadMIMEHeader =\n%v, %v; want:\n%v"", m, err, want) } }"
15,"func TestReadMIMEHeaderNonCompliant(t *testing.T) { r := reader(""Foo: bar\r\n"" + ""Content-Language: en\r\n"" + ""SID : 0\r\n"" + ""Audio Mode : None\r\n"" + ""Privilege : 127\r\n\r\n"") m, err := r.ReadMIMEHeader() want := MIMEHeader{ ""Foo"": {""bar""}, ""Content-Language"": {""en""}, ""Sid"": {""0""}, ""Audio-Mode"": {""None""}, ""Privilege"": {""127""}, } if !reflect.DeepEqual(m, want) || err != nil { t.Fatalf(""ReadMIMEHeader =\n%v, %v; want:\n%v"", m, err, want) } }",True,Go,TestReadMIMEHeaderNonCompliant,reader_test.go,https://github.com/golang/go,golang,Brad Fitzpatrick,2015-06-30 17:59:02+00:00,"net/textproto: don't treat spaces as hyphens in header keys

This was originally done in https://codereview.appspot.com/5690059
(Feb 2012) to deal with bad response headers coming back from webcams,
but it presents a potential security problem with HTTP request
smuggling for request headers containing ""Content Length"" instead of
""Content-Length"".

Part of overall HTTP hardening for request smuggling. See RFC 7230.

Thanks to Régis Leroy for the report.

Change-Id: I92b17fb637c9171c5774ea1437979ae2c17ca88a
Reviewed-on: https://go-review.googlesource.com/11772
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>",CWE-444,Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'),"The product acts as an intermediary HTTP agent
         (such as a proxy or firewall) in the data flow between two
         entities such as a client and server, but it does not
         interpret malformed HTTP requests or responses in ways that
         are consistent with how the messages will be processed by
         those entities that are at the ultimate destination.",https://cwe.mitre.org/data/definitions/444.html,CVE-2015-5739,"func fixLength(isResponse bool, status int, requestMethod string, header Header, te []string) (int64, error) { contentLens := header[""Content-Length""] isRequest := !isResponse if noBodyExpected(requestMethod) { if isRequest && len(contentLens) > 0 && !(len(contentLens) == 1 && contentLens[0] == ""0"") { return 0, fmt.Errorf(""http: method cannot contain a Content-Length; got %q"", contentLens) } return 0, nil } if status/100 == 1 { return 0, nil } switch status { case 204, 304: return 0, nil } if len(contentLens) > 1 { return 0, errors.New(""http: message cannot contain multiple Content-Length headers"") } if chunked(te) { return -1, nil } var cl string if len(contentLens) == 1 { cl = strings.TrimSpace(contentLens[0]) } if cl != """" { n, err := parseContentLength(cl) if err != nil { return -1, err } return n, nil } else { header.Del(""Content-Length"") } if !isResponse { return 0, nil } return -1, nil }"
19,"func TestReadRequest_BadConnectHost(t *testing.T) { data := []byte(""CONNECT []%20%48%54%54%50%2f%31%2e%31%0a%4d%79%48%65%61%64%65%72%3a%20%31%32%33%0a%0a HTTP/1.0\n\n"") r, err := ReadRequest(bufio.NewReader(bytes.NewReader(data))) if err == nil { t.Fatal(""Got unexpected request = %#v"", r) } }",True,Go,TestReadRequest_BadConnectHost,readrequest_test.go,https://github.com/golang/go,golang,Brad Fitzpatrick,2015-06-30 22:56:30+00:00,"net/http: harden Server against request smuggling

See RFC 7230.

Thanks to Régis Leroy for the report.

Change-Id: Ic1779bc2180900430d4d7a4938cac04ed73c304c
Reviewed-on: https://go-review.googlesource.com/11810
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>",CWE-444,Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'),"The product acts as an intermediary HTTP agent
         (such as a proxy or firewall) in the data flow between two
         entities such as a client and server, but it does not
         interpret malformed HTTP requests or responses in ways that
         are consistent with how the messages will be processed by
         those entities that are at the ultimate destination.",https://cwe.mitre.org/data/definitions/444.html,CVE-2015-5740,"func fixLength(isResponse bool, status int, requestMethod string, header Header, te []string) (int64, error) { contentLens := header[""Content-Length""] isRequest := !isResponse if noBodyExpected(requestMethod) { if isRequest && len(contentLens) > 0 && !(len(contentLens) == 1 && contentLens[0] == ""0"") { return 0, fmt.Errorf(""http: method cannot contain a Content-Length; got %q"", contentLens) } return 0, nil } if status/100 == 1 { return 0, nil } switch status { case 204, 304: return 0, nil } if len(contentLens) > 1 { return 0, errors.New(""http: message cannot contain multiple Content-Length headers"") } if chunked(te) { return -1, nil } var cl string if len(contentLens) == 1 { cl = strings.TrimSpace(contentLens[0]) } if cl != """" { n, err := parseContentLength(cl) if err != nil { return -1, err } return n, nil } else { header.Del(""Content-Length"") } if !isResponse { return 0, nil } return -1, nil }"
20,"func TestReadRequest_BadConnectHost(t *testing.T) { data := []byte(""CONNECT []%20%48%54%54%50%2f%31%2e%31%0a%4d%79%48%65%61%64%65%72%3a%20%31%32%33%0a%0a HTTP/1.0\n\n"") r, err := ReadRequest(bufio.NewReader(bytes.NewReader(data))) if err == nil { t.Fatal(""Got unexpected request = %#v"", r) } }",True,Go,TestReadRequest_BadConnectHost,readrequest_test.go,https://github.com/golang/go,golang,Brad Fitzpatrick,2015-06-30 22:56:30+00:00,"net/http: harden Server against request smuggling

See RFC 7230.

Thanks to Régis Leroy for the report.

Change-Id: Ic1779bc2180900430d4d7a4938cac04ed73c304c
Reviewed-on: https://go-review.googlesource.com/11810
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>",CWE-444,Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'),"The product acts as an intermediary HTTP agent
         (such as a proxy or firewall) in the data flow between two
         entities such as a client and server, but it does not
         interpret malformed HTTP requests or responses in ways that
         are consistent with how the messages will be processed by
         those entities that are at the ultimate destination.",https://cwe.mitre.org/data/definitions/444.html,CVE-2015-5741,"func fixLength(isResponse bool, status int, requestMethod string, header Header, te []string) (int64, error) { contentLens := header[""Content-Length""] isRequest := !isResponse if noBodyExpected(requestMethod) { if isRequest && len(contentLens) > 0 && !(len(contentLens) == 1 && contentLens[0] == ""0"") { return 0, fmt.Errorf(""http: method cannot contain a Content-Length; got %q"", contentLens) } return 0, nil } if status/100 == 1 { return 0, nil } switch status { case 204, 304: return 0, nil } if len(contentLens) > 1 { return 0, errors.New(""http: message cannot contain multiple Content-Length headers"") } if chunked(te) { return -1, nil } var cl string if len(contentLens) == 1 { cl = strings.TrimSpace(contentLens[0]) } if cl != """" { n, err := parseContentLength(cl) if err != nil { return -1, err } return n, nil } else { header.Del(""Content-Length"") } if !isResponse { return 0, nil } return -1, nil }"
29,"func fixLength(isResponse bool, status int, requestMethod string, header Header, te []string) (int64, error) { if noBodyExpected(requestMethod) { return 0, nil } if status/100 == 1 { return 0, nil } switch status { case 204, 304: return 0, nil } if chunked(te) { return -1, nil } cl := strings.TrimSpace(header.get(""Content-Length"")) if cl != """" { n, err := parseContentLength(cl) if err != nil { return -1, err } return n, nil } else { header.Del(""Content-Length"") } if !isResponse && requestMethod == ""GET"" { return 0, nil } return -1, nil }",True,Go,fixLength,transfer.go,https://github.com/golang/go,golang,Brad Fitzpatrick,2015-06-30 22:56:30+00:00,"net/http: harden Server against request smuggling

See RFC 7230.

Thanks to Régis Leroy for the report.

Change-Id: Ic1779bc2180900430d4d7a4938cac04ed73c304c
Reviewed-on: https://go-review.googlesource.com/11810
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>",CWE-444,Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'),"The product acts as an intermediary HTTP agent
         (such as a proxy or firewall) in the data flow between two
         entities such as a client and server, but it does not
         interpret malformed HTTP requests or responses in ways that
         are consistent with how the messages will be processed by
         those entities that are at the ultimate destination.",https://cwe.mitre.org/data/definitions/444.html,CVE-2015-5740,"func fixLength(isResponse bool, status int, requestMethod string, header Header, te []string) (int64, error) { contentLens := header[""Content-Length""] isRequest := !isResponse if noBodyExpected(requestMethod) { if isRequest && len(contentLens) > 0 && !(len(contentLens) == 1 && contentLens[0] == ""0"") { return 0, fmt.Errorf(""http: method cannot contain a Content-Length; got %q"", contentLens) } return 0, nil } if status/100 == 1 { return 0, nil } switch status { case 204, 304: return 0, nil } if len(contentLens) > 1 { return 0, errors.New(""http: message cannot contain multiple Content-Length headers"") } if chunked(te) { return -1, nil } var cl string if len(contentLens) == 1 { cl = strings.TrimSpace(contentLens[0]) } if cl != """" { n, err := parseContentLength(cl) if err != nil { return -1, err } return n, nil } else { header.Del(""Content-Length"") } if !isResponse { return 0, nil } return -1, nil }"
30,"func fixLength(isResponse bool, status int, requestMethod string, header Header, te []string) (int64, error) { if noBodyExpected(requestMethod) { return 0, nil } if status/100 == 1 { return 0, nil } switch status { case 204, 304: return 0, nil } if chunked(te) { return -1, nil } cl := strings.TrimSpace(header.get(""Content-Length"")) if cl != """" { n, err := parseContentLength(cl) if err != nil { return -1, err } return n, nil } else { header.Del(""Content-Length"") } if !isResponse && requestMethod == ""GET"" { return 0, nil } return -1, nil }",True,Go,fixLength,transfer.go,https://github.com/golang/go,golang,Brad Fitzpatrick,2015-06-30 22:56:30+00:00,"net/http: harden Server against request smuggling

See RFC 7230.

Thanks to Régis Leroy for the report.

Change-Id: Ic1779bc2180900430d4d7a4938cac04ed73c304c
Reviewed-on: https://go-review.googlesource.com/11810
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>",CWE-444,Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'),"The product acts as an intermediary HTTP agent
         (such as a proxy or firewall) in the data flow between two
         entities such as a client and server, but it does not
         interpret malformed HTTP requests or responses in ways that
         are consistent with how the messages will be processed by
         those entities that are at the ultimate destination.",https://cwe.mitre.org/data/definitions/444.html,CVE-2015-5741,"func fixTransferEncoding(isResponse bool, requestMethod string, header Header) ([]string, error) { raw, present := header[""Transfer-Encoding""] if !present { return nil, nil } isRequest := !isResponse delete(header, ""Transfer-Encoding"") encodings := strings.Split(raw[0], "","") te := make([]string, 0, len(encodings)) for _, encoding := range encodings { encoding = strings.ToLower(strings.TrimSpace(encoding)) if encoding == ""identity"" { break } if encoding != ""chunked"" { return nil, &badStringError{""unsupported transfer encoding"", encoding} } te = te[0 : len(te)+1] te[len(te)-1] = encoding } if len(te) > 1 { return nil, &badStringError{""too many transfer encodings"", strings.Join(te, "","")} } if len(te) > 0 { if len(header[""Content-Length""]) > 0 { if isRequest { return nil, errors.New(""http: invalid Content-Length with Transfer-Encoding"") } delete(header, ""Content-Length"") } return te, nil } return nil, nil }"
31,"func fixTransferEncoding(requestMethod string, header Header) ([]string, error) { raw, present := header[""Transfer-Encoding""] if !present { return nil, nil } delete(header, ""Transfer-Encoding"") encodings := strings.Split(raw[0], "","") te := make([]string, 0, len(encodings)) for _, encoding := range encodings { encoding = strings.ToLower(strings.TrimSpace(encoding)) if encoding == ""identity"" { break } if encoding != ""chunked"" { return nil, &badStringError{""unsupported transfer encoding"", encoding} } te = te[0 : len(te)+1] te[len(te)-1] = encoding } if len(te) > 1 { return nil, &badStringError{""too many transfer encodings"", strings.Join(te, "","")} } if len(te) > 0 { delete(header, ""Content-Length"") return te, nil } return nil, nil }",True,Go,fixTransferEncoding,transfer.go,https://github.com/golang/go,golang,Brad Fitzpatrick,2015-06-30 22:56:30+00:00,"net/http: harden Server against request smuggling

See RFC 7230.

Thanks to Régis Leroy for the report.

Change-Id: Ic1779bc2180900430d4d7a4938cac04ed73c304c
Reviewed-on: https://go-review.googlesource.com/11810
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>",CWE-444,Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'),"The product acts as an intermediary HTTP agent
         (such as a proxy or firewall) in the data flow between two
         entities such as a client and server, but it does not
         interpret malformed HTTP requests or responses in ways that
         are consistent with how the messages will be processed by
         those entities that are at the ultimate destination.",https://cwe.mitre.org/data/definitions/444.html,CVE-2015-5740,"func fixTransferEncoding(isResponse bool, requestMethod string, header Header) ([]string, error) { raw, present := header[""Transfer-Encoding""] if !present { return nil, nil } isRequest := !isResponse delete(header, ""Transfer-Encoding"") encodings := strings.Split(raw[0], "","") te := make([]string, 0, len(encodings)) for _, encoding := range encodings { encoding = strings.ToLower(strings.TrimSpace(encoding)) if encoding == ""identity"" { break } if encoding != ""chunked"" { return nil, &badStringError{""unsupported transfer encoding"", encoding} } te = te[0 : len(te)+1] te[len(te)-1] = encoding } if len(te) > 1 { return nil, &badStringError{""too many transfer encodings"", strings.Join(te, "","")} } if len(te) > 0 { if len(header[""Content-Length""]) > 0 { if isRequest { return nil, errors.New(""http: invalid Content-Length with Transfer-Encoding"") } delete(header, ""Content-Length"") } return te, nil } return nil, nil }"
32,"func fixTransferEncoding(requestMethod string, header Header) ([]string, error) { raw, present := header[""Transfer-Encoding""] if !present { return nil, nil } delete(header, ""Transfer-Encoding"") encodings := strings.Split(raw[0], "","") te := make([]string, 0, len(encodings)) for _, encoding := range encodings { encoding = strings.ToLower(strings.TrimSpace(encoding)) if encoding == ""identity"" { break } if encoding != ""chunked"" { return nil, &badStringError{""unsupported transfer encoding"", encoding} } te = te[0 : len(te)+1] te[len(te)-1] = encoding } if len(te) > 1 { return nil, &badStringError{""too many transfer encodings"", strings.Join(te, "","")} } if len(te) > 0 { delete(header, ""Content-Length"") return te, nil } return nil, nil }",True,Go,fixTransferEncoding,transfer.go,https://github.com/golang/go,golang,Brad Fitzpatrick,2015-06-30 22:56:30+00:00,"net/http: harden Server against request smuggling

See RFC 7230.

Thanks to Régis Leroy for the report.

Change-Id: Ic1779bc2180900430d4d7a4938cac04ed73c304c
Reviewed-on: https://go-review.googlesource.com/11810
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>",CWE-444,Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'),"The product acts as an intermediary HTTP agent
         (such as a proxy or firewall) in the data flow between two
         entities such as a client and server, but it does not
         interpret malformed HTTP requests or responses in ways that
         are consistent with how the messages will be processed by
         those entities that are at the ultimate destination.",https://cwe.mitre.org/data/definitions/444.html,CVE-2015-5741,"func fixTransferEncoding(isResponse bool, requestMethod string, header Header) ([]string, error) { raw, present := header[""Transfer-Encoding""] if !present { return nil, nil } isRequest := !isResponse delete(header, ""Transfer-Encoding"") encodings := strings.Split(raw[0], "","") te := make([]string, 0, len(encodings)) for _, encoding := range encodings { encoding = strings.ToLower(strings.TrimSpace(encoding)) if encoding == ""identity"" { break } if encoding != ""chunked"" { return nil, &badStringError{""unsupported transfer encoding"", encoding} } te = te[0 : len(te)+1] te[len(te)-1] = encoding } if len(te) > 1 { return nil, &badStringError{""too many transfer encodings"", strings.Join(te, "","")} } if len(te) > 0 { if len(header[""Content-Length""]) > 0 { if isRequest { return nil, errors.New(""http: invalid Content-Length with Transfer-Encoding"") } delete(header, ""Content-Length"") } return te, nil } return nil, nil }"
33,"func readTransfer(msg interface{}, r *bufio.Reader) (err error) { t := &transferReader{RequestMethod: ""GET""} isResponse := false switch rr := msg.(type) { case *Response: t.Header = rr.Header t.StatusCode = rr.StatusCode t.ProtoMajor = rr.ProtoMajor t.ProtoMinor = rr.ProtoMinor t.Close = shouldClose(t.ProtoMajor, t.ProtoMinor, t.Header, true) isResponse = true if rr.Request != nil { t.RequestMethod = rr.Request.Method } case *Request: t.Header = rr.Header t.ProtoMajor = rr.ProtoMajor t.ProtoMinor = rr.ProtoMinor t.StatusCode = 200 t.Close = rr.Close default: panic(""unexpected type"") } if t.ProtoMajor == 0 && t.ProtoMinor == 0 { t.ProtoMajor, t.ProtoMinor = 1, 1 } t.TransferEncoding, err = fixTransferEncoding(t.RequestMethod, t.Header) if err != nil { return err } realLength, err := fixLength(isResponse, t.StatusCode, t.RequestMethod, t.Header, t.TransferEncoding) if err != nil { return err } if isResponse && t.RequestMethod == ""HEAD"" { if n, err := parseContentLength(t.Header.get(""Content-Length"")); err != nil { return err } else { t.ContentLength = n } } else { t.ContentLength = realLength } t.Trailer, err = fixTrailer(t.Header, t.TransferEncoding) if err != nil { return err } switch msg.(type) { case *Response: if realLength == -1 && !chunked(t.TransferEncoding) && bodyAllowedForStatus(t.StatusCode) { t.Close = true } } switch { case chunked(t.TransferEncoding): if noBodyExpected(t.RequestMethod) { t.Body = eofReader } else { t.Body = &body{src: internal.NewChunkedReader(r), hdr: msg, r: r, closing: t.Close} } case realLength == 0: t.Body = eofReader case realLength > 0: t.Body = &body{src: io.LimitReader(r, realLength), closing: t.Close} default: if t.Close { t.Body = &body{src: r, closing: t.Close} } else { t.Body = eofReader } } switch rr := msg.(type) { case *Request: rr.Body = t.Body rr.ContentLength = t.ContentLength rr.TransferEncoding = t.TransferEncoding rr.Close = t.Close rr.Trailer = t.Trailer case *Response: rr.Body = t.Body rr.ContentLength = t.ContentLength rr.TransferEncoding = t.TransferEncoding rr.Close = t.Close rr.Trailer = t.Trailer } return nil }",True,Go,readTransfer,transfer.go,https://github.com/golang/go,golang,Brad Fitzpatrick,2015-06-30 22:56:30+00:00,"net/http: harden Server against request smuggling

See RFC 7230.

Thanks to Régis Leroy for the report.

Change-Id: Ic1779bc2180900430d4d7a4938cac04ed73c304c
Reviewed-on: https://go-review.googlesource.com/11810
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>",CWE-444,Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'),"The product acts as an intermediary HTTP agent
         (such as a proxy or firewall) in the data flow between two
         entities such as a client and server, but it does not
         interpret malformed HTTP requests or responses in ways that
         are consistent with how the messages will be processed by
         those entities that are at the ultimate destination.",https://cwe.mitre.org/data/definitions/444.html,CVE-2015-5740,"func fixTransferEncoding(isResponse bool, requestMethod string, header Header) ([]string, error) { raw, present := header[""Transfer-Encoding""] if !present { return nil, nil } isRequest := !isResponse delete(header, ""Transfer-Encoding"") encodings := strings.Split(raw[0], "","") te := make([]string, 0, len(encodings)) for _, encoding := range encodings { encoding = strings.ToLower(strings.TrimSpace(encoding)) if encoding == ""identity"" { break } if encoding != ""chunked"" { return nil, &badStringError{""unsupported transfer encoding"", encoding} } te = te[0 : len(te)+1] te[len(te)-1] = encoding } if len(te) > 1 { return nil, &badStringError{""too many transfer encodings"", strings.Join(te, "","")} } if len(te) > 0 { if len(header[""Content-Length""]) > 0 { if isRequest { return nil, errors.New(""http: invalid Content-Length with Transfer-Encoding"") } delete(header, ""Content-Length"") } return te, nil } return nil, nil }"
34,"func readTransfer(msg interface{}, r *bufio.Reader) (err error) { t := &transferReader{RequestMethod: ""GET""} isResponse := false switch rr := msg.(type) { case *Response: t.Header = rr.Header t.StatusCode = rr.StatusCode t.ProtoMajor = rr.ProtoMajor t.ProtoMinor = rr.ProtoMinor t.Close = shouldClose(t.ProtoMajor, t.ProtoMinor, t.Header, true) isResponse = true if rr.Request != nil { t.RequestMethod = rr.Request.Method } case *Request: t.Header = rr.Header t.ProtoMajor = rr.ProtoMajor t.ProtoMinor = rr.ProtoMinor t.StatusCode = 200 t.Close = rr.Close default: panic(""unexpected type"") } if t.ProtoMajor == 0 && t.ProtoMinor == 0 { t.ProtoMajor, t.ProtoMinor = 1, 1 } t.TransferEncoding, err = fixTransferEncoding(t.RequestMethod, t.Header) if err != nil { return err } realLength, err := fixLength(isResponse, t.StatusCode, t.RequestMethod, t.Header, t.TransferEncoding) if err != nil { return err } if isResponse && t.RequestMethod == ""HEAD"" { if n, err := parseContentLength(t.Header.get(""Content-Length"")); err != nil { return err } else { t.ContentLength = n } } else { t.ContentLength = realLength } t.Trailer, err = fixTrailer(t.Header, t.TransferEncoding) if err != nil { return err } switch msg.(type) { case *Response: if realLength == -1 && !chunked(t.TransferEncoding) && bodyAllowedForStatus(t.StatusCode) { t.Close = true } } switch { case chunked(t.TransferEncoding): if noBodyExpected(t.RequestMethod) { t.Body = eofReader } else { t.Body = &body{src: internal.NewChunkedReader(r), hdr: msg, r: r, closing: t.Close} } case realLength == 0: t.Body = eofReader case realLength > 0: t.Body = &body{src: io.LimitReader(r, realLength), closing: t.Close} default: if t.Close { t.Body = &body{src: r, closing: t.Close} } else { t.Body = eofReader } } switch rr := msg.(type) { case *Request: rr.Body = t.Body rr.ContentLength = t.ContentLength rr.TransferEncoding = t.TransferEncoding rr.Close = t.Close rr.Trailer = t.Trailer case *Response: rr.Body = t.Body rr.ContentLength = t.ContentLength rr.TransferEncoding = t.TransferEncoding rr.Close = t.Close rr.Trailer = t.Trailer } return nil }",True,Go,readTransfer,transfer.go,https://github.com/golang/go,golang,Brad Fitzpatrick,2015-06-30 22:56:30+00:00,"net/http: harden Server against request smuggling

See RFC 7230.

Thanks to Régis Leroy for the report.

Change-Id: Ic1779bc2180900430d4d7a4938cac04ed73c304c
Reviewed-on: https://go-review.googlesource.com/11810
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>",CWE-444,Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'),"The product acts as an intermediary HTTP agent
         (such as a proxy or firewall) in the data flow between two
         entities such as a client and server, but it does not
         interpret malformed HTTP requests or responses in ways that
         are consistent with how the messages will be processed by
         those entities that are at the ultimate destination.",https://cwe.mitre.org/data/definitions/444.html,CVE-2015-5741,"func readTransfer(msg interface{}, r *bufio.Reader) (err error) { t := &transferReader{RequestMethod: ""GET""} isResponse := false switch rr := msg.(type) { case *Response: t.Header = rr.Header t.StatusCode = rr.StatusCode t.ProtoMajor = rr.ProtoMajor t.ProtoMinor = rr.ProtoMinor t.Close = shouldClose(t.ProtoMajor, t.ProtoMinor, t.Header, true) isResponse = true if rr.Request != nil { t.RequestMethod = rr.Request.Method } case *Request: t.Header = rr.Header t.RequestMethod = rr.Method t.ProtoMajor = rr.ProtoMajor t.ProtoMinor = rr.ProtoMinor t.StatusCode = 200 t.Close = rr.Close default: panic(""unexpected type"") } if t.ProtoMajor == 0 && t.ProtoMinor == 0 { t.ProtoMajor, t.ProtoMinor = 1, 1 } t.TransferEncoding, err = fixTransferEncoding(isResponse, t.RequestMethod, t.Header) if err != nil { return err } realLength, err := fixLength(isResponse, t.StatusCode, t.RequestMethod, t.Header, t.TransferEncoding) if err != nil { return err } if isResponse && t.RequestMethod == ""HEAD"" { if n, err := parseContentLength(t.Header.get(""Content-Length"")); err != nil { return err } else { t.ContentLength = n } } else { t.ContentLength = realLength } t.Trailer, err = fixTrailer(t.Header, t.TransferEncoding) if err != nil { return err } switch msg.(type) { case *Response: if realLength == -1 && !chunked(t.TransferEncoding) && bodyAllowedForStatus(t.StatusCode) { t.Close = true } } switch { case chunked(t.TransferEncoding): if noBodyExpected(t.RequestMethod) { t.Body = eofReader } else { t.Body = &body{src: internal.NewChunkedReader(r), hdr: msg, r: r, closing: t.Close} } case realLength == 0: t.Body = eofReader case realLength > 0: t.Body = &body{src: io.LimitReader(r, realLength), closing: t.Close} default: if t.Close { t.Body = &body{src: r, closing: t.Close} } else { t.Body = eofReader } } switch rr := msg.(type) { case *Request: rr.Body = t.Body rr.ContentLength = t.ContentLength rr.TransferEncoding = t.TransferEncoding rr.Close = t.Close rr.Trailer = t.Trailer case *Response: rr.Body = t.Body rr.ContentLength = t.ContentLength rr.TransferEncoding = t.TransferEncoding rr.Close = t.Close rr.Trailer = t.Trailer } return nil }"
41,"func TestToFromBig(t *testing.T) { for i, test := range toFromBigTests { n, _ := new(big.Int).SetString(test, 16) var x p224FieldElement p224FromBig(&x, n) m := p224ToBig(&x) if n.Cmp(m) != 0 { t.Errorf(""#%d: %x != %x"", i, n, m) } q := p224AlternativeToBig(&x) if n.Cmp(q) != 0 { t.Errorf(""#%d: %x != %x (alternative)"", i, n, m) } } }",True,Go,TestToFromBig,p224_test.go,https://github.com/golang/go,golang,Roland Shoemaker,2021-01-21 18:52:19+00:00,"crypto/elliptic: fix P-224 field reduction

This patch fixes two independent bugs in p224Contract, the function that
performs the final complete reduction in the P-224 field. Incorrect
outputs due to these bugs were observable from a high-level
P224().ScalarMult() call.

The first bug was in the calculation of out3GT. That mask was supposed
to be all ones if the third limb of the value is greater than the third
limb of P (out[3] > 0xffff000). Instead, it was also set if they are
equal. That meant that if the third limb was equal, the value was always
considered greater than or equal to P, even when the three bottom limbs
were all zero. There is exactly one affected value, P - 1, which would
trigger the subtraction by P even if it's lower than P already.

The second bug was more easily hit, and is the one that caused the known
high-level incorrect output: after the conditional subtraction by P, a
potential underflow of the lowest limb was not handled. Any values that
trigger the subtraction by P (values between P and 2^224-1, and P - 1
due to the bug above) but have a zero lowest limb would produce invalid
outputs. Those conditions apply to the intermediate representation
before the subtraction, so they are hard to trace to precise inputs.

This patch also adds a test suite for the P-224 field arithmetic,
including a custom fuzzer that automatically explores potential edge
cases by combining limb values that have various meanings in the code.
contractMatchesBigInt in TestP224Contract finds the second bug in less
than a second without being tailored to it, and could eventually find
the first one too by combining 0, (1 << 28) - 1, and the difference of
(1 << 28) and (1 << 12).

The incorrect P224().ScalarMult() output was found by the
elliptic-curve-differential-fuzzer project running on OSS-Fuzz and
reported by Philippe Antoine (Catena cyber).

Fixes CVE-2021-3114
Fixes #43786

Change-Id: I50176602d544de3da854270d66a293bcaca57ad7
Reviewed-on: https://go-review.googlesource.com/c/go/+/284779
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Ian Lance Taylor <iant@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>",CWE-682,Incorrect Calculation,The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.,https://cwe.mitre.org/data/definitions/682.html,CVE-2021-3114,"func readTransfer(msg interface{}, r *bufio.Reader) (err error) { t := &transferReader{RequestMethod: ""GET""} isResponse := false switch rr := msg.(type) { case *Response: t.Header = rr.Header t.StatusCode = rr.StatusCode t.ProtoMajor = rr.ProtoMajor t.ProtoMinor = rr.ProtoMinor t.Close = shouldClose(t.ProtoMajor, t.ProtoMinor, t.Header, true) isResponse = true if rr.Request != nil { t.RequestMethod = rr.Request.Method } case *Request: t.Header = rr.Header t.RequestMethod = rr.Method t.ProtoMajor = rr.ProtoMajor t.ProtoMinor = rr.ProtoMinor t.StatusCode = 200 t.Close = rr.Close default: panic(""unexpected type"") } if t.ProtoMajor == 0 && t.ProtoMinor == 0 { t.ProtoMajor, t.ProtoMinor = 1, 1 } t.TransferEncoding, err = fixTransferEncoding(isResponse, t.RequestMethod, t.Header) if err != nil { return err } realLength, err := fixLength(isResponse, t.StatusCode, t.RequestMethod, t.Header, t.TransferEncoding) if err != nil { return err } if isResponse && t.RequestMethod == ""HEAD"" { if n, err := parseContentLength(t.Header.get(""Content-Length"")); err != nil { return err } else { t.ContentLength = n } } else { t.ContentLength = realLength } t.Trailer, err = fixTrailer(t.Header, t.TransferEncoding) if err != nil { return err } switch msg.(type) { case *Response: if realLength == -1 && !chunked(t.TransferEncoding) && bodyAllowedForStatus(t.StatusCode) { t.Close = true } } switch { case chunked(t.TransferEncoding): if noBodyExpected(t.RequestMethod) { t.Body = eofReader } else { t.Body = &body{src: internal.NewChunkedReader(r), hdr: msg, r: r, closing: t.Close} } case realLength == 0: t.Body = eofReader case realLength > 0: t.Body = &body{src: io.LimitReader(r, realLength), closing: t.Close} default: if t.Close { t.Body = &body{src: r, closing: t.Close} } else { t.Body = eofReader } } switch rr := msg.(type) { case *Request: rr.Body = t.Body rr.ContentLength = t.ContentLength rr.TransferEncoding = t.TransferEncoding rr.Close = t.Close rr.Trailer = t.Trailer case *Response: rr.Body = t.Body rr.ContentLength = t.ContentLength rr.TransferEncoding = t.TransferEncoding rr.Close = t.Close rr.Trailer = t.Trailer } return nil }"
43,"func p224AlternativeToBig(in *p224FieldElement) *big.Int { ret := new(big.Int) tmp := new(big.Int) for i := uint(0); i < 8; i++ { tmp.SetInt64(int64(in[i])) tmp.Lsh(tmp, 28*i) ret.Add(ret, tmp) } ret.Mod(ret, p224.P) return ret }",True,Go,p224AlternativeToBig,p224_test.go,https://github.com/golang/go,golang,Roland Shoemaker,2021-01-21 18:52:19+00:00,"crypto/elliptic: fix P-224 field reduction

This patch fixes two independent bugs in p224Contract, the function that
performs the final complete reduction in the P-224 field. Incorrect
outputs due to these bugs were observable from a high-level
P224().ScalarMult() call.

The first bug was in the calculation of out3GT. That mask was supposed
to be all ones if the third limb of the value is greater than the third
limb of P (out[3] > 0xffff000). Instead, it was also set if they are
equal. That meant that if the third limb was equal, the value was always
considered greater than or equal to P, even when the three bottom limbs
were all zero. There is exactly one affected value, P - 1, which would
trigger the subtraction by P even if it's lower than P already.

The second bug was more easily hit, and is the one that caused the known
high-level incorrect output: after the conditional subtraction by P, a
potential underflow of the lowest limb was not handled. Any values that
trigger the subtraction by P (values between P and 2^224-1, and P - 1
due to the bug above) but have a zero lowest limb would produce invalid
outputs. Those conditions apply to the intermediate representation
before the subtraction, so they are hard to trace to precise inputs.

This patch also adds a test suite for the P-224 field arithmetic,
including a custom fuzzer that automatically explores potential edge
cases by combining limb values that have various meanings in the code.
contractMatchesBigInt in TestP224Contract finds the second bug in less
than a second without being tailored to it, and could eventually find
the first one too by combining 0, (1 << 28) - 1, and the difference of
(1 << 28) and (1 << 12).

The incorrect P224().ScalarMult() output was found by the
elliptic-curve-differential-fuzzer project running on OSS-Fuzz and
reported by Philippe Antoine (Catena cyber).

Fixes CVE-2021-3114
Fixes #43786

Change-Id: I50176602d544de3da854270d66a293bcaca57ad7
Reviewed-on: https://go-review.googlesource.com/c/go/+/284779
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Ian Lance Taylor <iant@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>",CWE-682,Incorrect Calculation,The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.,https://cwe.mitre.org/data/definitions/682.html,CVE-2021-3114,"func readTransfer(msg interface{}, r *bufio.Reader) (err error) { t := &transferReader{RequestMethod: ""GET""} isResponse := false switch rr := msg.(type) { case *Response: t.Header = rr.Header t.StatusCode = rr.StatusCode t.ProtoMajor = rr.ProtoMajor t.ProtoMinor = rr.ProtoMinor t.Close = shouldClose(t.ProtoMajor, t.ProtoMinor, t.Header, true) isResponse = true if rr.Request != nil { t.RequestMethod = rr.Request.Method } case *Request: t.Header = rr.Header t.RequestMethod = rr.Method t.ProtoMajor = rr.ProtoMajor t.ProtoMinor = rr.ProtoMinor t.StatusCode = 200 t.Close = rr.Close default: panic(""unexpected type"") } if t.ProtoMajor == 0 && t.ProtoMinor == 0 { t.ProtoMajor, t.ProtoMinor = 1, 1 } t.TransferEncoding, err = fixTransferEncoding(isResponse, t.RequestMethod, t.Header) if err != nil { return err } realLength, err := fixLength(isResponse, t.StatusCode, t.RequestMethod, t.Header, t.TransferEncoding) if err != nil { return err } if isResponse && t.RequestMethod == ""HEAD"" { if n, err := parseContentLength(t.Header.get(""Content-Length"")); err != nil { return err } else { t.ContentLength = n } } else { t.ContentLength = realLength } t.Trailer, err = fixTrailer(t.Header, t.TransferEncoding) if err != nil { return err } switch msg.(type) { case *Response: if realLength == -1 && !chunked(t.TransferEncoding) && bodyAllowedForStatus(t.StatusCode) { t.Close = true } } switch { case chunked(t.TransferEncoding): if noBodyExpected(t.RequestMethod) { t.Body = eofReader } else { t.Body = &body{src: internal.NewChunkedReader(r), hdr: msg, r: r, closing: t.Close} } case realLength == 0: t.Body = eofReader case realLength > 0: t.Body = &body{src: io.LimitReader(r, realLength), closing: t.Close} default: if t.Close { t.Body = &body{src: r, closing: t.Close} } else { t.Body = eofReader } } switch rr := msg.(type) { case *Request: rr.Body = t.Body rr.ContentLength = t.ContentLength rr.TransferEncoding = t.TransferEncoding rr.Close = t.Close rr.Trailer = t.Trailer case *Response: rr.Body = t.Body rr.ContentLength = t.ContentLength rr.TransferEncoding = t.TransferEncoding rr.Close = t.Close rr.Trailer = t.Trailer } return nil }"
54,func (c *proxiedConn) RemoteAddr() net.Addr { if c.remoteAddr != nil { return c.remoteAddr } return c.RemoteAddr() },True,Go,RemoteAddr,conn.go,https://github.com/btcsuite/go-socks,btcsuite,David Hill,2013-08-07 20:04:56-04:00,fix potential infinite loops in both LocalAddr and RemoteAddr,CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2013-10005,"func p224AlternativeToBig(in *p224FieldElement) *big.Int { ret := new(big.Int) tmp := new(big.Int) for i := len(in) - 1; i >= 0; i-- { ret.Lsh(ret, 28) tmp.SetInt64(int64(in[i])) ret.Add(ret, tmp) } ret.Mod(ret, P224().Params().P) return ret }"
55,"func Uncompress(in, out []byte) (err error) { read := int(C.LZ4_uncompress(p(in), p(out), clen(out))) if read != len(in) { err = fmt.Errorf(""uncompress read %d bytes should have read %d"", read, len(in)) } return }",True,Go,Uncompress,lz4.go,https://github.com/cloudflare/golz4,cloudflare,John Graham-Cumming,2014-07-11 08:47:35-07:00,"Use LZ4_decompress_safe instead of LZ4_uncompress

LZ4_uncompress is deprecated and has security problems.",CWE-787,Out-of-bounds Write,"The product writes data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/787.html,CVE-2014-125026,func (c *proxiedConn) LocalAddr() net.Addr { if c.boundAddr != nil { return c.boundAddr } return c.conn.LocalAddr() }
57,"func VerifyPassphrase(passphrase string, keylen_bytes int, target_key []byte) (result bool, err error) { target_master_key := target_key[:keylen_bytes] salt := target_key[keylen_bytes:48] var N, r, p int32 err = binary.Read(bytes.NewReader(target_key[48:52]), binary.LittleEndian, &N) if err != nil { log.Fatalf(""binary.Read failed for N: %s\n"", err) return } err = binary.Read(bytes.NewReader(target_key[52:56]), binary.LittleEndian, &r) if err != nil { log.Fatalf(""binary.Read failed for r: %s\n"", err) return } err = binary.Read(bytes.NewReader(target_key[56:60]), binary.LittleEndian, &p) if err != nil { log.Fatalf(""binary.Read failed for p: %s\n"", err) return } var source_master_key []byte source_master_key, err = scrypt.Key([]byte(passphrase), salt, int(N), int(r), int(p), keylen_bytes) if err != nil { log.Fatalf(""Error in encrypting passphrase: %s\n"", err) return } target_hash := target_key[60:] hash_digest := sha256.New() _, err = hash_digest.Write(target_key[:60]) if err != nil { log.Fatalf(""hash_digest.Write failed: %s\n"", err) return } source_hash := hash_digest.Sum(nil) result = bytes.Equal(source_master_key, target_master_key) && bytes.Equal(target_hash, source_hash) return }",True,Go,VerifyPassphrase,scrypt.go,https://github.com/agnivade/easy-scrypt,agnivade,Agniva De Sarker,2014-10-10 15:50:08-07:00,"Preventing timing attacks

- By using ConstantTimeCompare

Reviewed by:
Testing:
Tickets:
Backport:",CWE-208,Observable Timing Discrepancy,"Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.",https://cwe.mitre.org/data/definitions/208.html,CVE-2014-125055,func (c *proxiedConn) RemoteAddr() net.Addr { if c.remoteAddr != nil { return c.remoteAddr } return c.conn.RemoteAddr() }
60,"func GetIssues(uid, rid, pid, mid int64, page int, isClosed bool, labelIds, sortType string) ([]Issue, error) { sess := x.Limit(20, (page-1)*20) if rid > 0 { sess.Where(""repo_id=?"", rid).And(""is_closed=?"", isClosed) } else { sess.Where(""is_closed=?"", isClosed) } if uid > 0 { sess.And(""assignee_id=?"", uid) } else if pid > 0 { sess.And(""poster_id=?"", pid) } if mid > 0 { sess.And(""milestone_id=?"", mid) } if len(labelIds) > 0 { for _, label := range strings.Split(labelIds, "","") { sess.And(""label_ids like '%$"" + label + ""|%'"") } } switch sortType { case ""oldest"": sess.Asc(""created"") case ""recentupdate"": sess.Desc(""updated"") case ""leastupdate"": sess.Asc(""updated"") case ""mostcomment"": sess.Desc(""num_comments"") case ""leastcomment"": sess.Asc(""num_comments"") case ""priority"": sess.Desc(""priority"") default: sess.Desc(""created"") } var issues []Issue err := sess.Find(&issues) return issues, err }",True,Go,GetIssues,issue.go,https://github.com/gogits/gogs,gogits,Unknwon,2014-10-25 07:50:19-04:00,Safe work,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2014-8681,"func Uncompress(in, out []byte) (error) { if int(C.LZ4_decompress_safe(p(in), p(out), clen(in), clen(out))) < 0 { return errors.New(""Malformed compression stream"") } return nil }"
63,"func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { opt.Keyword = strings.TrimSpace(opt.Keyword) if len(opt.Keyword) == 0 { return repos, nil } opt.Keyword = strings.Split(opt.Keyword, "" "")[0] if len(opt.Keyword) == 0 { return repos, nil } opt.Keyword = strings.ToLower(opt.Keyword) repos = make([]*Repository, 0, opt.Limit) sess := x.Limit(opt.Limit) if opt.Uid > 0 { sess.Where(""owner_id=?"", opt.Uid) } sess.And(""lower_name like '%"" + opt.Keyword + ""%'"").Find(&repos) return repos, err }",True,Go,SearchRepositoryByName,repo.go,https://github.com/gogits/gogs,gogits,Unknwon,2014-10-25 07:50:19-04:00,Safe work,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2014-8681,"func VerifyPassphrase(passphrase string, keylen_bytes int, target_key []byte) (result bool, err error) { target_master_key := target_key[:keylen_bytes] salt := target_key[keylen_bytes:48] var N, r, p int32 err = binary.Read(bytes.NewReader(target_key[48:52]), binary.LittleEndian, &N) if err != nil { log.Fatalf(""binary.Read failed for N: %s\n"", err) return } err = binary.Read(bytes.NewReader(target_key[52:56]), binary.LittleEndian, &r) if err != nil { log.Fatalf(""binary.Read failed for r: %s\n"", err) return } err = binary.Read(bytes.NewReader(target_key[56:60]), binary.LittleEndian, &p) if err != nil { log.Fatalf(""binary.Read failed for p: %s\n"", err) return } var source_master_key []byte source_master_key, err = scrypt.Key([]byte(passphrase), salt, int(N), int(r), int(p), keylen_bytes) if err != nil { log.Fatalf(""Error in encrypting passphrase: %s\n"", err) return } target_hash := target_key[60:] hash_digest := sha256.New() _, err = hash_digest.Write(target_key[:60]) if err != nil { log.Fatalf(""hash_digest.Write failed: %s\n"", err) return } source_hash := hash_digest.Sum(nil) key_comp := subtle.ConstantTimeCompare(source_master_key, target_master_key) != 0 hash_comp := subtle.ConstantTimeCompare(target_hash, source_hash) != 0 result = key_comp && hash_comp return }"
64,"func SearchUserByName(opt SearchOption) (us []*User, err error) { opt.Keyword = strings.TrimSpace(opt.Keyword) if len(opt.Keyword) == 0 { return us, nil } opt.Keyword = strings.Split(opt.Keyword, "" "")[0] if len(opt.Keyword) == 0 { return us, nil } opt.Keyword = strings.ToLower(opt.Keyword) us = make([]*User, 0, opt.Limit) err = x.Limit(opt.Limit).Where(""type=0"").And(""lower_name like '%"" + opt.Keyword + ""%'"").Find(&us) return us, err }",True,Go,SearchUserByName,user.go,https://github.com/gogits/gogs,gogits,Unknwon,2014-10-25 07:50:19-04:00,Safe work,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2014-8681,"func GetIssues(uid, rid, pid, mid int64, page int, isClosed bool, labelIds, sortType string) ([]Issue, error) { sess := x.Limit(20, (page-1)*20) if rid > 0 { sess.Where(""repo_id=?"", rid).And(""is_closed=?"", isClosed) } else { sess.Where(""is_closed=?"", isClosed) } if uid > 0 { sess.And(""assignee_id=?"", uid) } else if pid > 0 { sess.And(""poster_id=?"", pid) } if mid > 0 { sess.And(""milestone_id=?"", mid) } if len(labelIds) > 0 { for _, label := range strings.Split(labelIds, "","") { if com.StrTo(label).MustInt() > 0 { sess.And(""label_ids like '%$"" + label + ""|%'"") } } } switch sortType { case ""oldest"": sess.Asc(""created"") case ""recentupdate"": sess.Desc(""updated"") case ""leastupdate"": sess.Asc(""updated"") case ""mostcomment"": sess.Desc(""num_comments"") case ""leastcomment"": sess.Asc(""num_comments"") case ""priority"": sess.Desc(""priority"") default: sess.Desc(""created"") } var issues []Issue err := sess.Find(&issues) return issues, err }"
68,"func checkVersion() { data, err := ioutil.ReadFile(path.Join(setting.StaticRootPath, ""templates/.VERSION"")) if err != nil { log.Fatal(4, ""Fail to read 'templates/.VERSION': %v"", err) } if string(data) != setting.AppVer { log.Fatal(4, ""Binary and template file version does not match, did you forget to recompile?"") } macaronVer := git.MustParseVersion(strings.Join(strings.Split(macaron.Version(), ""."")[:3], ""."")) if macaronVer.LessThan(git.MustParseVersion(""0.2.3"")) { log.Fatal(4, ""Package macaron version is too old, did you forget to update?(github.com/Unknwon/macaron)"") } i18nVer := git.MustParseVersion(i18n.Version()) if i18nVer.LessThan(git.MustParseVersion(""0.0.2"")) { log.Fatal(4, ""Package i18n version is too old, did you forget to update?(github.com/macaron-contrib/i18n)"") } sessionVer := git.MustParseVersion(session.Version()) if sessionVer.LessThan(git.MustParseVersion(""0.0.3"")) { log.Fatal(4, ""Package session version is too old, did you forget to update?(github.com/macaron-contrib/session)"") } }",True,Go,checkVersion,web.go,https://github.com/gogits/gogs,gogits,Unknwon,2014-11-04 11:37:15-05:00,fix session API broken and SQL pretection,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2014-8682,"func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { opt.Keyword = FilterSQLInject(opt.Keyword) if len(opt.Keyword) == 0 { return repos, nil } opt.Keyword = strings.ToLower(opt.Keyword) repos = make([]*Repository, 0, opt.Limit) sess := x.Limit(opt.Limit) if opt.Uid > 0 { sess.Where(""owner_id=?"", opt.Uid) } if !opt.Private { sess.And(""is_private=false"") } sess.And(""lower_name like '%"" + opt.Keyword + ""%'"").Find(&repos) return repos, err }"
70,"func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { opt.Keyword = FilterSQLInject(opt.Keyword) if len(opt.Keyword) == 0 { return repos, nil } opt.Keyword = strings.ToLower(opt.Keyword) repos = make([]*Repository, 0, opt.Limit) sess := x.Limit(opt.Limit) if opt.Uid > 0 { sess.Where(""owner_id=?"", opt.Uid) } if !opt.Private { sess.And(""is_private=false"") } sess.And(""lower_name like '%"" + opt.Keyword + ""%'"").Find(&repos) return repos, err }",True,Go,SearchRepositoryByName,repo.go,https://github.com/gogits/gogs,gogits,Unknwon,2014-11-04 11:37:15-05:00,fix session API broken and SQL pretection,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2014-8682,"func SearchUserByName(opt SearchOption) (us []*User, err error) { opt.Keyword = FilterSQLInject(opt.Keyword) if len(opt.Keyword) == 0 { return us, nil } opt.Keyword = strings.ToLower(opt.Keyword) us = make([]*User, 0, opt.Limit) err = x.Limit(opt.Limit).Where(""type=0"").And(""lower_name like '%"" + opt.Keyword + ""%'"").Find(&us) return us, err }"
71,"func SearchUserByName(opt SearchOption) (us []*User, err error) { opt.Keyword = FilterSQLInject(opt.Keyword) if len(opt.Keyword) == 0 { return us, nil } opt.Keyword = strings.ToLower(opt.Keyword) us = make([]*User, 0, opt.Limit) err = x.Limit(opt.Limit).Where(""type=0"").And(""lower_name like '%"" + opt.Keyword + ""%'"").Find(&us) return us, err }",True,Go,SearchUserByName,user.go,https://github.com/gogits/gogs,gogits,Unknwon,2014-11-04 11:37:15-05:00,fix session API broken and SQL pretection,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2014-8682,"func checkVersion() { data, err := ioutil.ReadFile(path.Join(setting.StaticRootPath, ""templates/.VERSION"")) if err != nil { log.Fatal(4, ""Fail to read 'templates/.VERSION': %v"", err) } if string(data) != setting.AppVer { log.Fatal(4, ""Binary and template file version does not match, did you forget to recompile?"") } macaronVer := git.MustParseVersion(strings.Join(strings.Split(macaron.Version(), ""."")[:3], ""."")) if macaronVer.LessThan(git.MustParseVersion(""0.2.3"")) { log.Fatal(4, ""Package macaron version is too old, did you forget to update?(github.com/Unknwon/macaron)"") } i18nVer := git.MustParseVersion(i18n.Version()) if i18nVer.LessThan(git.MustParseVersion(""0.0.2"")) { log.Fatal(4, ""Package i18n version is too old, did you forget to update?(github.com/macaron-contrib/i18n)"") } sessionVer := git.MustParseVersion(session.Version()) if sessionVer.LessThan(git.MustParseVersion(""0.0.5"")) { log.Fatal(4, ""Package session version is too old, did you forget to update?(github.com/macaron-contrib/session)"") } }"
73,"func newSessionService() { SessionProvider = Cfg.MustValueRange(""session"", ""PROVIDER"", ""memory"", []string{""memory"", ""file"", ""redis"", ""mysql""}) SessionConfig = new(session.Config) SessionConfig.ProviderConfig = strings.Trim(Cfg.MustValue(""session"", ""PROVIDER_CONFIG""), ""\"" "") SessionConfig.CookieName = Cfg.MustValue(""session"", ""COOKIE_NAME"", ""i_like_gogits"") SessionConfig.CookiePath = AppSubUrl SessionConfig.Secure = Cfg.MustBool(""session"", ""COOKIE_SECURE"") SessionConfig.EnableSetCookie = Cfg.MustBool(""session"", ""ENABLE_SET_COOKIE"", true) SessionConfig.Gclifetime = Cfg.MustInt64(""session"", ""GC_INTERVAL_TIME"", 86400) SessionConfig.Maxlifetime = Cfg.MustInt64(""session"", ""SESSION_LIFE_TIME"", 86400) SessionConfig.SessionIDHashFunc = Cfg.MustValueRange(""session"", ""SESSION_ID_HASHFUNC"", ""sha1"", []string{""sha1"", ""sha256"", ""md5""}) SessionConfig.SessionIDHashKey = Cfg.MustValue(""session"", ""SESSION_ID_HASHKEY"", string(com.RandomCreateBytes(16))) if SessionProvider == ""file"" { os.MkdirAll(path.Dir(SessionConfig.ProviderConfig), os.ModePerm) } log.Info(""Session Service Enabled"") }",True,Go,newSessionService,setting.go,https://github.com/gogits/gogs,gogits,Unknwon,2014-11-04 11:37:15-05:00,fix session API broken and SQL pretection,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2014-8682,"func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { opt.Keyword = FilterSQLInject(opt.Keyword) if len(opt.Keyword) == 0 { return repos, nil } opt.Keyword = strings.ToLower(opt.Keyword) repos = make([]*Repository, 0, opt.Limit) sess := x.Limit(opt.Limit) if opt.Uid > 0 { sess.Where(""owner_id=?"", opt.Uid) } if !opt.Private { sess.And(""is_private=false"") } sess.And(""lower_name like ?"", ""%""+opt.Keyword+""%"").Find(&repos) return repos, err }"
74,"func main() { log.Println(""[i] Server started"") db, err := sql.Open(""postgres"", ""user=appread dbname='quantifiedSelf' sslmode=disable"") failOnError(err, ""Error connecting to database"") defer db.Close() http.HandleFunc(""/data/all/"", func(w http.ResponseWriter, r *http.Request) { var output string err := db.QueryRow(`SELECT json_agg(r) FROM (SELECT * FROM trello.cards) r;`).Scan(&output) if err != nil { log.Println(""Error retriving from DB, "", err) w.WriteHeader(http.StatusInternalServerError) fmt.Fprintln(w, ""Error retriving from DB, "", err) return } fmt.Fprint(w, output) }) r := mux.NewRouter() r.HandleFunc(""/api"", func(w http.ResponseWriter, r *http.Request) { fmt.Fprintln(w, ""dla;jfkdlsajflkdsa;jfk;ldsajfklds;a"") }) r.HandleFunc(""/api/totals/last/{num}"", func(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) var output string query := fmt.Sprintf(`SELECT json_agg(r) FROM (select EXTRACT(epoch FROM day) as day, end_of_day_total from trello.dailytallies order by day DESC limit %s) r;`, vars[""num""]) err := db.QueryRow(query).Scan(&output) if err != nil { log.Println(""Error retriving from DB, "", err) w.WriteHeader(http.StatusInternalServerError) fmt.Fprintln(w, ""Error retriving from DB, "", err) return } w.Header().Set(""Content-Type"", ""application/json"") fmt.Fprint(w, output) }) r.HandleFunc(""/api/diffs/last/{num}"", func(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) var output string query := fmt.Sprintf(`SELECT json_agg(r) FROM (select EXTRACT(epoch FROM day) as day, up_count, down_count, finished_count from trello.dailytallies order by day DESC limit %s) r;`, vars[""num""]) err := db.QueryRow(query).Scan(&output) if err != nil { log.Println(""Error retriving from DB, "", err) w.WriteHeader(http.StatusInternalServerError) fmt.Fprintln(w, ""Error retriving from DB, "", err) return } w.Header().Set(""Content-Type"", ""application/json"") fmt.Fprint(w, output) }) r.PathPrefix(""/"").Handler(http.FileServer(http.Dir(""../ui""))) http.Handle(""/"", r) log.Println(""[i] Serving on "", servport, ""\n\tWaiting..."") log.Fatal(http.ListenAndServe(servport, nil)) log.Println(""[i] Shutting down..."") }",True,Go,main,srv.go,https://github.com/Fumon/trello-octometric,Fumon,Jade Bilkey,2015-01-25 13:04:04-05:00,Fixed sql injection,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10023,"func SearchUserByName(opt SearchOption) (us []*User, err error) { opt.Keyword = FilterSQLInject(opt.Keyword) if len(opt.Keyword) == 0 { return us, nil } opt.Keyword = strings.ToLower(opt.Keyword) us = make([]*User, 0, opt.Limit) err = x.Limit(opt.Limit).Where(""type=0"").And(""lower_name like ?"", ""%""+opt.Keyword+""%"").Find(&us) return us, err }"
78,"func (f *FileStorage) storagePathFor(contentID string) string { return path.Join(f.path, contentID) }",True,Go,storagePathFor,file_storage.go,https://github.com/hoffie/larasync,hoffie,Christian Hoffmann,2015-01-20 23:21:00+01:00,repository/content: fix potential (authenticated) path traversal (#195),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2015-10024,"func main() { log.Println(""[i] Server started"") db, err := sql.Open(""postgres"", ""user=appread dbname='quantifiedSelf' sslmode=disable"") failOnError(err, ""Error connecting to database"") defer db.Close() http.HandleFunc(""/data/all/"", func(w http.ResponseWriter, r *http.Request) { var output string err := db.QueryRow(`SELECT json_agg(r) FROM (SELECT * FROM trello.cards) r;`).Scan(&output) if err != nil { log.Println(""Error retriving from DB, "", err) w.WriteHeader(http.StatusInternalServerError) fmt.Fprintln(w, ""Error retriving from DB, "", err) return } fmt.Fprint(w, output) }) r := mux.NewRouter() r.HandleFunc(""/api"", func(w http.ResponseWriter, r *http.Request) { fmt.Fprintln(w, ""dla;jfkdlsajflkdsa;jfk;ldsajfklds;a"") }) r.HandleFunc(""/api/totals/last/{num}"", func(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) var output string query := `SELECT json_agg(r) FROM (select EXTRACT(epoch FROM day) as day, end_of_day_total from trello.dailytallies order by day DESC limit $1) r;` err := db.QueryRow(query, vars[""num""]).Scan(&output) if err != nil { log.Println(""Error retriving from DB, "", err) w.WriteHeader(http.StatusInternalServerError) fmt.Fprintln(w, ""Error retriving from DB, "", err) return } w.Header().Set(""Content-Type"", ""application/json"") fmt.Fprint(w, output) }) r.HandleFunc(""/api/diffs/last/{num}"", func(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) var output string query := `SELECT json_agg(r) FROM (select EXTRACT(epoch FROM day) as day, up_count, down_count, finished_count from trello.dailytallies order by day DESC limit $1) r;` err := db.QueryRow(query, vars[""num""]).Scan(&output) if err != nil { log.Println(""Error retriving from DB, "", err) w.WriteHeader(http.StatusInternalServerError) fmt.Fprintln(w, ""Error retriving from DB, "", err) return } w.Header().Set(""Content-Type"", ""application/json"") fmt.Fprint(w, output) }) r.PathPrefix(""/"").Handler(http.FileServer(http.Dir(""../ui""))) http.Handle(""/"", r) log.Println(""[i] Serving on "", servport, ""\n\tWaiting..."") log.Fatal(http.ListenAndServe(servport, nil)) log.Println(""[i] Shutting down..."") }"
79,"func (f *FileStorage) Set(contentID string, reader io.Reader) error { blobStoragePath := f.storagePathFor(contentID) writer, err := atomic.NewStandardWriter(blobStoragePath, defaultFilePerms) if err != nil { return err } _, err = io.Copy(writer, reader) if err != nil { writer.Abort() writer.Close() return err } err = writer.Close() if err != nil { return err } return nil }",True,Go,Set,file_storage.go,https://github.com/hoffie/larasync,hoffie,Christian Hoffmann,2015-01-20 23:21:00+01:00,repository/content: fix potential (authenticated) path traversal (#195),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2015-10024,"func (f *FileStorage) storagePathFor(contentID string) (string, error) { p := path.Join(f.path, contentID) p = filepath.Clean(p) root := f.path if !strings.HasPrefix(p, root) { return """", ErrInvalidPath } return p, nil }"
80,"func (f *FileStorage) Exists(contentID string) bool { _, err := os.Stat(f.storagePathFor(contentID)) if err != nil { return !os.IsNotExist(err) } return true }",True,Go,Exists,file_storage.go,https://github.com/hoffie/larasync,hoffie,Christian Hoffmann,2015-01-20 23:21:00+01:00,repository/content: fix potential (authenticated) path traversal (#195),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2015-10024,"func (f *FileStorage) Set(contentID string, reader io.Reader) error { blobStoragePath, err := f.storagePathFor(contentID) if err != nil { return err } writer, err := atomic.NewStandardWriter(blobStoragePath, defaultFilePerms) if err != nil { return err } _, err = io.Copy(writer, reader) if err != nil { writer.Abort() writer.Close() return err } err = writer.Close() if err != nil { return err } return nil }"
82,func (f *FileStorage) Delete(contentID string) error { return os.Remove(f.storagePathFor(contentID)) },True,Go,Delete,file_storage.go,https://github.com/hoffie/larasync,hoffie,Christian Hoffmann,2015-01-20 23:21:00+01:00,repository/content: fix potential (authenticated) path traversal (#195),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2015-10024,"func (f *FileStorage) Exists(contentID string) bool { p, err := f.storagePathFor(contentID) if err != nil { return false } _, err = os.Stat(p) if err != nil { return !os.IsNotExist(err) } return true }"
85,"func (f *FileStorage) Get(contentID string) (io.ReadCloser, error) { if f.Exists(contentID) { return os.Open(f.storagePathFor(contentID)) } return nil, os.ErrNotExist }",True,Go,Get,file_storage.go,https://github.com/hoffie/larasync,hoffie,Christian Hoffmann,2015-01-20 23:21:00+01:00,repository/content: fix potential (authenticated) path traversal (#195),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2015-10024,"func (f *FileStorage) Delete(contentID string) error { p, err := f.storagePathFor(contentID) if err != nil { return err } return os.Remove(p) }"
88,"func getCredentials(request *http.Request) (userName string, password string) { if cookie, err := request.Cookie(""Credentials""); err == nil { cookieValue := make(map[string]string) if err = cookieHandler.Decode(""Credentials"", cookie.Value, &cookieValue); err == nil { userName = cookieValue[""user""] password = cookieValue[""passwd""] } } return userName, password }",True,Go,getCredentials,auth.go,https://github.com/gophergala/sqldump,gophergala,micha-p,2015-01-25 02:26:19+01:00,Protection against sql injection doesnt work with ? for table. Using HTMLEscapeString instead,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10044,"func (f *FileStorage) Get(contentID string) (io.ReadCloser, error) { if !f.Exists(contentID) { return nil, os.ErrNotExist } p, err := f.storagePathFor(contentID) if err != nil { return nil, err } return os.Open(p) }"
92,"func clearCredentials(w http.ResponseWriter) { cookie := &http.Cookie{ Name: ""Credentials"", Value: """", Path: ""/"", MaxAge: -1, } http.SetCookie(w, cookie) }",True,Go,clearCredentials,auth.go,https://github.com/gophergala/sqldump,gophergala,micha-p,2015-01-25 02:26:19+01:00,Protection against sql injection doesnt work with ? for table. Using HTMLEscapeString instead,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10044,"func getCredentials(request *http.Request) (userName string, password string, host string, port string) { if cookie, err := request.Cookie(""Datasource""); err == nil { cookieValue := make(map[string]string) if err = cookieHandler.Decode(""Datasource"", cookie.Value, &cookieValue); err == nil { userName = cookieValue[""user""] password = cookieValue[""passwd""] host = cookieValue[""host""] port = cookieValue[""port""] } } return userName, password, host, port }"
94,"func setCredentials(userName string, pw string, w http.ResponseWriter) { value := map[string]string{ ""user"": userName, ""passwd"": pw, } if encoded, err := cookieHandler.Encode(""Credentials"", value); err == nil { cookie := &http.Cookie{ Name: ""Credentials"", Value: encoded, Path: ""/"", } http.SetCookie(w, cookie) } }",True,Go,setCredentials,auth.go,https://github.com/gophergala/sqldump,gophergala,micha-p,2015-01-25 02:26:19+01:00,Protection against sql injection doesnt work with ? for table. Using HTMLEscapeString instead,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10044,"func clearCredentials(w http.ResponseWriter) { cookie := &http.Cookie{ Name: ""Datasource"", Value: """", Path: ""/"", MaxAge: -1, } http.SetCookie(w, cookie) }"
95,"func loginHandler(w http.ResponseWriter, request *http.Request) { user := request.FormValue(""user"") pass := request.FormValue(""password"") if user != """" && pass != """" { setCredentials(user, pass, w) } http.Redirect(w, request, ""/"", 302) }",True,Go,loginHandler,auth.go,https://github.com/gophergala/sqldump,gophergala,micha-p,2015-01-25 02:26:19+01:00,Protection against sql injection doesnt work with ? for table. Using HTMLEscapeString instead,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10044,"func setCredentials( w http.ResponseWriter, userName string, pw string, host string, port string) { value := map[string]string{ ""user"": userName, ""passwd"": pw, ""host"": host, ""port"": port, } if encoded, err := cookieHandler.Encode(""Datasource"", value); err == nil { cookie := &http.Cookie{ Name: ""Datasource"", Value: encoded, Path: ""/"", } http.SetCookie(w, cookie) } }"
97,"func dsn(user string, pw string, db string) string { return user + "":"" + pw + ""@tcp("" + host + "":"" + port + "")/"" + db }",True,Go,dsn,aux.go,https://github.com/gophergala/sqldump,gophergala,micha-p,2015-01-25 02:26:19+01:00,Protection against sql injection doesnt work with ? for table. Using HTMLEscapeString instead,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10044,"func loginHandler(w http.ResponseWriter, request *http.Request) { user := request.FormValue(""user"") pass := request.FormValue(""password"") host := request.FormValue(""host"") port := request.FormValue(""port"") if user != """" && pass != """" { setCredentials(w, user, pass, host, port) } http.Redirect(w, request, ""/"", 302) }"
99,"func dumprecord(w http.ResponseWriter, r *http.Request, parray []string) { database := parray[0] table := parray[1] rec, err := strconv.Atoi(parray[2]) checkY(err) user, pw := getCredentials(r) conn, err := sql.Open(""mysql"", dsn(user, pw, database)) checkY(err) defer conn.Close() statement, err := conn.Prepare(""select * from ?"") checkY(err) rows, err := statement.Query(table) checkY(err) defer rows.Close() columns, err := rows.Columns() checkY(err) raw := make([]interface{}, len(columns)) val := make([]interface{}, len(columns)) for i := range val { raw[i] = &val[i] } var n int = 1 rowLoop: for rows.Next() { if n == rec { err = rows.Scan(raw...) checkY(err) fmt.Fprintln(w, ""<p>"") for i, col := range val { if col != nil { fmt.Fprintln(w, columns[i], "":"", string(col.([]byte)), ""<br>"") } } fmt.Fprintln(w, ""</p>"") break rowLoop } n = n + 1 } }",True,Go,dumprecord,dump.go,https://github.com/gophergala/sqldump,gophergala,micha-p,2015-01-25 02:26:19+01:00,Protection against sql injection doesnt work with ? for table. Using HTMLEscapeString instead,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10044,"func dsn(user string, pw string, host string, port string, db string) string { return user + "":"" + pw + ""@tcp("" + host + "":"" + port + "")/"" + db }"
100,"func dumpdb(w http.ResponseWriter, r *http.Request, parray []string) { user, pw := getCredentials(r) database := parray[0] conn, err := sql.Open(""mysql"", dsn(user, pw, database)) checkY(err) defer conn.Close() statement, err := conn.Prepare(""show tables"") checkY(err) rows, err := statement.Query() checkY(err) defer rows.Close() var n int = 1 for rows.Next() { var field string rows.Scan(&field) fmt.Fprint(w, linkDeeper(r.URL.Path, field, ""T[""+strconv.Itoa(n)+""]"")) fmt.Fprintln(w, "" "", field, ""<br>"") n = n + 1 } }",True,Go,dumpdb,dump.go,https://github.com/gophergala/sqldump,gophergala,micha-p,2015-01-25 02:26:19+01:00,Protection against sql injection doesnt work with ? for table. Using HTMLEscapeString instead,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10044,"func dumprecord(w http.ResponseWriter, r *http.Request, parray []string) { database := parray[0] table := parray[1] rec, err := strconv.Atoi(parray[2]) checkY(err) user, pw, h, p := getCredentials(r) conn, err := sql.Open(""mysql"", dsn(user, pw, h, p, database)) checkY(err) defer conn.Close() statement, err := conn.Prepare(""select * from "" + template.HTMLEscapeString(table)) checkY(err) rows, err := statement.Query() checkY(err) defer rows.Close() columns, err := rows.Columns() checkY(err) raw := make([]interface{}, len(columns)) val := make([]interface{}, len(columns)) for i := range val { raw[i] = &val[i] } var n int = 1 rowLoop: for rows.Next() { if n == rec { err = rows.Scan(raw...) checkY(err) fmt.Fprintln(w, ""<p>"") for i, col := range val { if col != nil { fmt.Fprintln(w, columns[i], "":"", string(col.([]byte)), ""<br>"") } } fmt.Fprintln(w, ""</p>"") break rowLoop } n = n + 1 } }"
103,"func dumptable(w http.ResponseWriter, r *http.Request, parray []string) { user, pw := getCredentials(r) database := parray[0] table := parray[1] conn, err := sql.Open(""mysql"", dsn(user, pw, database)) checkY(err) defer conn.Close() statement, err := conn.Prepare(""select * from ?"") checkY(err) rows, err := statement.Query(table) checkY(err) defer rows.Close() cols, err := rows.Columns() checkY(err) fmt.Fprintln(w, ""<p>""+""# ""+strings.Join(cols, "" "")+""</p>"") raw := make([]interface{}, len(cols)) val := make([]interface{}, len(cols)) for i := range val { raw[i] = &val[i] } var n int = 1 for rows.Next() { fmt.Fprint(w, linkDeeper(r.URL.Path, strconv.Itoa(n), strconv.Itoa(n))) err = rows.Scan(raw...) checkY(err) for _, col := range val { if col != nil { fmt.Fprintf(w, ""%s "", string(col.([]byte))) } } fmt.Fprintln(w, ""<br>"") n = n + 1 } }",True,Go,dumptable,dump.go,https://github.com/gophergala/sqldump,gophergala,micha-p,2015-01-25 02:26:19+01:00,Protection against sql injection doesnt work with ? for table. Using HTMLEscapeString instead,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10044,"func dumpdb(w http.ResponseWriter, r *http.Request, parray []string) { user, pw, h, p := getCredentials(r) database := parray[0] conn, err := sql.Open(""mysql"", dsn(user, pw, h, p, database)) checkY(err) defer conn.Close() statement, err := conn.Prepare(""show tables"") checkY(err) rows, err := statement.Query() checkY(err) defer rows.Close() var n int = 1 for rows.Next() { var field string rows.Scan(&field) fmt.Fprint(w, linkDeeper(r.URL.Path, field, ""T[""+strconv.Itoa(n)+""]"")) fmt.Fprintln(w, "" "", field, ""<br>"") n = n + 1 } }"
105,"func home(w http.ResponseWriter, r *http.Request) { user, pw := getCredentials(r) conn, err := sql.Open(""mysql"", dsn(user, pw, database)) checkY(err) defer conn.Close() statement, err := conn.Prepare(""show databases"") checkY(err) rows, err := statement.Query() checkY(err) defer rows.Close() var n int = 1 for rows.Next() { var field string rows.Scan(&field) fmt.Fprint(w, linkDeeper("""", field, ""DB[""+strconv.Itoa(n)+""]"")) fmt.Fprintln(w, "" "", field, ""<br>"") n = n + 1 } }",True,Go,home,dump.go,https://github.com/gophergala/sqldump,gophergala,micha-p,2015-01-25 02:26:19+01:00,Protection against sql injection doesnt work with ? for table. Using HTMLEscapeString instead,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10044,"func dumptable(w http.ResponseWriter, r *http.Request, parray []string) { user, pw, h, p := getCredentials(r) database := parray[0] table := parray[1] conn, err := sql.Open(""mysql"", dsn(user, pw, h, p, database)) checkY(err) defer conn.Close() statement, err := conn.Prepare(""select * from "" + template.HTMLEscapeString(table)) checkY(err) rows, err := statement.Query() checkY(err) defer rows.Close() cols, err := rows.Columns() checkY(err) fmt.Fprintln(w, ""<p>""+""# ""+strings.Join(cols, "" "")+""</p>"") raw := make([]interface{}, len(cols)) val := make([]interface{}, len(cols)) for i := range val { raw[i] = &val[i] } var n int = 1 for rows.Next() { fmt.Fprint(w, linkDeeper(r.URL.Path, strconv.Itoa(n), strconv.Itoa(n))) err = rows.Scan(raw...) checkY(err) for _, col := range val { if col != nil { fmt.Fprintf(w, ""%s "", string(col.([]byte))) } } fmt.Fprintln(w, ""<br>"") n = n + 1 } }"
106,"func indexHandler(w http.ResponseWriter, r *http.Request) { u, _ := getCredentials(r) if u != """" { fmt.Fprintln(w, ""<h1>"", u, ""</h1>"") pathHandler(w, r) } else { loginPageHandler(w, r) } }",True,Go,indexHandler,sqldump.go,https://github.com/gophergala/sqldump,gophergala,micha-p,2015-01-25 02:26:19+01:00,Protection against sql injection doesnt work with ? for table. Using HTMLEscapeString instead,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10044,"func home(w http.ResponseWriter, r *http.Request) { user, pw, h , p := getCredentials(r) conn, err := sql.Open(""mysql"", dsn(user, pw, h, p, database)) checkY(err) defer conn.Close() statement, err := conn.Prepare(""show databases"") checkY(err) rows, err := statement.Query() checkY(err) defer rows.Close() var n int = 1 for rows.Next() { var field string rows.Scan(&field) fmt.Fprint(w, linkDeeper("""", field, ""DB[""+strconv.Itoa(n)+""]"")) fmt.Fprintln(w, "" "", field, ""<br>"") n = n + 1 } }"
108,"func (set *IdmapSet) doUidshiftIntoContainer(dir string, testmode bool, how string) error { convert := func(path string, fi os.FileInfo, err error) (e error) { uid, gid, err := GetOwner(path) if err != nil { return err } var newuid, newgid int switch how { case ""in"": newuid, newgid = set.ShiftIntoNs(uid, gid) case ""out"": newuid, newgid = set.ShiftFromNs(uid, gid) } if testmode { fmt.Printf(""I would shift %q to %d %d\n"", path, newuid, newgid) } else { err = os.Lchown(path, int(newuid), int(newgid)) if err == nil { m := fi.Mode() if m&os.ModeSymlink == 0 { err = os.Chmod(path, m) if err != nil { fmt.Printf(""Error resetting mode on %q, continuing\n"", path) } } } } return nil } if !PathExists(dir) { return fmt.Errorf(""No such file or directory: %q"", dir) } return filepath.Walk(dir, convert) }",True,Go,doUidshiftIntoContainer,idmapset_linux.go,https://github.com/lxc/lxd,lxc,Stéphane Graber,2015-10-04 16:58:56+01:00,"CVE-2015-1340: Fix race condition between fchown and chmod in idmapset

Shifting a container filesystem in an environment where a user can
modify the container's filesystem as it's being shifted (for example if
the LXD server's / was shared over the network) would allow them to make
use of a race (TOCTOU) between the chown and chmod operations, allowing
for an arbitrary path to be chmod-ed rather than the planned container
path.

The fix is to use a file descriptor to the entry being processed,
validate that the entry itself is sane and then interact with the fd.

This is CVE-2015-1340

Reported-by: Seth Arnold
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2015-1340,"func indexHandler(w http.ResponseWriter, r *http.Request) { user , _ , host , port := getCredentials(r) if user != """" { fmt.Fprintln(w, ""<p>"", user + ""@"" + host + "":"" + port, ""</p>"") pathHandler(w, r) } else { loginPageHandler(w, r) } }"
112,"func (c *linuxContainer) newSetnsProcess(p *Process, cmd *exec.Cmd, messageSockPair, logFilePair filePair) (*setnsProcess, error) { cmd.Env = append(cmd.Env, ""_LIBCONTAINER_INITTYPE=""+string(initSetns)) state, err := c.currentState() if err != nil { return nil, fmt.Errorf(""unable to get container state: %w"", err) } data, err := c.bootstrapData(0, state.NamespacePaths) if err != nil { return nil, err } proc := &setnsProcess{ cmd: cmd, cgroupPaths: state.CgroupPaths, rootlessCgroups: c.config.RootlessCgroups, intelRdtPath: state.IntelRdtPath, messageSockPair: messageSockPair, logFilePair: logFilePair, manager: c.cgroupManager, config: c.newInitConfig(p), process: p, bootstrapData: data, initProcessPid: state.InitProcessPid, } if len(p.SubCgroupPaths) > 0 { if add, ok := p.SubCgroupPaths[""""]; ok { for k := range proc.cgroupPaths { proc.cgroupPaths[k] = path.Join(proc.cgroupPaths[k], add) } proc.initProcessPid = 0 } else { for ctrl, add := range p.SubCgroupPaths { if val, ok := proc.cgroupPaths[ctrl]; ok { proc.cgroupPaths[ctrl] = path.Join(val, add) } else { return nil, fmt.Errorf(""unknown controller %s in SubCgroupPaths"", ctrl) } } } } return proc, nil }",True,Go,newSetnsProcess,container_linux.go,https://github.com/opencontainers/runc,opencontainers,Rodrigo Campos,2021-10-12 15:13:45+02:00,"Open bind mount sources from the host userns

The source of the bind mount might not be accessible in a different user
namespace because a component of the source path might not be traversed
under the users and groups mapped inside the user namespace. This caused
errors such as the following:

  # time=""2020-06-22T13:48:26Z"" level=error msg=""container_linux.go:367:
  starting container process caused: process_linux.go:459:
  container init caused: rootfs_linux.go:58:
  mounting \""/tmp/busyboxtest/source-inaccessible/dir\""
  to rootfs at \""/tmp/inaccessible\"" caused:
  stat /tmp/busyboxtest/source-inaccessible/dir: permission denied""

To solve this problem, this patch performs the following:

1. in nsexec.c, it opens the source path in the host userns (so we have
   the right permissions to open it) but in the container mntns (so the
   kernel cross mntns mount check let us mount it later:
   https://github.com/torvalds/linux/blob/v5.8/fs/namespace.c#L2312).

2. in nsexec.c, it passes the file descriptors of the source to the
   child process with SCM_RIGHTS.

3. In runc-init in Golang, it finishes the mounts while inside the
   userns even without access to the some components of the source
   paths.

Passing the fds with SCM_RIGHTS is necessary because once the child
process is in the container mntns, it is already in the container userns
so it cannot temporarily join the host mntns.

This patch uses the existing mechanism with _LIBCONTAINER_* environment
variables to pass the file descriptors from runc to runc init.

This patch uses the existing mechanism with the Netlink-style bootstrap
to pass information about the list of source mounts to nsexec.c.

Rootless containers don't use this bind mount sources fdpassing
mechanism because we can't setns() to the target mntns in a rootless
container (we don't have the privileges when we are in the host userns).

This patch takes care of using O_CLOEXEC on mount fds, and close them
early.

Fixes: #2484.

Signed-off-by: Alban Crequy <alban@kinvolk.io>
Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
Co-authored-by: Rodrigo Campos <rodrigo@kinvolk.io>",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2021-43784,"func (set *IdmapSet) doUidshiftIntoContainer(dir string, testmode bool, how string) error { dir = strings.TrimRight(dir, ""/"") convert := func(path string, fi os.FileInfo, err error) (e error) { uid, gid, err := GetOwner(path) if err != nil { return err } var newuid, newgid int switch how { case ""in"": newuid, newgid = set.ShiftIntoNs(uid, gid) case ""out"": newuid, newgid = set.ShiftFromNs(uid, gid) } if testmode { fmt.Printf(""I would shift %q to %d %d\n"", path, newuid, newgid) } else { err = ShiftOwner(dir, path, int(newuid), int(newgid)) if err != nil { return err } } return nil } if !PathExists(dir) { return fmt.Errorf(""No such file or directory: %q"", dir) } return filepath.Walk(dir, convert) }"
113,"func (c *linuxContainer) newInitProcess(p *Process, cmd *exec.Cmd, messageSockPair, logFilePair filePair) (*initProcess, error) { cmd.Env = append(cmd.Env, ""_LIBCONTAINER_INITTYPE=""+string(initStandard)) nsMaps := make(map[configs.NamespaceType]string) for _, ns := range c.config.Namespaces { if ns.Path != """" { nsMaps[ns.Type] = ns.Path } } _, sharePidns := nsMaps[configs.NEWPID] data, err := c.bootstrapData(c.config.Namespaces.CloneFlags(), nsMaps) if err != nil { return nil, err } init := &initProcess{ cmd: cmd, messageSockPair: messageSockPair, logFilePair: logFilePair, manager: c.cgroupManager, intelRdtManager: c.intelRdtManager, config: c.newInitConfig(p), container: c, process: p, bootstrapData: data, sharePidns: sharePidns, } c.initProcess = init return init, nil }",True,Go,newInitProcess,container_linux.go,https://github.com/opencontainers/runc,opencontainers,Rodrigo Campos,2021-10-12 15:13:45+02:00,"Open bind mount sources from the host userns

The source of the bind mount might not be accessible in a different user
namespace because a component of the source path might not be traversed
under the users and groups mapped inside the user namespace. This caused
errors such as the following:

  # time=""2020-06-22T13:48:26Z"" level=error msg=""container_linux.go:367:
  starting container process caused: process_linux.go:459:
  container init caused: rootfs_linux.go:58:
  mounting \""/tmp/busyboxtest/source-inaccessible/dir\""
  to rootfs at \""/tmp/inaccessible\"" caused:
  stat /tmp/busyboxtest/source-inaccessible/dir: permission denied""

To solve this problem, this patch performs the following:

1. in nsexec.c, it opens the source path in the host userns (so we have
   the right permissions to open it) but in the container mntns (so the
   kernel cross mntns mount check let us mount it later:
   https://github.com/torvalds/linux/blob/v5.8/fs/namespace.c#L2312).

2. in nsexec.c, it passes the file descriptors of the source to the
   child process with SCM_RIGHTS.

3. In runc-init in Golang, it finishes the mounts while inside the
   userns even without access to the some components of the source
   paths.

Passing the fds with SCM_RIGHTS is necessary because once the child
process is in the container mntns, it is already in the container userns
so it cannot temporarily join the host mntns.

This patch uses the existing mechanism with _LIBCONTAINER_* environment
variables to pass the file descriptors from runc to runc init.

This patch uses the existing mechanism with the Netlink-style bootstrap
to pass information about the list of source mounts to nsexec.c.

Rootless containers don't use this bind mount sources fdpassing
mechanism because we can't setns() to the target mntns in a rootless
container (we don't have the privileges when we are in the host userns).

This patch takes care of using O_CLOEXEC on mount fds, and close them
early.

Fixes: #2484.

Signed-off-by: Alban Crequy <alban@kinvolk.io>
Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
Co-authored-by: Rodrigo Campos <rodrigo@kinvolk.io>",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2021-43784,"func (c *linuxContainer) newSetnsProcess(p *Process, cmd *exec.Cmd, messageSockPair, logFilePair filePair) (*setnsProcess, error) { cmd.Env = append(cmd.Env, ""_LIBCONTAINER_INITTYPE=""+string(initSetns)) state, err := c.currentState() if err != nil { return nil, fmt.Errorf(""unable to get container state: %w"", err) } data, err := c.bootstrapData(0, state.NamespacePaths, initSetns) if err != nil { return nil, err } proc := &setnsProcess{ cmd: cmd, cgroupPaths: state.CgroupPaths, rootlessCgroups: c.config.RootlessCgroups, intelRdtPath: state.IntelRdtPath, messageSockPair: messageSockPair, logFilePair: logFilePair, manager: c.cgroupManager, config: c.newInitConfig(p), process: p, bootstrapData: data, initProcessPid: state.InitProcessPid, } if len(p.SubCgroupPaths) > 0 { if add, ok := p.SubCgroupPaths[""""]; ok { for k := range proc.cgroupPaths { proc.cgroupPaths[k] = path.Join(proc.cgroupPaths[k], add) } proc.initProcessPid = 0 } else { for ctrl, add := range p.SubCgroupPaths { if val, ok := proc.cgroupPaths[ctrl]; ok { proc.cgroupPaths[ctrl] = path.Join(val, add) } else { return nil, fmt.Errorf(""unknown controller %s in SubCgroupPaths"", ctrl) } } } } return proc, nil }"
115,"func (c *linuxContainer) makeCriuRestoreMountpoints(m *configs.Mount) error { switch m.Device { case ""cgroup"": return nil case ""bind"": if err := prepareBindMount(m, c.config.Rootfs); err != nil { return err } default: dest, err := securejoin.SecureJoin(c.config.Rootfs, m.Destination) if err != nil { return err } if err := checkProcMount(c.config.Rootfs, dest, """"); err != nil { return err } if err := os.MkdirAll(dest, 0o755); err != nil { return err } } return nil }",True,Go,makeCriuRestoreMountpoints,container_linux.go,https://github.com/opencontainers/runc,opencontainers,Rodrigo Campos,2021-10-12 15:13:45+02:00,"Open bind mount sources from the host userns

The source of the bind mount might not be accessible in a different user
namespace because a component of the source path might not be traversed
under the users and groups mapped inside the user namespace. This caused
errors such as the following:

  # time=""2020-06-22T13:48:26Z"" level=error msg=""container_linux.go:367:
  starting container process caused: process_linux.go:459:
  container init caused: rootfs_linux.go:58:
  mounting \""/tmp/busyboxtest/source-inaccessible/dir\""
  to rootfs at \""/tmp/inaccessible\"" caused:
  stat /tmp/busyboxtest/source-inaccessible/dir: permission denied""

To solve this problem, this patch performs the following:

1. in nsexec.c, it opens the source path in the host userns (so we have
   the right permissions to open it) but in the container mntns (so the
   kernel cross mntns mount check let us mount it later:
   https://github.com/torvalds/linux/blob/v5.8/fs/namespace.c#L2312).

2. in nsexec.c, it passes the file descriptors of the source to the
   child process with SCM_RIGHTS.

3. In runc-init in Golang, it finishes the mounts while inside the
   userns even without access to the some components of the source
   paths.

Passing the fds with SCM_RIGHTS is necessary because once the child
process is in the container mntns, it is already in the container userns
so it cannot temporarily join the host mntns.

This patch uses the existing mechanism with _LIBCONTAINER_* environment
variables to pass the file descriptors from runc to runc init.

This patch uses the existing mechanism with the Netlink-style bootstrap
to pass information about the list of source mounts to nsexec.c.

Rootless containers don't use this bind mount sources fdpassing
mechanism because we can't setns() to the target mntns in a rootless
container (we don't have the privileges when we are in the host userns).

This patch takes care of using O_CLOEXEC on mount fds, and close them
early.

Fixes: #2484.

Signed-off-by: Alban Crequy <alban@kinvolk.io>
Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
Co-authored-by: Rodrigo Campos <rodrigo@kinvolk.io>",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2021-43784,"func (c *linuxContainer) newInitProcess(p *Process, cmd *exec.Cmd, messageSockPair, logFilePair filePair) (*initProcess, error) { cmd.Env = append(cmd.Env, ""_LIBCONTAINER_INITTYPE=""+string(initStandard)) nsMaps := make(map[configs.NamespaceType]string) for _, ns := range c.config.Namespaces { if ns.Path != """" { nsMaps[ns.Type] = ns.Path } } _, sharePidns := nsMaps[configs.NEWPID] data, err := c.bootstrapData(c.config.Namespaces.CloneFlags(), nsMaps, initStandard) if err != nil { return nil, err } if c.shouldSendMountSources() { mountFds := make([]int, len(c.config.Mounts)) for i, m := range c.config.Mounts { if !m.IsBind() { mountFds[i] = -1 continue } cmd.ExtraFiles = append(cmd.ExtraFiles, messageSockPair.child) mountFds[i] = stdioFdCount + len(cmd.ExtraFiles) - 1 } mountFdsJson, err := json.Marshal(mountFds) if err != nil { return nil, fmt.Errorf(""Error creating _LIBCONTAINER_MOUNT_FDS: %w"", err) } cmd.Env = append(cmd.Env, ""_LIBCONTAINER_MOUNT_FDS=""+string(mountFdsJson), ) } init := &initProcess{ cmd: cmd, messageSockPair: messageSockPair, logFilePair: logFilePair, manager: c.cgroupManager, intelRdtManager: c.intelRdtManager, config: c.newInitConfig(p), container: c, process: p, bootstrapData: data, sharePidns: sharePidns, } c.initProcess = init return init, nil }"
119,"func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, logFd int) (initer, error) { var config *initConfig if err := json.NewDecoder(pipe).Decode(&config); err != nil { return nil, err } if err := populateProcessEnvironment(config.Env); err != nil { return nil, err } switch t { case initSetns: return &linuxSetnsInit{ pipe: pipe, consoleSocket: consoleSocket, config: config, logFd: logFd, }, nil case initStandard: return &linuxStandardInit{ pipe: pipe, consoleSocket: consoleSocket, parentPid: unix.Getppid(), config: config, fifoFd: fifoFd, logFd: logFd, }, nil } return nil, fmt.Errorf(""unknown init type %q"", t) }",True,Go,newContainerInit,init_linux.go,https://github.com/opencontainers/runc,opencontainers,Rodrigo Campos,2021-10-12 15:13:45+02:00,"Open bind mount sources from the host userns

The source of the bind mount might not be accessible in a different user
namespace because a component of the source path might not be traversed
under the users and groups mapped inside the user namespace. This caused
errors such as the following:

  # time=""2020-06-22T13:48:26Z"" level=error msg=""container_linux.go:367:
  starting container process caused: process_linux.go:459:
  container init caused: rootfs_linux.go:58:
  mounting \""/tmp/busyboxtest/source-inaccessible/dir\""
  to rootfs at \""/tmp/inaccessible\"" caused:
  stat /tmp/busyboxtest/source-inaccessible/dir: permission denied""

To solve this problem, this patch performs the following:

1. in nsexec.c, it opens the source path in the host userns (so we have
   the right permissions to open it) but in the container mntns (so the
   kernel cross mntns mount check let us mount it later:
   https://github.com/torvalds/linux/blob/v5.8/fs/namespace.c#L2312).

2. in nsexec.c, it passes the file descriptors of the source to the
   child process with SCM_RIGHTS.

3. In runc-init in Golang, it finishes the mounts while inside the
   userns even without access to the some components of the source
   paths.

Passing the fds with SCM_RIGHTS is necessary because once the child
process is in the container mntns, it is already in the container userns
so it cannot temporarily join the host mntns.

This patch uses the existing mechanism with _LIBCONTAINER_* environment
variables to pass the file descriptors from runc to runc init.

This patch uses the existing mechanism with the Netlink-style bootstrap
to pass information about the list of source mounts to nsexec.c.

Rootless containers don't use this bind mount sources fdpassing
mechanism because we can't setns() to the target mntns in a rootless
container (we don't have the privileges when we are in the host userns).

This patch takes care of using O_CLOEXEC on mount fds, and close them
early.

Fixes: #2484.

Signed-off-by: Alban Crequy <alban@kinvolk.io>
Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
Co-authored-by: Rodrigo Campos <rodrigo@kinvolk.io>",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2021-43784,"func (c *linuxContainer) makeCriuRestoreMountpoints(m *configs.Mount) error { switch m.Device { case ""cgroup"": return nil case ""bind"": if err := prepareBindMount(m, c.config.Rootfs, nil); err != nil { return err } default: dest, err := securejoin.SecureJoin(c.config.Rootfs, m.Destination) if err != nil { return err } if err := checkProcMount(c.config.Rootfs, dest, """"); err != nil { return err } if err := os.MkdirAll(dest, 0o755); err != nil { return err } } return nil }"
124,"return utils.WithProcfd(rootfs, m.Destination, func(procfd string) error { return mount(m.Source, m.Destination, procfd, m.Device, uintptr(m.Flags|unix.MS_REMOUNT), """") })",True,Go,error,rootfs_linux.go,https://github.com/opencontainers/runc,opencontainers,Rodrigo Campos,2021-10-12 15:13:45+02:00,"Open bind mount sources from the host userns

The source of the bind mount might not be accessible in a different user
namespace because a component of the source path might not be traversed
under the users and groups mapped inside the user namespace. This caused
errors such as the following:

  # time=""2020-06-22T13:48:26Z"" level=error msg=""container_linux.go:367:
  starting container process caused: process_linux.go:459:
  container init caused: rootfs_linux.go:58:
  mounting \""/tmp/busyboxtest/source-inaccessible/dir\""
  to rootfs at \""/tmp/inaccessible\"" caused:
  stat /tmp/busyboxtest/source-inaccessible/dir: permission denied""

To solve this problem, this patch performs the following:

1. in nsexec.c, it opens the source path in the host userns (so we have
   the right permissions to open it) but in the container mntns (so the
   kernel cross mntns mount check let us mount it later:
   https://github.com/torvalds/linux/blob/v5.8/fs/namespace.c#L2312).

2. in nsexec.c, it passes the file descriptors of the source to the
   child process with SCM_RIGHTS.

3. In runc-init in Golang, it finishes the mounts while inside the
   userns even without access to the some components of the source
   paths.

Passing the fds with SCM_RIGHTS is necessary because once the child
process is in the container mntns, it is already in the container userns
so it cannot temporarily join the host mntns.

This patch uses the existing mechanism with _LIBCONTAINER_* environment
variables to pass the file descriptors from runc to runc init.

This patch uses the existing mechanism with the Netlink-style bootstrap
to pass information about the list of source mounts to nsexec.c.

Rootless containers don't use this bind mount sources fdpassing
mechanism because we can't setns() to the target mntns in a rootless
container (we don't have the privileges when we are in the host userns).

This patch takes care of using O_CLOEXEC on mount fds, and close them
early.

Fixes: #2484.

Signed-off-by: Alban Crequy <alban@kinvolk.io>
Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
Co-authored-by: Rodrigo Campos <rodrigo@kinvolk.io>",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2021-43784,"func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, logFd int, mountFds []int) (initer, error) { var config *initConfig if err := json.NewDecoder(pipe).Decode(&config); err != nil { return nil, err } if err := populateProcessEnvironment(config.Env); err != nil { return nil, err } switch t { case initSetns: if mountFds != nil { return nil, errors.New(""mountFds must be nil. Can't mount while doing runc exec."") } return &linuxSetnsInit{ pipe: pipe, consoleSocket: consoleSocket, config: config, logFd: logFd, }, nil case initStandard: return &linuxStandardInit{ pipe: pipe, consoleSocket: consoleSocket, parentPid: unix.Getppid(), config: config, fifoFd: fifoFd, logFd: logFd, mountFds: mountFds, }, nil } return nil, fmt.Errorf(""unknown init type %q"", t) }"
126,"func prepareBindMount(m *configs.Mount, rootfs string) error { stat, err := os.Stat(m.Source) if err != nil { return err } var dest string if dest, err = securejoin.SecureJoin(rootfs, m.Destination); err != nil { return err } if err := checkProcMount(rootfs, dest, m.Source); err != nil { return err } if err := createIfNotExists(dest, stat.IsDir()); err != nil { return err } return nil }",True,Go,prepareBindMount,rootfs_linux.go,https://github.com/opencontainers/runc,opencontainers,Rodrigo Campos,2021-10-12 15:13:45+02:00,"Open bind mount sources from the host userns

The source of the bind mount might not be accessible in a different user
namespace because a component of the source path might not be traversed
under the users and groups mapped inside the user namespace. This caused
errors such as the following:

  # time=""2020-06-22T13:48:26Z"" level=error msg=""container_linux.go:367:
  starting container process caused: process_linux.go:459:
  container init caused: rootfs_linux.go:58:
  mounting \""/tmp/busyboxtest/source-inaccessible/dir\""
  to rootfs at \""/tmp/inaccessible\"" caused:
  stat /tmp/busyboxtest/source-inaccessible/dir: permission denied""

To solve this problem, this patch performs the following:

1. in nsexec.c, it opens the source path in the host userns (so we have
   the right permissions to open it) but in the container mntns (so the
   kernel cross mntns mount check let us mount it later:
   https://github.com/torvalds/linux/blob/v5.8/fs/namespace.c#L2312).

2. in nsexec.c, it passes the file descriptors of the source to the
   child process with SCM_RIGHTS.

3. In runc-init in Golang, it finishes the mounts while inside the
   userns even without access to the some components of the source
   paths.

Passing the fds with SCM_RIGHTS is necessary because once the child
process is in the container mntns, it is already in the container userns
so it cannot temporarily join the host mntns.

This patch uses the existing mechanism with _LIBCONTAINER_* environment
variables to pass the file descriptors from runc to runc init.

This patch uses the existing mechanism with the Netlink-style bootstrap
to pass information about the list of source mounts to nsexec.c.

Rootless containers don't use this bind mount sources fdpassing
mechanism because we can't setns() to the target mntns in a rootless
container (we don't have the privileges when we are in the host userns).

This patch takes care of using O_CLOEXEC on mount fds, and close them
early.

Fixes: #2484.

Signed-off-by: Alban Crequy <alban@kinvolk.io>
Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
Co-authored-by: Rodrigo Campos <rodrigo@kinvolk.io>",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2021-43784,"return utils.WithProcfd(rootfs, m.Destination, func(procfd string) error { return mount(source, m.Destination, procfd, m.Device, uintptr(m.Flags|unix.MS_REMOUNT), """") })"
127,"func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig) (err error) { config := iConfig.Config if err := prepareRoot(config); err != nil { return fmt.Errorf(""error preparing rootfs: %w"", err) } mountConfig := &mountConfig{ root: config.Rootfs, label: config.MountLabel, cgroup2Path: iConfig.Cgroup2Path, rootlessCgroups: iConfig.RootlessCgroups, cgroupns: config.Namespaces.Contains(configs.NEWCGROUP), } setupDev := needsSetupDev(config) for _, m := range config.Mounts { for _, precmd := range m.PremountCmds { if err := mountCmd(precmd); err != nil { return fmt.Errorf(""error running premount command: %w"", err) } } if err := mountToRootfs(m, mountConfig); err != nil { return fmt.Errorf(""error mounting %q to rootfs at %q: %w"", m.Source, m.Destination, err) } for _, postcmd := range m.PostmountCmds { if err := mountCmd(postcmd); err != nil { return fmt.Errorf(""error running postmount command: %w"", err) } } } if setupDev { if err := createDevices(config); err != nil { return fmt.Errorf(""error creating device nodes: %w"", err) } if err := setupPtmx(config); err != nil { return fmt.Errorf(""error setting up ptmx: %w"", err) } if err := setupDevSymlinks(config.Rootfs); err != nil { return fmt.Errorf(""error setting up /dev symlinks: %w"", err) } } if err := syncParentHooks(pipe); err != nil { return err } if err := unix.Chdir(config.Rootfs); err != nil { return &os.PathError{Op: ""chdir"", Path: config.Rootfs, Err: err} } s := iConfig.SpecState s.Pid = unix.Getpid() s.Status = specs.StateCreating if err := iConfig.Config.Hooks[configs.CreateContainer].RunHooks(s); err != nil { return err } if config.NoPivotRoot { err = msMoveRoot(config.Rootfs) } else if config.Namespaces.Contains(configs.NEWNS) { err = pivotRoot(config.Rootfs) } else { err = chroot() } if err != nil { return fmt.Errorf(""error jailing process inside rootfs: %w"", err) } if setupDev { if err := reOpenDevNull(); err != nil { return fmt.Errorf(""error reopening /dev/null inside container: %w"", err) } } if cwd := iConfig.Cwd; cwd != """" { if err := os.MkdirAll(cwd, 0o755); err != nil { return err } } return nil }",True,Go,prepareRootfs,rootfs_linux.go,https://github.com/opencontainers/runc,opencontainers,Rodrigo Campos,2021-10-12 15:13:45+02:00,"Open bind mount sources from the host userns

The source of the bind mount might not be accessible in a different user
namespace because a component of the source path might not be traversed
under the users and groups mapped inside the user namespace. This caused
errors such as the following:

  # time=""2020-06-22T13:48:26Z"" level=error msg=""container_linux.go:367:
  starting container process caused: process_linux.go:459:
  container init caused: rootfs_linux.go:58:
  mounting \""/tmp/busyboxtest/source-inaccessible/dir\""
  to rootfs at \""/tmp/inaccessible\"" caused:
  stat /tmp/busyboxtest/source-inaccessible/dir: permission denied""

To solve this problem, this patch performs the following:

1. in nsexec.c, it opens the source path in the host userns (so we have
   the right permissions to open it) but in the container mntns (so the
   kernel cross mntns mount check let us mount it later:
   https://github.com/torvalds/linux/blob/v5.8/fs/namespace.c#L2312).

2. in nsexec.c, it passes the file descriptors of the source to the
   child process with SCM_RIGHTS.

3. In runc-init in Golang, it finishes the mounts while inside the
   userns even without access to the some components of the source
   paths.

Passing the fds with SCM_RIGHTS is necessary because once the child
process is in the container mntns, it is already in the container userns
so it cannot temporarily join the host mntns.

This patch uses the existing mechanism with _LIBCONTAINER_* environment
variables to pass the file descriptors from runc to runc init.

This patch uses the existing mechanism with the Netlink-style bootstrap
to pass information about the list of source mounts to nsexec.c.

Rootless containers don't use this bind mount sources fdpassing
mechanism because we can't setns() to the target mntns in a rootless
container (we don't have the privileges when we are in the host userns).

This patch takes care of using O_CLOEXEC on mount fds, and close them
early.

Fixes: #2484.

Signed-off-by: Alban Crequy <alban@kinvolk.io>
Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
Co-authored-by: Rodrigo Campos <rodrigo@kinvolk.io>",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2021-43784,"func prepareBindMount(m *configs.Mount, rootfs string, mountFd *int) error { source := m.Source if mountFd != nil { source = ""/proc/self/fd/"" + strconv.Itoa(*mountFd) } stat, err := os.Stat(source) if err != nil { return err } var dest string if dest, err = securejoin.SecureJoin(rootfs, m.Destination); err != nil { return err } if err := checkProcMount(rootfs, dest, source); err != nil { return err } if err := createIfNotExists(dest, stat.IsDir()); err != nil { return err } return nil }"
129,"func mountToRootfs(m *configs.Mount, c *mountConfig) error { rootfs := c.root mountLabel := c.label dest, err := securejoin.SecureJoin(rootfs, m.Destination) if err != nil { return err } switch m.Device { case ""proc"", ""sysfs"": if fi, err := os.Lstat(dest); err != nil { if !os.IsNotExist(err) { return err } } else if fi.Mode()&os.ModeDir == 0 { return fmt.Errorf(""filesystem %q must be mounted on ordinary directory"", m.Device) } if err := os.MkdirAll(dest, 0o755); err != nil { return err } return mountPropagate(m, rootfs, """") case ""mqueue"": if err := os.MkdirAll(dest, 0o755); err != nil { return err } if err := mountPropagate(m, rootfs, """"); err != nil { return err } return label.SetFileLabel(dest, mountLabel) case ""tmpfs"": stat, err := os.Stat(dest) if err != nil { if err := os.MkdirAll(dest, 0o755); err != nil { return err } } if m.Extensions&configs.EXT_COPYUP == configs.EXT_COPYUP { err = doTmpfsCopyUp(m, rootfs, mountLabel) } else { err = mountPropagate(m, rootfs, mountLabel) } if err != nil { return err } if stat != nil { if err = os.Chmod(dest, stat.Mode()); err != nil { return err } } if m.Flags&unix.MS_RDONLY != 0 { if err := remount(m, rootfs); err != nil { return err } } return nil case ""bind"": if err := prepareBindMount(m, rootfs); err != nil { return err } if err := mountPropagate(m, rootfs, mountLabel); err != nil { return err } if m.Flags&^(unix.MS_REC|unix.MS_REMOUNT|unix.MS_BIND) != 0 { if err := remount(m, rootfs); err != nil { return err } } if m.Relabel != """" { if err := label.Validate(m.Relabel); err != nil { return err } shared := label.IsShared(m.Relabel) if err := label.Relabel(m.Source, mountLabel, shared); err != nil { return err } } case ""cgroup"": if cgroups.IsCgroup2UnifiedMode() { return mountCgroupV2(m, c) } return mountCgroupV1(m, c) default: if err := checkProcMount(rootfs, dest, m.Source); err != nil { return err } if err := os.MkdirAll(dest, 0o755); err != nil { return err } return mountPropagate(m, rootfs, mountLabel) } return nil }",True,Go,mountToRootfs,rootfs_linux.go,https://github.com/opencontainers/runc,opencontainers,Rodrigo Campos,2021-10-12 15:13:45+02:00,"Open bind mount sources from the host userns

The source of the bind mount might not be accessible in a different user
namespace because a component of the source path might not be traversed
under the users and groups mapped inside the user namespace. This caused
errors such as the following:

  # time=""2020-06-22T13:48:26Z"" level=error msg=""container_linux.go:367:
  starting container process caused: process_linux.go:459:
  container init caused: rootfs_linux.go:58:
  mounting \""/tmp/busyboxtest/source-inaccessible/dir\""
  to rootfs at \""/tmp/inaccessible\"" caused:
  stat /tmp/busyboxtest/source-inaccessible/dir: permission denied""

To solve this problem, this patch performs the following:

1. in nsexec.c, it opens the source path in the host userns (so we have
   the right permissions to open it) but in the container mntns (so the
   kernel cross mntns mount check let us mount it later:
   https://github.com/torvalds/linux/blob/v5.8/fs/namespace.c#L2312).

2. in nsexec.c, it passes the file descriptors of the source to the
   child process with SCM_RIGHTS.

3. In runc-init in Golang, it finishes the mounts while inside the
   userns even without access to the some components of the source
   paths.

Passing the fds with SCM_RIGHTS is necessary because once the child
process is in the container mntns, it is already in the container userns
so it cannot temporarily join the host mntns.

This patch uses the existing mechanism with _LIBCONTAINER_* environment
variables to pass the file descriptors from runc to runc init.

This patch uses the existing mechanism with the Netlink-style bootstrap
to pass information about the list of source mounts to nsexec.c.

Rootless containers don't use this bind mount sources fdpassing
mechanism because we can't setns() to the target mntns in a rootless
container (we don't have the privileges when we are in the host userns).

This patch takes care of using O_CLOEXEC on mount fds, and close them
early.

Fixes: #2484.

Signed-off-by: Alban Crequy <alban@kinvolk.io>
Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
Co-authored-by: Rodrigo Campos <rodrigo@kinvolk.io>",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2021-43784,"func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { tmpdir, err := prepareTmp(""/tmp"") if err != nil { return fmt.Errorf(""tmpcopyup: failed to setup tmpdir: %w"", err) } defer cleanupTmp(tmpdir) tmpDir, err := ioutil.TempDir(tmpdir, ""runctmpdir"") if err != nil { return fmt.Errorf(""tmpcopyup: failed to create tmpdir: %w"", err) } defer os.RemoveAll(tmpDir) oldDest := m.Destination m.Destination = tmpDir err = mountPropagate(m, ""/"", mountLabel, nil) m.Destination = oldDest if err != nil { return err } defer func() { if Err != nil { if err := unmount(tmpDir, unix.MNT_DETACH); err != nil { logrus.Warnf(""tmpcopyup: %v"", err) } } }() return utils.WithProcfd(rootfs, m.Destination, func(procfd string) (Err error) { if err := fileutils.CopyDirectory(procfd+""/"", tmpDir); err != nil { return fmt.Errorf(""tmpcopyup: failed to copy %s to %s (%s): %w"", m.Destination, procfd, tmpDir, err) } if err := mount(tmpDir, m.Destination, procfd, """", unix.MS_MOVE, """"); err != nil { return fmt.Errorf(""tmpcopyup: failed to move mount: %w"", err) } return nil }) }"
136,"func (c *linuxContainer) makeCriuRestoreMountpoints(m *configs.Mount) error { switch m.Device { case ""cgroup"": return nil case ""bind"": if err := prepareBindMount(m, c.config.Rootfs); err != nil { return err } default: dest, err := securejoin.SecureJoin(c.config.Rootfs, m.Destination) if err != nil { return err } if err := checkProcMount(c.config.Rootfs, dest, """"); err != nil { return err } m.Destination = dest if err := os.MkdirAll(dest, 0755); err != nil { return err } } return nil }",True,Go,makeCriuRestoreMountpoints,container_linux.go,https://github.com/opencontainers/runc,opencontainers,Aleksa Sarai,2021-05-19 16:58:35+10:00,"rootfs: add mount destination validation

Because the target of a mount is inside a container (which may be a
volume that is shared with another container), there exists a race
condition where the target of the mount may change to a path containing
a symlink after we have sanitised the path -- resulting in us
inadvertently mounting the path outside of the container.

This is not immediately useful because we are in a mount namespace with
MS_SLAVE mount propagation applied to ""/"", so we cannot mount on top of
host paths in the host namespace. However, if any subsequent mountpoints
in the configuration use a subdirectory of that host path as a source,
those subsequent mounts will use an attacker-controlled source path
(resolved within the host rootfs) -- allowing the bind-mounting of ""/""
into the container.

While arguably configuration issues like this are not entirely within
runc's threat model, within the context of Kubernetes (and possibly
other container managers that provide semi-arbitrary container creation
privileges to untrusted users) this is a legitimate issue. Since we
cannot block mounting from the host into the container, we need to block
the first stage of this attack (mounting onto a path outside the
container).

The long-term plan to solve this would be to migrate to libpathrs, but
as a stop-gap we implement libpathrs-like path verification through
readlink(/proc/self/fd/$n) and then do mount operations through the
procfd once it's been verified to be inside the container. The target
could move after we've checked it, but if it is inside the container
then we can assume that it is safe for the same reason that libpathrs
operations would be safe.

A slight wrinkle is the ""copyup"" functionality we provide for tmpfs,
which is the only case where we want to do a mount on the host
filesystem. To facilitate this, I split out the copy-up functionality
entirely so that the logic isn't interspersed with the regular tmpfs
logic. In addition, all dependencies on m.Destination being overwritten
have been removed since that pattern was just begging to be a source of
more mount-target bugs (we do still have to modify m.Destination for
tmpfs-copyup but we only do it temporarily).

Fixes: CVE-2021-30465
Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Co-authored-by: Noah Meyerhans <nmeyerha@amazon.com>
Reviewed-by: Samuel Karp <skarp@amazon.com>
Reviewed-by: Kir Kolyshkin <kolyshkin@gmail.com> (@kolyshkin)
Reviewed-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2021-30465,"users, err := ParsePasswdFilter(passwd, func(u User) bool { if userArg == """" { return u.Uid == user.Uid } if uidErr == nil { return uidArg == u.Uid } return u.Name == userArg })"
137,"func (c *linuxContainer) prepareCriuRestoreMounts(mounts []*configs.Mount) error { tmpfs := []string{} for _, m := range mounts { switch m.Device { case ""tmpfs"": tmpfs = append(tmpfs, m.Destination) } } umounts := []string{} defer func() { for _, u := range umounts { if e := unix.Unmount(u, unix.MNT_DETACH); e != nil { if e != unix.EINVAL { logrus.Warnf(""Error during cleanup unmounting of %q (%v)"", u, e) } } } }() for _, m := range mounts { if !isPathInPrefixList(m.Destination, tmpfs) { if err := c.makeCriuRestoreMountpoints(m); err != nil { return err } if m.Device == ""bind"" { if err := unix.Mount(m.Source, m.Destination, """", unix.MS_BIND|unix.MS_REC, """"); err != nil { return errorsf.Wrapf(err, ""unable to bind mount %q to %q"", m.Source, m.Destination) } umounts = append(umounts, m.Destination) } } } return nil }",True,Go,prepareCriuRestoreMounts,container_linux.go,https://github.com/opencontainers/runc,opencontainers,Aleksa Sarai,2021-05-19 16:58:35+10:00,"rootfs: add mount destination validation

Because the target of a mount is inside a container (which may be a
volume that is shared with another container), there exists a race
condition where the target of the mount may change to a path containing
a symlink after we have sanitised the path -- resulting in us
inadvertently mounting the path outside of the container.

This is not immediately useful because we are in a mount namespace with
MS_SLAVE mount propagation applied to ""/"", so we cannot mount on top of
host paths in the host namespace. However, if any subsequent mountpoints
in the configuration use a subdirectory of that host path as a source,
those subsequent mounts will use an attacker-controlled source path
(resolved within the host rootfs) -- allowing the bind-mounting of ""/""
into the container.

While arguably configuration issues like this are not entirely within
runc's threat model, within the context of Kubernetes (and possibly
other container managers that provide semi-arbitrary container creation
privileges to untrusted users) this is a legitimate issue. Since we
cannot block mounting from the host into the container, we need to block
the first stage of this attack (mounting onto a path outside the
container).

The long-term plan to solve this would be to migrate to libpathrs, but
as a stop-gap we implement libpathrs-like path verification through
readlink(/proc/self/fd/$n) and then do mount operations through the
procfd once it's been verified to be inside the container. The target
could move after we've checked it, but if it is inside the container
then we can assume that it is safe for the same reason that libpathrs
operations would be safe.

A slight wrinkle is the ""copyup"" functionality we provide for tmpfs,
which is the only case where we want to do a mount on the host
filesystem. To facilitate this, I split out the copy-up functionality
entirely so that the logic isn't interspersed with the regular tmpfs
logic. In addition, all dependencies on m.Destination being overwritten
have been removed since that pattern was just begging to be a source of
more mount-target bugs (we do still have to modify m.Destination for
tmpfs-copyup but we only do it temporarily).

Fixes: CVE-2021-30465
Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Co-authored-by: Noah Meyerhans <nmeyerha@amazon.com>
Reviewed-by: Samuel Karp <skarp@amazon.com>
Reviewed-by: Kir Kolyshkin <kolyshkin@gmail.com> (@kolyshkin)
Reviewed-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2021-30465,"func mountToRootfs(m *configs.Mount, c *mountConfig) error { rootfs := c.root mountLabel := c.label dest, err := securejoin.SecureJoin(rootfs, m.Destination) if err != nil { return err } switch m.Device { case ""proc"", ""sysfs"": if fi, err := os.Lstat(dest); err != nil { if !os.IsNotExist(err) { return err } } else if fi.Mode()&os.ModeDir == 0 { return fmt.Errorf(""filesystem %q must be mounted on ordinary directory"", m.Device) } if err := os.MkdirAll(dest, 0755); err != nil { return err } return mountPropagate(m, rootfs, """") case ""mqueue"": if err := os.MkdirAll(dest, 0755); err != nil { return err } if err := mountPropagate(m, rootfs, """"); err != nil { return err } return label.SetFileLabel(dest, mountLabel) case ""tmpfs"": stat, err := os.Stat(dest) if err != nil { if err := os.MkdirAll(dest, 0755); err != nil { return err } } if m.Extensions&configs.EXT_COPYUP == configs.EXT_COPYUP { err = doTmpfsCopyUp(m, rootfs, mountLabel) } else { err = mountPropagate(m, rootfs, mountLabel) } if err != nil { return err } if stat != nil { if err = os.Chmod(dest, stat.Mode()); err != nil { return err } } if m.Flags&unix.MS_RDONLY != 0 { if err := remount(m, rootfs); err != nil { return err } } return nil case ""bind"": if err := prepareBindMount(m, rootfs); err != nil { return err } if err := mountPropagate(m, rootfs, mountLabel); err != nil { return err } if m.Flags&^(unix.MS_REC|unix.MS_REMOUNT|unix.MS_BIND) != 0 { if err := remount(m, rootfs); err != nil { return err } } if m.Relabel != """" { if err := label.Validate(m.Relabel); err != nil { return err } shared := label.IsShared(m.Relabel) if err := label.Relabel(m.Source, mountLabel, shared); err != nil { return err } } case ""cgroup"": if cgroups.IsCgroup2UnifiedMode() { return mountCgroupV2(m, c) } return mountCgroupV1(m, c) default: if err := checkProcMount(rootfs, dest, m.Source); err != nil { return err } if err := os.MkdirAll(dest, 0755); err != nil { return err } return mountPropagate(m, rootfs, mountLabel) } return nil }"
139,"func remount(m *configs.Mount, rootfs string) error { var ( dest = m.Destination ) if !strings.HasPrefix(dest, rootfs) { dest = filepath.Join(rootfs, dest) } return unix.Mount(m.Source, dest, m.Device, uintptr(m.Flags|unix.MS_REMOUNT), """") }",True,Go,remount,rootfs_linux.go,https://github.com/opencontainers/runc,opencontainers,Aleksa Sarai,2021-05-19 16:58:35+10:00,"rootfs: add mount destination validation

Because the target of a mount is inside a container (which may be a
volume that is shared with another container), there exists a race
condition where the target of the mount may change to a path containing
a symlink after we have sanitised the path -- resulting in us
inadvertently mounting the path outside of the container.

This is not immediately useful because we are in a mount namespace with
MS_SLAVE mount propagation applied to ""/"", so we cannot mount on top of
host paths in the host namespace. However, if any subsequent mountpoints
in the configuration use a subdirectory of that host path as a source,
those subsequent mounts will use an attacker-controlled source path
(resolved within the host rootfs) -- allowing the bind-mounting of ""/""
into the container.

While arguably configuration issues like this are not entirely within
runc's threat model, within the context of Kubernetes (and possibly
other container managers that provide semi-arbitrary container creation
privileges to untrusted users) this is a legitimate issue. Since we
cannot block mounting from the host into the container, we need to block
the first stage of this attack (mounting onto a path outside the
container).

The long-term plan to solve this would be to migrate to libpathrs, but
as a stop-gap we implement libpathrs-like path verification through
readlink(/proc/self/fd/$n) and then do mount operations through the
procfd once it's been verified to be inside the container. The target
could move after we've checked it, but if it is inside the container
then we can assume that it is safe for the same reason that libpathrs
operations would be safe.

A slight wrinkle is the ""copyup"" functionality we provide for tmpfs,
which is the only case where we want to do a mount on the host
filesystem. To facilitate this, I split out the copy-up functionality
entirely so that the logic isn't interspersed with the regular tmpfs
logic. In addition, all dependencies on m.Destination being overwritten
have been removed since that pattern was just begging to be a source of
more mount-target bugs (we do still have to modify m.Destination for
tmpfs-copyup but we only do it temporarily).

Fixes: CVE-2021-30465
Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Co-authored-by: Noah Meyerhans <nmeyerha@amazon.com>
Reviewed-by: Samuel Karp <skarp@amazon.com>
Reviewed-by: Kir Kolyshkin <kolyshkin@gmail.com> (@kolyshkin)
Reviewed-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2021-30465,"func createDeviceNode(rootfs string, node *devices.Device, bind bool) error { if node.Path == """" { return nil } dest, err := securejoin.SecureJoin(rootfs, node.Path) if err != nil { return err } if err := os.MkdirAll(filepath.Dir(dest), 0755); err != nil { return err } if bind { return bindMountDeviceNode(rootfs, dest, node) } if err := mknodDevice(dest, node); err != nil { if os.IsExist(err) { return nil } else if os.IsPermission(err) { return bindMountDeviceNode(rootfs, dest, node) } return err } return nil }"
141,"func mountCgroupV1(m *configs.Mount, c *mountConfig) error { binds, err := getCgroupMounts(m) if err != nil { return err } var merged []string for _, b := range binds { ss := filepath.Base(b.Destination) if strings.Contains(ss, "","") { merged = append(merged, ss) } } tmpfs := &configs.Mount{ Source: ""tmpfs"", Device: ""tmpfs"", Destination: m.Destination, Flags: defaultMountFlags, Data: ""mode=755"", PropagationFlags: m.PropagationFlags, } if err := mountToRootfs(tmpfs, c); err != nil { return err } for _, b := range binds { if c.cgroupns { subsystemPath := filepath.Join(c.root, b.Destination) if err := os.MkdirAll(subsystemPath, 0755); err != nil { return err } flags := defaultMountFlags if m.Flags&unix.MS_RDONLY != 0 { flags = flags | unix.MS_RDONLY } cgroupmount := &configs.Mount{ Source: ""cgroup"", Device: ""cgroup"", Destination: subsystemPath, Flags: flags, Data: filepath.Base(subsystemPath), } if err := mountNewCgroup(cgroupmount); err != nil { return err } } else { if err := mountToRootfs(b, c); err != nil { return err } } } for _, mc := range merged { for _, ss := range strings.Split(mc, "","") { if err := os.Symlink(mc, filepath.Join(c.root, m.Destination, ss)); err != nil && !os.IsExist(err) { return err } } } return nil }",True,Go,mountCgroupV1,rootfs_linux.go,https://github.com/opencontainers/runc,opencontainers,Aleksa Sarai,2021-05-19 16:58:35+10:00,"rootfs: add mount destination validation

Because the target of a mount is inside a container (which may be a
volume that is shared with another container), there exists a race
condition where the target of the mount may change to a path containing
a symlink after we have sanitised the path -- resulting in us
inadvertently mounting the path outside of the container.

This is not immediately useful because we are in a mount namespace with
MS_SLAVE mount propagation applied to ""/"", so we cannot mount on top of
host paths in the host namespace. However, if any subsequent mountpoints
in the configuration use a subdirectory of that host path as a source,
those subsequent mounts will use an attacker-controlled source path
(resolved within the host rootfs) -- allowing the bind-mounting of ""/""
into the container.

While arguably configuration issues like this are not entirely within
runc's threat model, within the context of Kubernetes (and possibly
other container managers that provide semi-arbitrary container creation
privileges to untrusted users) this is a legitimate issue. Since we
cannot block mounting from the host into the container, we need to block
the first stage of this attack (mounting onto a path outside the
container).

The long-term plan to solve this would be to migrate to libpathrs, but
as a stop-gap we implement libpathrs-like path verification through
readlink(/proc/self/fd/$n) and then do mount operations through the
procfd once it's been verified to be inside the container. The target
could move after we've checked it, but if it is inside the container
then we can assume that it is safe for the same reason that libpathrs
operations would be safe.

A slight wrinkle is the ""copyup"" functionality we provide for tmpfs,
which is the only case where we want to do a mount on the host
filesystem. To facilitate this, I split out the copy-up functionality
entirely so that the logic isn't interspersed with the regular tmpfs
logic. In addition, all dependencies on m.Destination being overwritten
have been removed since that pattern was just begging to be a source of
more mount-target bugs (we do still have to modify m.Destination for
tmpfs-copyup but we only do it temporarily).

Fixes: CVE-2021-30465
Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Co-authored-by: Noah Meyerhans <nmeyerha@amazon.com>
Reviewed-by: Samuel Karp <skarp@amazon.com>
Reviewed-by: Kir Kolyshkin <kolyshkin@gmail.com> (@kolyshkin)
Reviewed-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2021-30465,"func padBuffer(buffer []byte, blockSize int) []byte { missing := blockSize - (len(buffer) % blockSize) ret, out := resize(buffer, uint64(len(buffer))+uint64(missing)) padding := bytes.Repeat([]byte{byte(missing)}, missing) copy(out, padding) return ret }"
145,"func prepareBindMount(m *configs.Mount, rootfs string) error { stat, err := os.Stat(m.Source) if err != nil { return err } var dest string if dest, err = securejoin.SecureJoin(rootfs, m.Destination); err != nil { return err } if err := checkProcMount(rootfs, dest, m.Source); err != nil { return err } m.Destination = dest if err := createIfNotExists(dest, stat.IsDir()); err != nil { return err } return nil }",True,Go,prepareBindMount,rootfs_linux.go,https://github.com/opencontainers/runc,opencontainers,Aleksa Sarai,2021-05-19 16:58:35+10:00,"rootfs: add mount destination validation

Because the target of a mount is inside a container (which may be a
volume that is shared with another container), there exists a race
condition where the target of the mount may change to a path containing
a symlink after we have sanitised the path -- resulting in us
inadvertently mounting the path outside of the container.

This is not immediately useful because we are in a mount namespace with
MS_SLAVE mount propagation applied to ""/"", so we cannot mount on top of
host paths in the host namespace. However, if any subsequent mountpoints
in the configuration use a subdirectory of that host path as a source,
those subsequent mounts will use an attacker-controlled source path
(resolved within the host rootfs) -- allowing the bind-mounting of ""/""
into the container.

While arguably configuration issues like this are not entirely within
runc's threat model, within the context of Kubernetes (and possibly
other container managers that provide semi-arbitrary container creation
privileges to untrusted users) this is a legitimate issue. Since we
cannot block mounting from the host into the container, we need to block
the first stage of this attack (mounting onto a path outside the
container).

The long-term plan to solve this would be to migrate to libpathrs, but
as a stop-gap we implement libpathrs-like path verification through
readlink(/proc/self/fd/$n) and then do mount operations through the
procfd once it's been verified to be inside the container. The target
could move after we've checked it, but if it is inside the container
then we can assume that it is safe for the same reason that libpathrs
operations would be safe.

A slight wrinkle is the ""copyup"" functionality we provide for tmpfs,
which is the only case where we want to do a mount on the host
filesystem. To facilitate this, I split out the copy-up functionality
entirely so that the logic isn't interspersed with the regular tmpfs
logic. In addition, all dependencies on m.Destination being overwritten
have been removed since that pattern was just begging to be a source of
more mount-target bugs (we do still have to modify m.Destination for
tmpfs-copyup but we only do it temporarily).

Fixes: CVE-2021-30465
Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Co-authored-by: Noah Meyerhans <nmeyerha@amazon.com>
Reviewed-by: Samuel Karp <skarp@amazon.com>
Reviewed-by: Kir Kolyshkin <kolyshkin@gmail.com> (@kolyshkin)
Reviewed-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2021-30465,"func (ctx *cbcAEAD) computeAuthTag(aad, nonce, ciphertext []byte) []byte { buffer := make([]byte, uint64(len(aad))+uint64(len(nonce))+uint64(len(ciphertext))+8) n := 0 n += copy(buffer, aad) n += copy(buffer[n:], nonce) n += copy(buffer[n:], ciphertext) binary.BigEndian.PutUint64(buffer[n:], uint64(len(aad))*8) hmac := hmac.New(ctx.hash, ctx.integrityKey) _, _ = hmac.Write(buffer) return hmac.Sum(nil)[:ctx.authtagBytes] }"
146,"func mountNewCgroup(m *configs.Mount) error { var ( data = m.Data source = m.Source ) if data == ""systemd"" { data = cgroups.CgroupNamePrefix + data source = ""systemd"" } if err := unix.Mount(source, m.Destination, m.Device, uintptr(m.Flags), data); err != nil { return err } return nil }",True,Go,mountNewCgroup,rootfs_linux.go,https://github.com/opencontainers/runc,opencontainers,Aleksa Sarai,2021-05-19 16:58:35+10:00,"rootfs: add mount destination validation

Because the target of a mount is inside a container (which may be a
volume that is shared with another container), there exists a race
condition where the target of the mount may change to a path containing
a symlink after we have sanitised the path -- resulting in us
inadvertently mounting the path outside of the container.

This is not immediately useful because we are in a mount namespace with
MS_SLAVE mount propagation applied to ""/"", so we cannot mount on top of
host paths in the host namespace. However, if any subsequent mountpoints
in the configuration use a subdirectory of that host path as a source,
those subsequent mounts will use an attacker-controlled source path
(resolved within the host rootfs) -- allowing the bind-mounting of ""/""
into the container.

While arguably configuration issues like this are not entirely within
runc's threat model, within the context of Kubernetes (and possibly
other container managers that provide semi-arbitrary container creation
privileges to untrusted users) this is a legitimate issue. Since we
cannot block mounting from the host into the container, we need to block
the first stage of this attack (mounting onto a path outside the
container).

The long-term plan to solve this would be to migrate to libpathrs, but
as a stop-gap we implement libpathrs-like path verification through
readlink(/proc/self/fd/$n) and then do mount operations through the
procfd once it's been verified to be inside the container. The target
could move after we've checked it, but if it is inside the container
then we can assume that it is safe for the same reason that libpathrs
operations would be safe.

A slight wrinkle is the ""copyup"" functionality we provide for tmpfs,
which is the only case where we want to do a mount on the host
filesystem. To facilitate this, I split out the copy-up functionality
entirely so that the logic isn't interspersed with the regular tmpfs
logic. In addition, all dependencies on m.Destination being overwritten
have been removed since that pattern was just begging to be a source of
more mount-target bugs (we do still have to modify m.Destination for
tmpfs-copyup but we only do it temporarily).

Fixes: CVE-2021-30465
Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Co-authored-by: Noah Meyerhans <nmeyerha@amazon.com>
Reviewed-by: Samuel Karp <skarp@amazon.com>
Reviewed-by: Kir Kolyshkin <kolyshkin@gmail.com> (@kolyshkin)
Reviewed-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2021-30465,"func (ctx *cbcAEAD) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { if len(ciphertext) < ctx.authtagBytes { return nil, errors.New(""square/go-jose: invalid ciphertext (too short)"") } offset := len(ciphertext) - ctx.authtagBytes expectedTag := ctx.computeAuthTag(data, nonce, ciphertext[:offset]) match := subtle.ConstantTimeCompare(expectedTag, ciphertext[offset:]) if match != 1 { return nil, errors.New(""square/go-jose: invalid ciphertext (auth tag mismatch)"") } cbc := cipher.NewCBCDecrypter(ctx.blockCipher, nonce) buffer := append([]byte{}, []byte(ciphertext[:offset])...) if len(buffer)%ctx.blockCipher.BlockSize() > 0 { return nil, errors.New(""square/go-jose: invalid ciphertext (invalid length)"") } cbc.CryptBlocks(buffer, buffer) plaintext, err := unpadBuffer(buffer, ctx.blockCipher.BlockSize()) if err != nil { return nil, err } ret, out := resize(dst, uint64(len(dst))+uint64(len(plaintext))) copy(out, plaintext) return ret, nil }"
148,"func bindMountDeviceNode(dest string, node *devices.Device) error { f, err := os.Create(dest) if err != nil && !os.IsExist(err) { return err } if f != nil { f.Close() } return unix.Mount(node.Path, dest, ""bind"", unix.MS_BIND, """") }",True,Go,bindMountDeviceNode,rootfs_linux.go,https://github.com/opencontainers/runc,opencontainers,Aleksa Sarai,2021-05-19 16:58:35+10:00,"rootfs: add mount destination validation

Because the target of a mount is inside a container (which may be a
volume that is shared with another container), there exists a race
condition where the target of the mount may change to a path containing
a symlink after we have sanitised the path -- resulting in us
inadvertently mounting the path outside of the container.

This is not immediately useful because we are in a mount namespace with
MS_SLAVE mount propagation applied to ""/"", so we cannot mount on top of
host paths in the host namespace. However, if any subsequent mountpoints
in the configuration use a subdirectory of that host path as a source,
those subsequent mounts will use an attacker-controlled source path
(resolved within the host rootfs) -- allowing the bind-mounting of ""/""
into the container.

While arguably configuration issues like this are not entirely within
runc's threat model, within the context of Kubernetes (and possibly
other container managers that provide semi-arbitrary container creation
privileges to untrusted users) this is a legitimate issue. Since we
cannot block mounting from the host into the container, we need to block
the first stage of this attack (mounting onto a path outside the
container).

The long-term plan to solve this would be to migrate to libpathrs, but
as a stop-gap we implement libpathrs-like path verification through
readlink(/proc/self/fd/$n) and then do mount operations through the
procfd once it's been verified to be inside the container. The target
could move after we've checked it, but if it is inside the container
then we can assume that it is safe for the same reason that libpathrs
operations would be safe.

A slight wrinkle is the ""copyup"" functionality we provide for tmpfs,
which is the only case where we want to do a mount on the host
filesystem. To facilitate this, I split out the copy-up functionality
entirely so that the logic isn't interspersed with the regular tmpfs
logic. In addition, all dependencies on m.Destination being overwritten
have been removed since that pattern was just begging to be a source of
more mount-target bugs (we do still have to modify m.Destination for
tmpfs-copyup but we only do it temporarily).

Fixes: CVE-2021-30465
Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Co-authored-by: Noah Meyerhans <nmeyerha@amazon.com>
Reviewed-by: Samuel Karp <skarp@amazon.com>
Reviewed-by: Kir Kolyshkin <kolyshkin@gmail.com> (@kolyshkin)
Reviewed-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2021-30465,"func (ctx *cbcAEAD) Seal(dst, nonce, plaintext, data []byte) []byte { ciphertext := make([]byte, uint64(len(plaintext))+uint64(ctx.Overhead()))[:len(plaintext)] copy(ciphertext, plaintext) ciphertext = padBuffer(ciphertext, ctx.blockCipher.BlockSize()) cbc := cipher.NewCBCEncrypter(ctx.blockCipher, nonce) cbc.CryptBlocks(ciphertext, ciphertext) authtag := ctx.computeAuthTag(data, nonce, ciphertext) ret, out := resize(dst, uint64(len(dst))+uint64(len(ciphertext))+uint64(len(authtag))) copy(out, ciphertext) copy(out[len(ciphertext):], authtag) return ret }"
149,"func mountPropagate(m *configs.Mount, rootfs string, mountLabel string) error { var ( dest = m.Destination data = label.FormatMountLabel(m.Data, mountLabel) flags = m.Flags ) if libcontainerUtils.CleanPath(dest) == ""/dev"" { flags &= ^unix.MS_RDONLY } if m.Device == ""tmpfs"" { flags &= ^unix.MS_RDONLY } copyUp := m.Extensions&configs.EXT_COPYUP == configs.EXT_COPYUP if !(copyUp || strings.HasPrefix(dest, rootfs)) { dest = filepath.Join(rootfs, dest) } if err := unix.Mount(m.Source, dest, m.Device, uintptr(flags), data); err != nil { return err } for _, pflag := range m.PropagationFlags { if err := unix.Mount("""", dest, """", uintptr(pflag), """"); err != nil { return err } } return nil }",True,Go,mountPropagate,rootfs_linux.go,https://github.com/opencontainers/runc,opencontainers,Aleksa Sarai,2021-05-19 16:58:35+10:00,"rootfs: add mount destination validation

Because the target of a mount is inside a container (which may be a
volume that is shared with another container), there exists a race
condition where the target of the mount may change to a path containing
a symlink after we have sanitised the path -- resulting in us
inadvertently mounting the path outside of the container.

This is not immediately useful because we are in a mount namespace with
MS_SLAVE mount propagation applied to ""/"", so we cannot mount on top of
host paths in the host namespace. However, if any subsequent mountpoints
in the configuration use a subdirectory of that host path as a source,
those subsequent mounts will use an attacker-controlled source path
(resolved within the host rootfs) -- allowing the bind-mounting of ""/""
into the container.

While arguably configuration issues like this are not entirely within
runc's threat model, within the context of Kubernetes (and possibly
other container managers that provide semi-arbitrary container creation
privileges to untrusted users) this is a legitimate issue. Since we
cannot block mounting from the host into the container, we need to block
the first stage of this attack (mounting onto a path outside the
container).

The long-term plan to solve this would be to migrate to libpathrs, but
as a stop-gap we implement libpathrs-like path verification through
readlink(/proc/self/fd/$n) and then do mount operations through the
procfd once it's been verified to be inside the container. The target
could move after we've checked it, but if it is inside the container
then we can assume that it is safe for the same reason that libpathrs
operations would be safe.

A slight wrinkle is the ""copyup"" functionality we provide for tmpfs,
which is the only case where we want to do a mount on the host
filesystem. To facilitate this, I split out the copy-up functionality
entirely so that the logic isn't interspersed with the regular tmpfs
logic. In addition, all dependencies on m.Destination being overwritten
have been removed since that pattern was just begging to be a source of
more mount-target bugs (we do still have to modify m.Destination for
tmpfs-copyup but we only do it temporarily).

Fixes: CVE-2021-30465
Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Co-authored-by: Noah Meyerhans <nmeyerha@amazon.com>
Reviewed-by: Samuel Karp <skarp@amazon.com>
Reviewed-by: Kir Kolyshkin <kolyshkin@gmail.com> (@kolyshkin)
Reviewed-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2021-30465,"func TestInvalidPaddingOpen(t *testing.T) { key := make([]byte, 32) nonce := make([]byte, 16) plaintext := padBuffer(make([]byte, 28), aes.BlockSize) plaintext[len(plaintext)-1] = 0xFF io.ReadFull(rand.Reader, key) io.ReadFull(rand.Reader, nonce) block, _ := aes.NewCipher(key) cbc := cipher.NewCBCEncrypter(block, nonce) buffer := append([]byte{}, plaintext...) cbc.CryptBlocks(buffer, buffer) aead, _ := NewCBCHMAC(key, aes.NewCipher) ctx := aead.(*cbcAEAD) size := uint64(len(buffer)) ciphertext, tail := resize(buffer, size+(uint64(len(key))/2)) copy(tail, ctx.computeAuthTag(nil, nonce, ciphertext[:size])) _, err := aead.Open(nil, nonce, ciphertext, nil) if err == nil || !strings.Contains(err.Error(), ""invalid padding"") { t.Error(""no or unexpected error on open with invalid padding:"", err) } }"
150,"func createDeviceNode(rootfs string, node *devices.Device, bind bool) error { if node.Path == """" { return nil } dest := filepath.Join(rootfs, node.Path) if err := os.MkdirAll(filepath.Dir(dest), 0755); err != nil { return err } if bind { return bindMountDeviceNode(dest, node) } if err := mknodDevice(dest, node); err != nil { if os.IsExist(err) { return nil } else if os.IsPermission(err) { return bindMountDeviceNode(dest, node) } return err } return nil }",True,Go,createDeviceNode,rootfs_linux.go,https://github.com/opencontainers/runc,opencontainers,Aleksa Sarai,2021-05-19 16:58:35+10:00,"rootfs: add mount destination validation

Because the target of a mount is inside a container (which may be a
volume that is shared with another container), there exists a race
condition where the target of the mount may change to a path containing
a symlink after we have sanitised the path -- resulting in us
inadvertently mounting the path outside of the container.

This is not immediately useful because we are in a mount namespace with
MS_SLAVE mount propagation applied to ""/"", so we cannot mount on top of
host paths in the host namespace. However, if any subsequent mountpoints
in the configuration use a subdirectory of that host path as a source,
those subsequent mounts will use an attacker-controlled source path
(resolved within the host rootfs) -- allowing the bind-mounting of ""/""
into the container.

While arguably configuration issues like this are not entirely within
runc's threat model, within the context of Kubernetes (and possibly
other container managers that provide semi-arbitrary container creation
privileges to untrusted users) this is a legitimate issue. Since we
cannot block mounting from the host into the container, we need to block
the first stage of this attack (mounting onto a path outside the
container).

The long-term plan to solve this would be to migrate to libpathrs, but
as a stop-gap we implement libpathrs-like path verification through
readlink(/proc/self/fd/$n) and then do mount operations through the
procfd once it's been verified to be inside the container. The target
could move after we've checked it, but if it is inside the container
then we can assume that it is safe for the same reason that libpathrs
operations would be safe.

A slight wrinkle is the ""copyup"" functionality we provide for tmpfs,
which is the only case where we want to do a mount on the host
filesystem. To facilitate this, I split out the copy-up functionality
entirely so that the logic isn't interspersed with the regular tmpfs
logic. In addition, all dependencies on m.Destination being overwritten
have been removed since that pattern was just begging to be a source of
more mount-target bugs (we do still have to modify m.Destination for
tmpfs-copyup but we only do it temporarily).

Fixes: CVE-2021-30465
Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Co-authored-by: Noah Meyerhans <nmeyerha@amazon.com>
Reviewed-by: Samuel Karp <skarp@amazon.com>
Reviewed-by: Kir Kolyshkin <kolyshkin@gmail.com> (@kolyshkin)
Reviewed-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2021-30465,"func TestTruncatedCiphertext(t *testing.T) { key := make([]byte, 32) nonce := make([]byte, 16) data := make([]byte, 32) io.ReadFull(rand.Reader, key) io.ReadFull(rand.Reader, nonce) aead, err := NewCBCHMAC(key, aes.NewCipher) if err != nil { panic(err) } ctx := aead.(*cbcAEAD) ct := aead.Seal(nil, nonce, data, nil) truncated, tail := resize(ct[:len(ct)-ctx.authtagBytes-2], uint64(len(ct))-2) copy(tail, ctx.computeAuthTag(nil, nonce, truncated[:len(truncated)-ctx.authtagBytes])) _, err = aead.Open(nil, nonce, truncated, nil) if err == nil { t.Error(""open on truncated ciphertext should fail"") } }"
151,"func mountCgroupV2(m *configs.Mount, c *mountConfig) error { dest, err := securejoin.SecureJoin(c.root, m.Destination) if err != nil { return err } if err := os.MkdirAll(dest, 0755); err != nil { return err } if err := unix.Mount(m.Source, dest, ""cgroup2"", uintptr(m.Flags), m.Data); err != nil { if err == unix.EPERM || err == unix.EBUSY { src := fs2.UnifiedMountpoint if c.cgroupns && c.cgroup2Path != """" { src = c.cgroup2Path } err = unix.Mount(src, dest, """", uintptr(m.Flags)|unix.MS_BIND, """") if err == unix.ENOENT && c.rootlessCgroups { err = nil } return err } return err } return nil }",True,Go,mountCgroupV2,rootfs_linux.go,https://github.com/opencontainers/runc,opencontainers,Aleksa Sarai,2021-05-19 16:58:35+10:00,"rootfs: add mount destination validation

Because the target of a mount is inside a container (which may be a
volume that is shared with another container), there exists a race
condition where the target of the mount may change to a path containing
a symlink after we have sanitised the path -- resulting in us
inadvertently mounting the path outside of the container.

This is not immediately useful because we are in a mount namespace with
MS_SLAVE mount propagation applied to ""/"", so we cannot mount on top of
host paths in the host namespace. However, if any subsequent mountpoints
in the configuration use a subdirectory of that host path as a source,
those subsequent mounts will use an attacker-controlled source path
(resolved within the host rootfs) -- allowing the bind-mounting of ""/""
into the container.

While arguably configuration issues like this are not entirely within
runc's threat model, within the context of Kubernetes (and possibly
other container managers that provide semi-arbitrary container creation
privileges to untrusted users) this is a legitimate issue. Since we
cannot block mounting from the host into the container, we need to block
the first stage of this attack (mounting onto a path outside the
container).

The long-term plan to solve this would be to migrate to libpathrs, but
as a stop-gap we implement libpathrs-like path verification through
readlink(/proc/self/fd/$n) and then do mount operations through the
procfd once it's been verified to be inside the container. The target
could move after we've checked it, but if it is inside the container
then we can assume that it is safe for the same reason that libpathrs
operations would be safe.

A slight wrinkle is the ""copyup"" functionality we provide for tmpfs,
which is the only case where we want to do a mount on the host
filesystem. To facilitate this, I split out the copy-up functionality
entirely so that the logic isn't interspersed with the regular tmpfs
logic. In addition, all dependencies on m.Destination being overwritten
have been removed since that pattern was just begging to be a source of
more mount-target bugs (we do still have to modify m.Destination for
tmpfs-copyup but we only do it temporarily).

Fixes: CVE-2021-30465
Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Co-authored-by: Noah Meyerhans <nmeyerha@amazon.com>
Reviewed-by: Samuel Karp <skarp@amazon.com>
Reviewed-by: Kir Kolyshkin <kolyshkin@gmail.com> (@kolyshkin)
Reviewed-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2021-30465,"func NewConcatKDF(hash crypto.Hash, z, algID, ptyUInfo, ptyVInfo, supPubInfo, supPrivInfo []byte) io.Reader { buffer := make([]byte, uint64(len(algID))+uint64(len(ptyUInfo))+uint64(len(ptyVInfo))+uint64(len(supPubInfo))+uint64(len(supPrivInfo))) n := 0 n += copy(buffer, algID) n += copy(buffer[n:], ptyUInfo) n += copy(buffer[n:], ptyVInfo) n += copy(buffer[n:], supPubInfo) copy(buffer[n:], supPrivInfo) hasher := hash.New() return &concatKDF{ z: z, info: buffer, hasher: hasher, cache: []byte{}, i: 1, } }"
160,"func (ctx *cbcAEAD) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { if len(ciphertext) < ctx.authtagBytes { return nil, errors.New(""square/go-jose: invalid ciphertext (too short)"") } offset := len(ciphertext) - ctx.authtagBytes expectedTag := ctx.computeAuthTag(data, nonce, ciphertext[:offset]) match := subtle.ConstantTimeCompare(expectedTag, ciphertext[offset:]) if match != 1 { return nil, errors.New(""square/go-jose: invalid ciphertext (auth tag mismatch)"") } cbc := cipher.NewCBCDecrypter(ctx.blockCipher, nonce) buffer := append([]byte{}, []byte(ciphertext[:offset])...) if len(buffer)%ctx.blockCipher.BlockSize() > 0 { return nil, errors.New(""square/go-jose: invalid ciphertext (invalid length)"") } cbc.CryptBlocks(buffer, buffer) plaintext, err := unpadBuffer(buffer, ctx.blockCipher.BlockSize()) if err != nil { return nil, err } ret, out := resize(dst, len(dst)+len(plaintext)) copy(out, plaintext) return ret, nil }",True,Go,Open,cbc_hmac.go,https://github.com/square/go-jose,square,Cedric Staub,2016-09-02 21:47:34-07:00,"Use uint64 for all size calculations, size checks",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2016-9123,"func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact bool, length C.uint, cond C.scmp_cast_t) error { if length != 0 && cond == nil { return fmt.Errorf(""null conditions list, but length is nonzero"") } var retCode C.int if exact { retCode = C.seccomp_rule_add_exact_array(f.filterCtx, action.toNative(), C.int(call), length, cond) } else { retCode = C.seccomp_rule_add_array(f.filterCtx, action.toNative(), C.int(call), length, cond) } if syscall.Errno(-1*retCode) == syscall.EFAULT { return fmt.Errorf(""unrecognized syscall"") } else if syscall.Errno(-1*retCode) == syscall.EPERM { return fmt.Errorf(""requested action matches default action of filter"") } else if syscall.Errno(-1*retCode) == syscall.EINVAL { return fmt.Errorf(""two checks on same syscall argument"") } else if retCode != 0 { return syscall.Errno(-1 * retCode) } return nil }"
162,"func resize(in []byte, n int) (head, tail []byte) { if cap(in) >= n { head = in[:n] } else { head = make([]byte, n) copy(head, in) } tail = head[len(in):] return }",True,Go,resize,cbc_hmac.go,https://github.com/square/go-jose,square,Cedric Staub,2016-09-02 21:47:34-07:00,"Use uint64 for all size calculations, size checks",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2016-9123,"func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall, action ScmpAction, exact bool, conds []ScmpCondition) error { f.lock.Lock() defer f.lock.Unlock() if !f.valid { return errBadFilter } if len(conds) == 0 { if err := f.addRuleWrapper(call, action, exact, 0, nil); err != nil { return err } } else { if !checkVersionAbove(2, 2, 1) { return VersionError{ message: ""conditional filtering is not supported"", minimum: ""2.2.1"", } } argsArr := C.make_arg_cmp_array(C.uint(len(conds))) if argsArr == nil { return fmt.Errorf(""error allocating memory for conditions"") } defer C.free(argsArr) for i, cond := range conds { C.add_struct_arg_cmp(C.scmp_cast_t(argsArr), C.uint(i), C.uint(cond.Argument), cond.Op.toNative(), C.uint64_t(cond.Operand1), C.uint64_t(cond.Operand2)) } if err := f.addRuleWrapper(call, action, exact, C.uint(len(conds)), C.scmp_cast_t(argsArr)); err != nil { return err } } return nil }"
163,"func (ctx *cbcAEAD) Seal(dst, nonce, plaintext, data []byte) []byte { ciphertext := make([]byte, len(plaintext)+ctx.Overhead())[:len(plaintext)] copy(ciphertext, plaintext) ciphertext = padBuffer(ciphertext, ctx.blockCipher.BlockSize()) cbc := cipher.NewCBCEncrypter(ctx.blockCipher, nonce) cbc.CryptBlocks(ciphertext, ciphertext) authtag := ctx.computeAuthTag(data, nonce, ciphertext) ret, out := resize(dst, len(dst)+len(ciphertext)+len(authtag)) copy(out, ciphertext) copy(out[len(ciphertext):], authtag) return ret }",True,Go,Seal,cbc_hmac.go,https://github.com/square/go-jose,square,Cedric Staub,2016-09-02 21:47:34-07:00,"Use uint64 for all size calculations, size checks",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2016-9123,"func (ch *cors) ServeHTTP(w http.ResponseWriter, r *http.Request) { origin := r.Header.Get(corsOriginHeader) if !ch.isOriginAllowed(origin) { ch.h.ServeHTTP(w, r) return } if r.Method == corsOptionMethod { if ch.ignoreOptions { ch.h.ServeHTTP(w, r) return } if _, ok := r.Header[corsRequestMethodHeader]; !ok { w.WriteHeader(http.StatusBadRequest) return } method := r.Header.Get(corsRequestMethodHeader) if !ch.isMatch(method, ch.allowedMethods) { w.WriteHeader(http.StatusMethodNotAllowed) return } requestHeaders := strings.Split(r.Header.Get(corsRequestHeadersHeader), "","") allowedHeaders := []string{} for _, v := range requestHeaders { canonicalHeader := http.CanonicalHeaderKey(strings.TrimSpace(v)) if canonicalHeader == """" || ch.isMatch(canonicalHeader, defaultCorsHeaders) { continue } if !ch.isMatch(canonicalHeader, ch.allowedHeaders) { w.WriteHeader(http.StatusForbidden) return } allowedHeaders = append(allowedHeaders, canonicalHeader) } if len(allowedHeaders) > 0 { w.Header().Set(corsAllowHeadersHeader, strings.Join(allowedHeaders, "","")) } if ch.maxAge > 0 { w.Header().Set(corsMaxAgeHeader, strconv.Itoa(ch.maxAge)) } if !ch.isMatch(method, defaultCorsMethods) { w.Header().Set(corsAllowMethodsHeader, method) } } else { if len(ch.exposedHeaders) > 0 { w.Header().Set(corsExposeHeadersHeader, strings.Join(ch.exposedHeaders, "","")) } } if ch.allowCredentials { w.Header().Set(corsAllowCredentialsHeader, ""true"") } if len(ch.allowedOrigins) > 1 { w.Header().Set(corsVaryHeader, corsOriginHeader) } returnOrigin := origin for _, o := range ch.allowedOrigins { if o == corsOriginMatchAll { returnOrigin = ""*"" break } } w.Header().Set(corsAllowOriginHeader, returnOrigin) if r.Method == corsOptionMethod { return } ch.h.ServeHTTP(w, r) }"
165,"func TestInvalidPaddingOpen(t *testing.T) { key := make([]byte, 32) nonce := make([]byte, 16) plaintext := padBuffer(make([]byte, 28), aes.BlockSize) plaintext[len(plaintext)-1] = 0xFF io.ReadFull(rand.Reader, key) io.ReadFull(rand.Reader, nonce) block, _ := aes.NewCipher(key) cbc := cipher.NewCBCEncrypter(block, nonce) buffer := append([]byte{}, plaintext...) cbc.CryptBlocks(buffer, buffer) aead, _ := NewCBCHMAC(key, aes.NewCipher) ctx := aead.(*cbcAEAD) size := len(buffer) ciphertext, tail := resize(buffer, size+(len(key)/2)) copy(tail, ctx.computeAuthTag(nil, nonce, ciphertext[:size])) _, err := aead.Open(nil, nonce, ciphertext, nil) if err == nil || !strings.Contains(err.Error(), ""invalid padding"") { t.Error(""no or unexpected error on open with invalid padding:"", err) } }",True,Go,TestInvalidPaddingOpen,cbc_hmac_test.go,https://github.com/square/go-jose,square,Cedric Staub,2016-09-02 21:47:34-07:00,"Use uint64 for all size calculations, size checks",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2016-9123,"func TestAuth(t *testing.T) { a, b, err := netPipe() if err != nil { t.Fatalf(""netPipe: %v"", err) } defer a.Close() defer b.Close() agent, _, cleanup := startAgent(t) defer cleanup() if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys[""rsa""], Comment: ""comment""}); err != nil { t.Errorf(""Add: %v"", err) } serverConf := ssh.ServerConfig{} serverConf.AddHostKey(testSigners[""rsa""]) serverConf.PublicKeyCallback = func(c ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) { if bytes.Equal(key.Marshal(), testPublicKeys[""rsa""].Marshal()) { return nil, nil } return nil, errors.New(""pubkey rejected"") } go func() { conn, _, _, err := ssh.NewServerConn(a, &serverConf) if err != nil { t.Fatalf(""Server: %v"", err) } conn.Close() }() conf := ssh.ClientConfig{ HostKeyCallback: ssh.InsecureIgnoreHostKey(), } conf.Auth = append(conf.Auth, ssh.PublicKeysCallback(agent.Signers)) conn, _, _, err := ssh.NewClientConn(b, """", &conf) if err != nil { t.Fatalf(""NewClientConn: %v"", err) } conn.Close() }"
166,"func TestTruncatedCiphertext(t *testing.T) { key := make([]byte, 32) nonce := make([]byte, 16) data := make([]byte, 32) io.ReadFull(rand.Reader, key) io.ReadFull(rand.Reader, nonce) aead, err := NewCBCHMAC(key, aes.NewCipher) if err != nil { panic(err) } ctx := aead.(*cbcAEAD) ct := aead.Seal(nil, nonce, data, nil) truncated, tail := resize(ct[:len(ct)-ctx.authtagBytes-2], len(ct)-2) copy(tail, ctx.computeAuthTag(nil, nonce, truncated[:len(truncated)-ctx.authtagBytes])) _, err = aead.Open(nil, nonce, truncated, nil) if err == nil { t.Error(""open on truncated ciphertext should fail"") } }",True,Go,TestTruncatedCiphertext,cbc_hmac_test.go,https://github.com/square/go-jose,square,Cedric Staub,2016-09-02 21:47:34-07:00,"Use uint64 for all size calculations, size checks",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2016-9123,"func ExampleClientAgent() { socket := os.Getenv(""SSH_AUTH_SOCK"") conn, err := net.Dial(""unix"", socket) if err != nil { log.Fatalf(""net.Dial: %v"", err) } agentClient := agent.NewClient(conn) config := &ssh.ClientConfig{ User: ""username"", Auth: []ssh.AuthMethod{ ssh.PublicKeysCallback(agentClient.Signers), }, HostKeyCallback: ssh.InsecureIgnoreHostKey(), } sshc, err := ssh.Dial(""tcp"", ""localhost:22"", config) if err != nil { log.Fatalf(""Dial: %v"", err) } sshc.Close() }"
170,"func NewConcatKDF(hash crypto.Hash, z, algID, ptyUInfo, ptyVInfo, supPubInfo, supPrivInfo []byte) io.Reader { buffer := make([]byte, len(algID)+len(ptyUInfo)+len(ptyVInfo)+len(supPubInfo)+len(supPrivInfo)) n := 0 n += copy(buffer, algID) n += copy(buffer[n:], ptyUInfo) n += copy(buffer[n:], ptyVInfo) n += copy(buffer[n:], supPubInfo) copy(buffer[n:], supPrivInfo) hasher := hash.New() return &concatKDF{ z: z, info: buffer, hasher: hasher, cache: []byte{}, i: 1, } }",True,Go,NewConcatKDF,concat_kdf.go,https://github.com/square/go-jose,square,Cedric Staub,2016-09-02 21:47:34-07:00,"Use uint64 for all size calculations, size checks",CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2016-9123,"func TestSetupForwardAgent(t *testing.T) { a, b, err := netPipe() if err != nil { t.Fatalf(""netPipe: %v"", err) } defer a.Close() defer b.Close() _, socket, cleanup := startAgent(t) defer cleanup() serverConf := ssh.ServerConfig{ NoClientAuth: true, } serverConf.AddHostKey(testSigners[""rsa""]) incoming := make(chan *ssh.ServerConn, 1) go func() { conn, _, _, err := ssh.NewServerConn(a, &serverConf) if err != nil { t.Fatalf(""Server: %v"", err) } incoming <- conn }() conf := ssh.ClientConfig{ HostKeyCallback: ssh.InsecureIgnoreHostKey(), } conn, chans, reqs, err := ssh.NewClientConn(b, """", &conf) if err != nil { t.Fatalf(""NewClientConn: %v"", err) } client := ssh.NewClient(conn, chans, reqs) if err := ForwardToRemote(client, socket); err != nil { t.Fatalf(""SetupForwardAgent: %v"", err) } server := <-incoming ch, reqs, err := server.OpenChannel(channelType, nil) if err != nil { t.Fatalf(""OpenChannel(%q): %v"", channelType, err) } go ssh.DiscardRequests(reqs) agentClient := NewClient(ch) testAgentInterface(t, agentClient, testPrivateKeys[""rsa""], nil, 0) conn.Close() }"
176,"func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact bool, cond C.scmp_cast_t) error { var length C.uint if cond != nil { length = 1 } else { length = 0 } var retCode C.int if exact { retCode = C.seccomp_rule_add_exact_array(f.filterCtx, action.toNative(), C.int(call), length, cond) } else { retCode = C.seccomp_rule_add_array(f.filterCtx, action.toNative(), C.int(call), length, cond) } if syscall.Errno(-1*retCode) == syscall.EFAULT { return fmt.Errorf(""unrecognized syscall"") } else if syscall.Errno(-1*retCode) == syscall.EPERM { return fmt.Errorf(""requested action matches default action of filter"") } else if retCode != 0 { return syscall.Errno(-1 * retCode) } return nil }",True,Go,addRuleWrapper,seccomp_internal.go,https://github.com/seccomp/libseccomp-golang,seccomp,Matthew Heon,2017-04-24 13:34:20-04:00,"golang: Resolve bug with handling of multiple argument rules

In the upstream library, when added with a single API call,
multiple syscall argument rules should be matched with AND
logic - if all of them match, the rule matches.

At present, the Golang bindings apply OR logic to this case.
This commit resolves this and reverts to the behavior of the
main library.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2017-18367,"func TestClientLoginCert(t *testing.T) { cert := &Certificate{ Key: testPublicKeys[""rsa""], ValidBefore: CertTimeInfinity, CertType: UserCert, } cert.SignCert(rand.Reader, testSigners[""ecdsa""]) certSigner, err := NewCertSigner(cert, testSigners[""rsa""]) if err != nil { t.Fatalf(""NewCertSigner: %v"", err) } clientConfig := &ClientConfig{ User: ""user"", HostKeyCallback: InsecureIgnoreHostKey(), } clientConfig.Auth = append(clientConfig.Auth, PublicKeys(certSigner)) if err := tryAuth(t, clientConfig); err != nil { t.Errorf(""cert login failed: %v"", err) } cert.Signature.Blob[0]++ if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""cert login passed with corrupted sig"") } cert.Serial = 666 cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""revoked cert login succeeded"") } cert.Serial = 1 cert.SignCert(rand.Reader, testSigners[""dsa""]) if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""cert login passed with non-authoritative key"") } cert.CertType = HostCert cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""cert login passed with wrong type"") } cert.CertType = UserCert cert.ValidPrincipals = []string{""user""} cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err != nil { t.Errorf(""cert login failed: %v"", err) } cert.ValidPrincipals = []string{""fred""} cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""cert login passed with wrong principal"") } cert.ValidPrincipals = nil cert.CriticalOptions = map[string]string{""root-access"": ""yes""} cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""cert login passed with unrecognized critical option"") } cert.CriticalOptions = map[string]string{""source-address"": ""127.0.0.42/24,::42/120""} cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err != nil { t.Errorf(""cert login with source-address failed: %v"", err) } cert.CriticalOptions = map[string]string{""source-address"": ""127.0.0.42,::42""} cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""cert login with source-address succeeded"") } }"
179,"func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall, action ScmpAction, exact bool, conds []ScmpCondition) error { f.lock.Lock() defer f.lock.Unlock() if !f.valid { return errBadFilter } if len(conds) == 0 { if err := f.addRuleWrapper(call, action, exact, nil); err != nil { return err } } else { if !checkVersionAbove(2, 2, 1) { return VersionError{ message: ""conditional filtering is not supported"", minimum: ""2.2.1"", } } for _, cond := range conds { cmpStruct := C.make_struct_arg_cmp(C.uint(cond.Argument), cond.Op.toNative(), C.uint64_t(cond.Operand1), C.uint64_t(cond.Operand2)) defer C.free(cmpStruct) if err := f.addRuleWrapper(call, action, exact, C.scmp_cast_t(cmpStruct)); err != nil { return err } } } return nil }",True,Go,addRuleGeneric,seccomp_internal.go,https://github.com/seccomp/libseccomp-golang,seccomp,Matthew Heon,2017-04-24 13:34:20-04:00,"golang: Resolve bug with handling of multiple argument rules

In the upstream library, when added with a single API call,
multiple syscall argument rules should be matched with AND
logic - if all of them match, the rule matches.

At present, the Golang bindings apply OR logic to this case.
This commit resolves this and reverts to the behavior of the
main library.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2017-18367,"func ExampleDial() { var hostKey ssh.PublicKey config := &ssh.ClientConfig{ User: ""username"", Auth: []ssh.AuthMethod{ ssh.Password(""yourpassword""), }, HostKeyCallback: ssh.FixedHostKey(hostKey), } client, err := ssh.Dial(""tcp"", ""yourserver.com:22"", config) if err != nil { log.Fatal(""Failed to dial: "", err) } session, err := client.NewSession() if err != nil { log.Fatal(""Failed to create session: "", err) } defer session.Close() var b bytes.Buffer session.Stdout = &b if err := session.Run(""/usr/bin/whoami""); err != nil { log.Fatal(""Failed to run: "" + err.Error()) } fmt.Println(b.String()) }"
181,"func (ch *cors) ServeHTTP(w http.ResponseWriter, r *http.Request) { origin := r.Header.Get(corsOriginHeader) if !ch.isOriginAllowed(origin) { ch.h.ServeHTTP(w, r) return } if r.Method == corsOptionMethod { if ch.ignoreOptions { ch.h.ServeHTTP(w, r) return } if _, ok := r.Header[corsRequestMethodHeader]; !ok { w.WriteHeader(http.StatusBadRequest) return } method := r.Header.Get(corsRequestMethodHeader) if !ch.isMatch(method, ch.allowedMethods) { w.WriteHeader(http.StatusMethodNotAllowed) return } requestHeaders := strings.Split(r.Header.Get(corsRequestHeadersHeader), "","") allowedHeaders := []string{} for _, v := range requestHeaders { canonicalHeader := http.CanonicalHeaderKey(strings.TrimSpace(v)) if canonicalHeader == """" || ch.isMatch(canonicalHeader, defaultCorsHeaders) { continue } if !ch.isMatch(canonicalHeader, ch.allowedHeaders) { w.WriteHeader(http.StatusForbidden) return } allowedHeaders = append(allowedHeaders, canonicalHeader) } if len(allowedHeaders) > 0 { w.Header().Set(corsAllowHeadersHeader, strings.Join(allowedHeaders, "","")) } if ch.maxAge > 0 { w.Header().Set(corsMaxAgeHeader, strconv.Itoa(ch.maxAge)) } if !ch.isMatch(method, defaultCorsMethods) { w.Header().Set(corsAllowMethodsHeader, method) } } else { if len(ch.exposedHeaders) > 0 { w.Header().Set(corsExposeHeadersHeader, strings.Join(ch.exposedHeaders, "","")) } } if ch.allowCredentials { w.Header().Set(corsAllowCredentialsHeader, ""true"") } if len(ch.allowedOrigins) > 1 { w.Header().Set(corsVaryHeader, corsOriginHeader) } w.Header().Set(corsAllowOriginHeader, origin) if r.Method == corsOptionMethod { return } ch.h.ServeHTTP(w, r) }",True,Go,ServeHTTP,cors.go,https://github.com/gorilla/handlers,gorilla,Matt Silverlock,2017-11-01 10:43:35-07:00,"[bugfix] Don't return the origin header when configured to * (#116)

There's no reason to allow for a server to reflect all origin headers.
This has caused numerous security problems in the past.
 - https://github.com/cyu/rack-cors/issues/126
 - https://nodesecurity.io/advisories/148
 - https://github.com/captncraig/cors/commit/cc1cf75f5e3c06124602f2aa7893c8f3b1eef0b7

Some helpful blog posts on the topic:
 - https://ejj.io/misconfigured-cors/
 - http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html",CWE-346,Origin Validation Error,The product does not properly verify that the source of data or communication is valid.,https://cwe.mitre.org/data/definitions/346.html,CVE-2017-20146,"func (t *handshakeTransport) client(kex kexAlgorithm, algs *algorithms, magics *handshakeMagics) (*kexResult, error) { result, err := kex.Client(t.conn, t.config.Rand, magics) if err != nil { return nil, err } hostKey, err := ParsePublicKey(result.HostKey) if err != nil { return nil, err } if err := verifyHostKeySignature(hostKey, result); err != nil { return nil, err } err = t.hostKeyCallback(t.dialAddress, t.remoteAddr, hostKey) if err != nil { return nil, err } return result, nil }"
183,"func TestAuth(t *testing.T) { a, b, err := netPipe() if err != nil { t.Fatalf(""netPipe: %v"", err) } defer a.Close() defer b.Close() agent, _, cleanup := startAgent(t) defer cleanup() if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys[""rsa""], Comment: ""comment""}); err != nil { t.Errorf(""Add: %v"", err) } serverConf := ssh.ServerConfig{} serverConf.AddHostKey(testSigners[""rsa""]) serverConf.PublicKeyCallback = func(c ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) { if bytes.Equal(key.Marshal(), testPublicKeys[""rsa""].Marshal()) { return nil, nil } return nil, errors.New(""pubkey rejected"") } go func() { conn, _, _, err := ssh.NewServerConn(a, &serverConf) if err != nil { t.Fatalf(""Server: %v"", err) } conn.Close() }() conf := ssh.ClientConfig{} conf.Auth = append(conf.Auth, ssh.PublicKeysCallback(agent.Signers)) conn, _, _, err := ssh.NewClientConn(b, """", &conf) if err != nil { t.Fatalf(""NewClientConn: %v"", err) } conn.Close() }",True,Go,TestAuth,client_test.go,https://github.com/golang/crypto,golang,Han-Wen Nienhuys,2017-03-30 15:57:35+00:00,"ssh: require host key checking in the ClientConfig

This change breaks existing behavior.

Before, a missing ClientConfig.HostKeyCallback would cause host key
checking to be disabled. In this configuration, establishing a
connection to any host just works, so today, most SSH client code in
the wild does not perform any host key checks.

This makes it easy to perform a MITM attack:

* SSH installations that use keyboard-interactive or password
authentication can be attacked with MITM, thereby stealing
passwords.

* Clients that use public-key authentication with agent forwarding are
also vulnerable: the MITM server could allow the login to succeed, and
then immediately ask the agent to authenticate the login to the real
server.

* Clients that use public-key authentication without agent forwarding
are harder to attack unnoticedly: an attacker cannot authenticate the
login to the real server, so it cannot in general present a convincing
server to the victim.

Now, a missing HostKeyCallback will cause the handshake to fail. This
change also provides InsecureIgnoreHostKey() and FixedHostKey(key) as
ready made host checkers.

A simplistic parser for OpenSSH's known_hosts file is given as an
example.  This change does not provide a full-fledged parser, as it
has complexity (wildcards, revocation, hashed addresses) that will
need further consideration.

When introduced, the host checking feature maintained backward
compatibility at the expense of security. We have decided this is not
the right tradeoff for the SSH library.

Fixes golang/go#19767

Change-Id: I45fc7ba9bd1ea29c31ec23f115cdbab99913e814
Reviewed-on: https://go-review.googlesource.com/38701
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-3204,"func TestSessionID(t *testing.T) { c1, c2, err := netPipe() if err != nil { t.Fatalf(""netPipe: %v"", err) } defer c1.Close() defer c2.Close() serverID := make(chan []byte, 1) clientID := make(chan []byte, 1) serverConf := &ServerConfig{ NoClientAuth: true, } serverConf.AddHostKey(testSigners[""ecdsa""]) clientConf := &ClientConfig{ HostKeyCallback: InsecureIgnoreHostKey(), User: ""user"", } go func() { conn, chans, reqs, err := NewServerConn(c1, serverConf) if err != nil { t.Fatalf(""server handshake: %v"", err) } serverID <- conn.SessionID() go DiscardRequests(reqs) for ch := range chans { ch.Reject(Prohibited, """") } }() go func() { conn, chans, reqs, err := NewClientConn(c2, """", clientConf) if err != nil { t.Fatalf(""client handshake: %v"", err) } clientID <- conn.SessionID() go DiscardRequests(reqs) for ch := range chans { ch.Reject(Prohibited, """") } }() s := <-serverID c := <-clientID if bytes.Compare(s, c) != 0 { t.Errorf(""server session ID (%x) != client session ID (%x)"", s, c) } else if len(s) == 0 { t.Errorf(""client and server SessionID were empty."") } }"
185,"func ExampleClientAgent() { socket := os.Getenv(""SSH_AUTH_SOCK"") conn, err := net.Dial(""unix"", socket) if err != nil { log.Fatalf(""net.Dial: %v"", err) } agentClient := agent.NewClient(conn) config := &ssh.ClientConfig{ User: ""username"", Auth: []ssh.AuthMethod{ ssh.PublicKeysCallback(agentClient.Signers), }, } sshc, err := ssh.Dial(""tcp"", ""localhost:22"", config) if err != nil { log.Fatalf(""Dial: %v"", err) } sshc.Close() }",True,Go,ExampleClientAgent,example_test.go,https://github.com/golang/crypto,golang,Han-Wen Nienhuys,2017-03-30 15:57:35+00:00,"ssh: require host key checking in the ClientConfig

This change breaks existing behavior.

Before, a missing ClientConfig.HostKeyCallback would cause host key
checking to be disabled. In this configuration, establishing a
connection to any host just works, so today, most SSH client code in
the wild does not perform any host key checks.

This makes it easy to perform a MITM attack:

* SSH installations that use keyboard-interactive or password
authentication can be attacked with MITM, thereby stealing
passwords.

* Clients that use public-key authentication with agent forwarding are
also vulnerable: the MITM server could allow the login to succeed, and
then immediately ask the agent to authenticate the login to the real
server.

* Clients that use public-key authentication without agent forwarding
are harder to attack unnoticedly: an attacker cannot authenticate the
login to the real server, so it cannot in general present a convincing
server to the victim.

Now, a missing HostKeyCallback will cause the handshake to fail. This
change also provides InsecureIgnoreHostKey() and FixedHostKey(key) as
ready made host checkers.

A simplistic parser for OpenSSH's known_hosts file is given as an
example.  This change does not provide a full-fledged parser, as it
has complexity (wildcards, revocation, hashed addresses) that will
need further consideration.

When introduced, the host checking feature maintained backward
compatibility at the expense of security. We have decided this is not
the right tradeoff for the SSH library.

Fixes golang/go#19767

Change-Id: I45fc7ba9bd1ea29c31ec23f115cdbab99913e814
Reviewed-on: https://go-review.googlesource.com/38701
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-3204,"func TestCertLogin(t *testing.T) { s := newServer(t) defer s.Shutdown() clientKey := testSigners[""dsa""] caAuthKey := testSigners[""ecdsa""] cert := &ssh.Certificate{ Key: clientKey.PublicKey(), ValidPrincipals: []string{username()}, CertType: ssh.UserCert, ValidBefore: ssh.CertTimeInfinity, } if err := cert.SignCert(rand.Reader, caAuthKey); err != nil { t.Fatalf(""SetSignature: %v"", err) } certSigner, err := ssh.NewCertSigner(cert, clientKey) if err != nil { t.Fatalf(""NewCertSigner: %v"", err) } conf := &ssh.ClientConfig{ User: username(), HostKeyCallback: ssh.InsecureIgnoreHostKey(), } conf.Auth = append(conf.Auth, ssh.PublicKeys(certSigner)) client, err := s.TryDial(conf) if err != nil { t.Fatalf(""TryDial: %v"", err) } client.Close() }"
187,"func TestSetupForwardAgent(t *testing.T) { a, b, err := netPipe() if err != nil { t.Fatalf(""netPipe: %v"", err) } defer a.Close() defer b.Close() _, socket, cleanup := startAgent(t) defer cleanup() serverConf := ssh.ServerConfig{ NoClientAuth: true, } serverConf.AddHostKey(testSigners[""rsa""]) incoming := make(chan *ssh.ServerConn, 1) go func() { conn, _, _, err := ssh.NewServerConn(a, &serverConf) if err != nil { t.Fatalf(""Server: %v"", err) } incoming <- conn }() conf := ssh.ClientConfig{} conn, chans, reqs, err := ssh.NewClientConn(b, """", &conf) if err != nil { t.Fatalf(""NewClientConn: %v"", err) } client := ssh.NewClient(conn, chans, reqs) if err := ForwardToRemote(client, socket); err != nil { t.Fatalf(""SetupForwardAgent: %v"", err) } server := <-incoming ch, reqs, err := server.OpenChannel(channelType, nil) if err != nil { t.Fatalf(""OpenChannel(%q): %v"", channelType, err) } go ssh.DiscardRequests(reqs) agentClient := NewClient(ch) testAgentInterface(t, agentClient, testPrivateKeys[""rsa""], nil, 0) conn.Close() }",True,Go,TestSetupForwardAgent,server_test.go,https://github.com/golang/crypto,golang,Han-Wen Nienhuys,2017-03-30 15:57:35+00:00,"ssh: require host key checking in the ClientConfig

This change breaks existing behavior.

Before, a missing ClientConfig.HostKeyCallback would cause host key
checking to be disabled. In this configuration, establishing a
connection to any host just works, so today, most SSH client code in
the wild does not perform any host key checks.

This makes it easy to perform a MITM attack:

* SSH installations that use keyboard-interactive or password
authentication can be attacked with MITM, thereby stealing
passwords.

* Clients that use public-key authentication with agent forwarding are
also vulnerable: the MITM server could allow the login to succeed, and
then immediately ask the agent to authenticate the login to the real
server.

* Clients that use public-key authentication without agent forwarding
are harder to attack unnoticedly: an attacker cannot authenticate the
login to the real server, so it cannot in general present a convincing
server to the victim.

Now, a missing HostKeyCallback will cause the handshake to fail. This
change also provides InsecureIgnoreHostKey() and FixedHostKey(key) as
ready made host checkers.

A simplistic parser for OpenSSH's known_hosts file is given as an
example.  This change does not provide a full-fledged parser, as it
has complexity (wildcards, revocation, hashed addresses) that will
need further consideration.

When introduced, the host checking feature maintained backward
compatibility at the expense of security. We have decided this is not
the right tradeoff for the SSH library.

Fixes golang/go#19767

Change-Id: I45fc7ba9bd1ea29c31ec23f115cdbab99913e814
Reviewed-on: https://go-review.googlesource.com/38701
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-3204,"static void cmd_sdbk(Sdb *db, const char *input) { const char *arg = (input[0] == ' ')? input + 1: ""*""; char *out = sdb_querys (db, NULL, 0, arg); if (out) { r_cons_println (out); free (out); } else { R_LOG_ERROR (""Usage: ask [query]""); } }"
193,"func ExampleRetryableAuthMethod(t *testing.T) { user := ""testuser"" NumberOfPrompts := 3 Cb := func(user, instruction string, questions []string, echos []bool) (answers []string, err error) { return []string{""answer1"", ""answer2""}, nil } config := &ClientConfig{ User: user, Auth: []AuthMethod{ RetryableAuthMethod(KeyboardInteractiveChallenge(Cb), NumberOfPrompts), }, } if err := tryAuth(t, config); err != nil { t.Fatalf(""unable to dial remote side: %s"", err) } }",True,Go,ExampleRetryableAuthMethod,client_auth_test.go,https://github.com/golang/crypto,golang,Han-Wen Nienhuys,2017-03-30 15:57:35+00:00,"ssh: require host key checking in the ClientConfig

This change breaks existing behavior.

Before, a missing ClientConfig.HostKeyCallback would cause host key
checking to be disabled. In this configuration, establishing a
connection to any host just works, so today, most SSH client code in
the wild does not perform any host key checks.

This makes it easy to perform a MITM attack:

* SSH installations that use keyboard-interactive or password
authentication can be attacked with MITM, thereby stealing
passwords.

* Clients that use public-key authentication with agent forwarding are
also vulnerable: the MITM server could allow the login to succeed, and
then immediately ask the agent to authenticate the login to the real
server.

* Clients that use public-key authentication without agent forwarding
are harder to attack unnoticedly: an attacker cannot authenticate the
login to the real server, so it cannot in general present a convincing
server to the victim.

Now, a missing HostKeyCallback will cause the handshake to fail. This
change also provides InsecureIgnoreHostKey() and FixedHostKey(key) as
ready made host checkers.

A simplistic parser for OpenSSH's known_hosts file is given as an
example.  This change does not provide a full-fledged parser, as it
has complexity (wildcards, revocation, hashed addresses) that will
need further consideration.

When introduced, the host checking feature maintained backward
compatibility at the expense of security. We have decided this is not
the right tradeoff for the SSH library.

Fixes golang/go#19767

Change-Id: I45fc7ba9bd1ea29c31ec23f115cdbab99913e814
Reviewed-on: https://go-review.googlesource.com/38701
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-3204,"static void cmd_anal_ucall_ref(RCore *core, ut64 addr) { RAnalFunction *fcn = r_anal_get_function_at (core->anal, addr); if (fcn) { r_cons_printf ("" ; %s"", fcn->name); } else { r_cons_printf ("" ; 0x%"" PFMT64x, addr); } }"
195,"func TestClientAuthNone(t *testing.T) { user := ""testuser"" serverConfig := &ServerConfig{ NoClientAuth: true, } serverConfig.AddHostKey(testSigners[""rsa""]) clientConfig := &ClientConfig{ User: user, } c1, c2, err := netPipe() if err != nil { t.Fatalf(""netPipe: %v"", err) } defer c1.Close() defer c2.Close() go NewClientConn(c2, """", clientConfig) serverConn, err := newServer(c1, serverConfig) if err != nil { t.Fatalf(""newServer: %v"", err) } if serverConn.User() != user { t.Fatalf(""server: got %q, want %q"", serverConn.User(), user) } }",True,Go,TestClientAuthNone,client_auth_test.go,https://github.com/golang/crypto,golang,Han-Wen Nienhuys,2017-03-30 15:57:35+00:00,"ssh: require host key checking in the ClientConfig

This change breaks existing behavior.

Before, a missing ClientConfig.HostKeyCallback would cause host key
checking to be disabled. In this configuration, establishing a
connection to any host just works, so today, most SSH client code in
the wild does not perform any host key checks.

This makes it easy to perform a MITM attack:

* SSH installations that use keyboard-interactive or password
authentication can be attacked with MITM, thereby stealing
passwords.

* Clients that use public-key authentication with agent forwarding are
also vulnerable: the MITM server could allow the login to succeed, and
then immediately ask the agent to authenticate the login to the real
server.

* Clients that use public-key authentication without agent forwarding
are harder to attack unnoticedly: an attacker cannot authenticate the
login to the real server, so it cannot in general present a convincing
server to the victim.

Now, a missing HostKeyCallback will cause the handshake to fail. This
change also provides InsecureIgnoreHostKey() and FixedHostKey(key) as
ready made host checkers.

A simplistic parser for OpenSSH's known_hosts file is given as an
example.  This change does not provide a full-fledged parser, as it
has complexity (wildcards, revocation, hashed addresses) that will
need further consideration.

When introduced, the host checking feature maintained backward
compatibility at the expense of security. We have decided this is not
the right tradeoff for the SSH library.

Fixes golang/go#19767

Change-Id: I45fc7ba9bd1ea29c31ec23f115cdbab99913e814
Reviewed-on: https://go-review.googlesource.com/38701
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-3204,"static void _anal_calls(RCore *core, ut64 addr, ut64 addr_end, bool printCommands, bool importsOnly) { RAnalOp op = {0}; int depth = r_config_get_i (core->config, ""anal.depth""); const int addrbytes = core->io->addrbytes; const int bsz = 4096; int bufi = 0; int bufi_max = bsz - 16; if (addr_end - addr > UT32_MAX) { return; } ut8 *buf = malloc (bsz); ut8 *block0 = calloc (1, bsz); ut8 *block1 = malloc (bsz); if (!buf || !block0 || !block1) { free (buf); free (block0); free (block1); return; } memset (block1, -1, bsz); int minop = r_anal_archinfo (core->anal, R_ANAL_ARCHINFO_MIN_OP_SIZE); if (minop < 1) { minop = 1; } int setBits = r_config_get_i (core->config, ""asm.bits""); r_cons_break_push (NULL, NULL); while (addr < addr_end && !r_cons_is_breaked ()) { if (bufi > bufi_max) { bufi = 0; } if (!bufi) { (void)r_io_read_at (core->io, addr, buf, bsz); } if (!memcmp (buf, block0, bsz) || !memcmp (buf, block1, bsz)) { addr += bsz; continue; } RAnalHint *hint = r_anal_hint_get (core->anal, addr); if (hint && hint->bits) { setBits = hint->bits; } r_anal_hint_free (hint); if (setBits != core->rasm->config->bits) { r_config_set_i (core->config, ""asm.bits"", setBits); } if (r_anal_op (core->anal, &op, addr, buf + bufi, bsz - bufi, 0) > 0) { if (op.size < 1) { op.size = minop; } if (op.type == R_ANAL_OP_TYPE_CALL) { bool isValidCall = true; if (importsOnly) { RFlagItem *f = r_flag_get_i (core->flags, op.jump); if (!f || !strstr (f->name, ""imp."")) { isValidCall = false; } } RBinReloc *rel = r_core_getreloc (core, addr, op.size); if (rel && (rel->import || rel->symbol)) { isValidCall = false; } if (isValidCall) { ut8 zbuf[4] = {0}; r_io_read_at (core->io, op.jump, zbuf, 4); isValidCall = memcmp (zbuf, ""\x00\x00\x00\x00"", 4); } if (isValidCall) { #if JAYRO_03 if (!anal_is_bad_call (core, from, to, addr, buf, bufi)) { fcn = r_anal_get_fcn_in (core->anal, op.jump, R_ANAL_FCN_TYPE_ROOT); if (!fcn) { r_core_anal_fcn (core, op.jump, addr, R_ANAL_REF_TYPE_CALL, depth - 1); } } #else if (printCommands) { r_cons_printf (""ax 0x%08"" PFMT64x "" 0x%08"" PFMT64x ""\n"", op.jump, addr); r_cons_printf (""af @ 0x%08"" PFMT64x""\n"", op.jump); } else { r_anal_xrefs_set (core->anal, addr, op.jump, R_ANAL_REF_TYPE_CALL); if (r_io_is_valid_offset (core->io, op.jump, 1)) { r_core_anal_fcn (core, op.jump, addr, R_ANAL_REF_TYPE_CALL, depth - 1); } } #endif } } } else { op.size = minop; } if ((int)op.size < 1) { op.size = minop; } addr += op.size; bufi += addrbytes * op.size; r_anal_op_fini (&op); } r_cons_break_pop (); free (buf); free (block0); free (block1); }"
201,"func TestClientLoginCert(t *testing.T) { cert := &Certificate{ Key: testPublicKeys[""rsa""], ValidBefore: CertTimeInfinity, CertType: UserCert, } cert.SignCert(rand.Reader, testSigners[""ecdsa""]) certSigner, err := NewCertSigner(cert, testSigners[""rsa""]) if err != nil { t.Fatalf(""NewCertSigner: %v"", err) } clientConfig := &ClientConfig{ User: ""user"", } clientConfig.Auth = append(clientConfig.Auth, PublicKeys(certSigner)) if err := tryAuth(t, clientConfig); err != nil { t.Errorf(""cert login failed: %v"", err) } cert.Signature.Blob[0]++ if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""cert login passed with corrupted sig"") } cert.Serial = 666 cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""revoked cert login succeeded"") } cert.Serial = 1 cert.SignCert(rand.Reader, testSigners[""dsa""]) if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""cert login passed with non-authoritative key"") } cert.CertType = HostCert cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""cert login passed with wrong type"") } cert.CertType = UserCert cert.ValidPrincipals = []string{""user""} cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err != nil { t.Errorf(""cert login failed: %v"", err) } cert.ValidPrincipals = []string{""fred""} cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""cert login passed with wrong principal"") } cert.ValidPrincipals = nil cert.CriticalOptions = map[string]string{""root-access"": ""yes""} cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""cert login passed with unrecognized critical option"") } cert.CriticalOptions = map[string]string{""source-address"": ""127.0.0.42/24,::42/120""} cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err != nil { t.Errorf(""cert login with source-address failed: %v"", err) } cert.CriticalOptions = map[string]string{""source-address"": ""127.0.0.42,::42""} cert.SignCert(rand.Reader, testSigners[""ecdsa""]) if err := tryAuth(t, clientConfig); err == nil { t.Errorf(""cert login with source-address succeeded"") } }",True,Go,TestClientLoginCert,client_auth_test.go,https://github.com/golang/crypto,golang,Han-Wen Nienhuys,2017-03-30 15:57:35+00:00,"ssh: require host key checking in the ClientConfig

This change breaks existing behavior.

Before, a missing ClientConfig.HostKeyCallback would cause host key
checking to be disabled. In this configuration, establishing a
connection to any host just works, so today, most SSH client code in
the wild does not perform any host key checks.

This makes it easy to perform a MITM attack:

* SSH installations that use keyboard-interactive or password
authentication can be attacked with MITM, thereby stealing
passwords.

* Clients that use public-key authentication with agent forwarding are
also vulnerable: the MITM server could allow the login to succeed, and
then immediately ask the agent to authenticate the login to the real
server.

* Clients that use public-key authentication without agent forwarding
are harder to attack unnoticedly: an attacker cannot authenticate the
login to the real server, so it cannot in general present a convincing
server to the victim.

Now, a missing HostKeyCallback will cause the handshake to fail. This
change also provides InsecureIgnoreHostKey() and FixedHostKey(key) as
ready made host checkers.

A simplistic parser for OpenSSH's known_hosts file is given as an
example.  This change does not provide a full-fledged parser, as it
has complexity (wildcards, revocation, hashed addresses) that will
need further consideration.

When introduced, the host checking feature maintained backward
compatibility at the expense of security. We have decided this is not
the right tradeoff for the SSH library.

Fixes golang/go#19767

Change-Id: I45fc7ba9bd1ea29c31ec23f115cdbab99913e814
Reviewed-on: https://go-review.googlesource.com/38701
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-3204,"static bool anal_fcn_data (RCore *core, const char *input) { RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, R_ANAL_FCN_TYPE_ANY); if (fcn) { int i; bool gap = false; ut64 gap_addr = UT64_MAX; ut32 fcn_size = r_anal_function_size_from_entry (fcn); char *bitmap = calloc (1, fcn_size); if (bitmap) { RAnalBlock *b; RListIter *iter; r_list_foreach (fcn->bbs, iter, b) { int f = b->addr - fcn->addr; int t = R_MIN (f + b->size, fcn_size); if (f >= 0) { while (f < t) { bitmap[f++] = 1; } } } } for (i = 0; i < fcn_size; i++) { ut64 here = fcn->addr + i; if (bitmap && bitmap[i]) { if (gap) { r_cons_printf (""Cd %d @ 0x%08""PFMT64x""\n"", here - gap_addr, gap_addr); gap = false; } gap_addr = UT64_MAX; } else { if (!gap) { gap = true; gap_addr = here; } } } if (gap) { r_cons_printf (""Cd %d @ 0x%08""PFMT64x""\n"", fcn->addr + fcn_size - gap_addr, gap_addr); } free (bitmap); return true; } return false; }"
213,"func ExampleNewServerConn() { authorizedKeysBytes, err := ioutil.ReadFile(""authorized_keys"") if err != nil { log.Fatalf(""Failed to load authorized_keys, err: %v"", err) } authorizedKeysMap := map[string]bool{} for len(authorizedKeysBytes) > 0 { pubKey, _, _, rest, err := ssh.ParseAuthorizedKey(authorizedKeysBytes) if err != nil { log.Fatal(err) } authorizedKeysMap[string(pubKey.Marshal())] = true authorizedKeysBytes = rest } config := &ssh.ServerConfig{ PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) { if c.User() == ""testuser"" && string(pass) == ""tiger"" { return nil, nil } return nil, fmt.Errorf(""password rejected for %q"", c.User()) }, PublicKeyCallback: func(c ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error) { if authorizedKeysMap[string(pubKey.Marshal())] { return nil, nil } return nil, fmt.Errorf(""unknown public key for %q"", c.User()) }, } privateBytes, err := ioutil.ReadFile(""id_rsa"") if err != nil { log.Fatal(""Failed to load private key: "", err) } private, err := ssh.ParsePrivateKey(privateBytes) if err != nil { log.Fatal(""Failed to parse private key: "", err) } config.AddHostKey(private) listener, err := net.Listen(""tcp"", ""0.0.0.0:2022"") if err != nil { log.Fatal(""failed to listen for connection: "", err) } nConn, err := listener.Accept() if err != nil { log.Fatal(""failed to accept incoming connection: "", err) } _, chans, reqs, err := ssh.NewServerConn(nConn, config) if err != nil { log.Fatal(""failed to handshake: "", err) } go ssh.DiscardRequests(reqs) for newChannel := range chans { if newChannel.ChannelType() != ""session"" { newChannel.Reject(ssh.UnknownChannelType, ""unknown channel type"") continue } channel, requests, err := newChannel.Accept() if err != nil { log.Fatalf(""Could not accept channel: %v"", err) } go func(in <-chan *ssh.Request) { for req := range in { req.Reply(req.Type == ""shell"", nil) } }(requests) term := terminal.NewTerminal(channel, ""> "") go func() { defer channel.Close() for { line, err := term.ReadLine() if err != nil { break } fmt.Println(line) } }() } }",True,Go,ExampleNewServerConn,example_test.go,https://github.com/golang/crypto,golang,Han-Wen Nienhuys,2017-03-30 15:57:35+00:00,"ssh: require host key checking in the ClientConfig

This change breaks existing behavior.

Before, a missing ClientConfig.HostKeyCallback would cause host key
checking to be disabled. In this configuration, establishing a
connection to any host just works, so today, most SSH client code in
the wild does not perform any host key checks.

This makes it easy to perform a MITM attack:

* SSH installations that use keyboard-interactive or password
authentication can be attacked with MITM, thereby stealing
passwords.

* Clients that use public-key authentication with agent forwarding are
also vulnerable: the MITM server could allow the login to succeed, and
then immediately ask the agent to authenticate the login to the real
server.

* Clients that use public-key authentication without agent forwarding
are harder to attack unnoticedly: an attacker cannot authenticate the
login to the real server, so it cannot in general present a convincing
server to the victim.

Now, a missing HostKeyCallback will cause the handshake to fail. This
change also provides InsecureIgnoreHostKey() and FixedHostKey(key) as
ready made host checkers.

A simplistic parser for OpenSSH's known_hosts file is given as an
example.  This change does not provide a full-fledged parser, as it
has complexity (wildcards, revocation, hashed addresses) that will
need further consideration.

When introduced, the host checking feature maintained backward
compatibility at the expense of security. We have decided this is not
the right tradeoff for the SSH library.

Fixes golang/go#19767

Change-Id: I45fc7ba9bd1ea29c31ec23f115cdbab99913e814
Reviewed-on: https://go-review.googlesource.com/38701
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-3204,"func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) { ctx := newContext(r, w, ""AddUser"") defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) vars := mux.Vars(r) accessKey := vars[""accessKey""] objectAPI := newObjectLayerFn() if objectAPI == nil || globalNotificationSys == nil { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL) return } cred, claims, owner, s3Err := validateAdminSignature(ctx, r, """") if s3Err != ErrNone { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL) return } if owner && accessKey == cred.AccessKey { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL) return } userCred, exists := globalIAMSys.GetUser(ctx, accessKey) if exists && (userCred.IsTemp() || userCred.IsServiceAccount()) { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL) return } if (cred.IsTemp() || cred.IsServiceAccount()) && cred.ParentUser == accessKey { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL) return } checkDenyOnly := false if accessKey == cred.AccessKey { checkDenyOnly = true } if !globalIAMSys.IsAllowed(iampolicy.Args{ AccountName: cred.AccessKey, Groups: cred.Groups, Action: iampolicy.CreateUserAdminAction, ConditionValues: getConditionValues(r, """", cred.AccessKey, claims), IsOwner: owner, Claims: claims, DenyOnly: checkDenyOnly, }) { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL) return } if r.ContentLength > maxEConfigJSONSize || r.ContentLength == -1 { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigTooLarge), r.URL) return } password := cred.SecretKey configBytes, err := madmin.DecryptData(password, io.LimitReader(r.Body, r.ContentLength)) if err != nil { logger.LogIf(ctx, err) writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), r.URL) return } var ureq madmin.AddOrUpdateUserReq if err = json.Unmarshal(configBytes, &ureq); err != nil { logger.LogIf(ctx, err) writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), r.URL) return } if err = globalIAMSys.CreateUser(ctx, accessKey, ureq); err != nil { writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) return } }"
216,"func (t *handshakeTransport) client(kex kexAlgorithm, algs *algorithms, magics *handshakeMagics) (*kexResult, error) { result, err := kex.Client(t.conn, t.config.Rand, magics) if err != nil { return nil, err } hostKey, err := ParsePublicKey(result.HostKey) if err != nil { return nil, err } if err := verifyHostKeySignature(hostKey, result); err != nil { return nil, err } if t.hostKeyCallback != nil { err = t.hostKeyCallback(t.dialAddress, t.remoteAddr, hostKey) if err != nil { return nil, err } } return result, nil }",True,Go,client,handshake.go,https://github.com/golang/crypto,golang,Han-Wen Nienhuys,2017-03-30 15:57:35+00:00,"ssh: require host key checking in the ClientConfig

This change breaks existing behavior.

Before, a missing ClientConfig.HostKeyCallback would cause host key
checking to be disabled. In this configuration, establishing a
connection to any host just works, so today, most SSH client code in
the wild does not perform any host key checks.

This makes it easy to perform a MITM attack:

* SSH installations that use keyboard-interactive or password
authentication can be attacked with MITM, thereby stealing
passwords.

* Clients that use public-key authentication with agent forwarding are
also vulnerable: the MITM server could allow the login to succeed, and
then immediately ask the agent to authenticate the login to the real
server.

* Clients that use public-key authentication without agent forwarding
are harder to attack unnoticedly: an attacker cannot authenticate the
login to the real server, so it cannot in general present a convincing
server to the victim.

Now, a missing HostKeyCallback will cause the handshake to fail. This
change also provides InsecureIgnoreHostKey() and FixedHostKey(key) as
ready made host checkers.

A simplistic parser for OpenSSH's known_hosts file is given as an
example.  This change does not provide a full-fledged parser, as it
has complexity (wildcards, revocation, hashed addresses) that will
need further consideration.

When introduced, the host checking feature maintained backward
compatibility at the expense of security. We have decided this is not
the right tradeoff for the SSH library.

Fixes golang/go#19767

Change-Id: I45fc7ba9bd1ea29c31ec23f115cdbab99913e814
Reviewed-on: https://go-review.googlesource.com/38701
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-3204,"func (sys *IAMSys) CreateUser(ctx context.Context, accessKey string, ureq madmin.AddOrUpdateUserReq) error { if !sys.Initialized() { return errServerNotInitialized } if sys.usersSysType != MinIOUsersSysType { return errIAMActionNotAllowed } if !auth.IsAccessKeyValid(accessKey) { return auth.ErrInvalidAccessKeyLength } if !auth.IsSecretKeyValid(ureq.SecretKey) { return auth.ErrInvalidSecretKeyLength } err := sys.store.AddUser(ctx, accessKey, ureq) if err != nil { return err } sys.notifyForUser(ctx, accessKey, false) return nil }"
219,"func TestSessionID(t *testing.T) { c1, c2, err := netPipe() if err != nil { t.Fatalf(""netPipe: %v"", err) } defer c1.Close() defer c2.Close() serverID := make(chan []byte, 1) clientID := make(chan []byte, 1) serverConf := &ServerConfig{ NoClientAuth: true, } serverConf.AddHostKey(testSigners[""ecdsa""]) clientConf := &ClientConfig{ User: ""user"", } go func() { conn, chans, reqs, err := NewServerConn(c1, serverConf) if err != nil { t.Fatalf(""server handshake: %v"", err) } serverID <- conn.SessionID() go DiscardRequests(reqs) for ch := range chans { ch.Reject(Prohibited, """") } }() go func() { conn, chans, reqs, err := NewClientConn(c2, """", clientConf) if err != nil { t.Fatalf(""client handshake: %v"", err) } clientID <- conn.SessionID() go DiscardRequests(reqs) for ch := range chans { ch.Reject(Prohibited, """") } }() s := <-serverID c := <-clientID if bytes.Compare(s, c) != 0 { t.Errorf(""server session ID (%x) != client session ID (%x)"", s, c) } else if len(s) == 0 { t.Errorf(""client and server SessionID were empty."") } }",True,Go,TestSessionID,session_test.go,https://github.com/golang/crypto,golang,Han-Wen Nienhuys,2017-03-30 15:57:35+00:00,"ssh: require host key checking in the ClientConfig

This change breaks existing behavior.

Before, a missing ClientConfig.HostKeyCallback would cause host key
checking to be disabled. In this configuration, establishing a
connection to any host just works, so today, most SSH client code in
the wild does not perform any host key checks.

This makes it easy to perform a MITM attack:

* SSH installations that use keyboard-interactive or password
authentication can be attacked with MITM, thereby stealing
passwords.

* Clients that use public-key authentication with agent forwarding are
also vulnerable: the MITM server could allow the login to succeed, and
then immediately ask the agent to authenticate the login to the real
server.

* Clients that use public-key authentication without agent forwarding
are harder to attack unnoticedly: an attacker cannot authenticate the
login to the real server, so it cannot in general present a convincing
server to the victim.

Now, a missing HostKeyCallback will cause the handshake to fail. This
change also provides InsecureIgnoreHostKey() and FixedHostKey(key) as
ready made host checkers.

A simplistic parser for OpenSSH's known_hosts file is given as an
example.  This change does not provide a full-fledged parser, as it
has complexity (wildcards, revocation, hashed addresses) that will
need further consideration.

When introduced, the host checking feature maintained backward
compatibility at the expense of security. We have decided this is not
the right tradeoff for the SSH library.

Fixes golang/go#19767

Change-Id: I45fc7ba9bd1ea29c31ec23f115cdbab99913e814
Reviewed-on: https://go-review.googlesource.com/38701
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-3204,"func TestCheckValid(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() objLayer, fsDir, err := prepareFS() if err != nil { t.Fatal(err) } defer os.RemoveAll(fsDir) if err = newTestConfig(globalMinioDefaultRegion, objLayer); err != nil { t.Fatalf(""unable initialize config file, %s"", err) } newAllSubsystems() initConfigSubsystem(ctx, objLayer) globalIAMSys.Init(ctx, objLayer, globalEtcdClient, globalNotificationSys, 2*time.Second) req, err := newTestRequest(http.MethodGet, ""http: if err != nil { t.Fatal(err) } if err = signRequestV4(req, globalActiveCred.AccessKey, globalActiveCred.SecretKey); err != nil { t.Fatal(err) } _, owner, s3Err := checkKeyValid(req, globalActiveCred.AccessKey) if s3Err != ErrNone { t.Fatalf(""Unexpected failure with %v"", errorCodes.ToAPIErr(s3Err)) } if !owner { t.Fatalf(""Expected owner to be 'true', found %t"", owner) } _, _, s3Err = checkKeyValid(req, ""does-not-exist"") if s3Err != ErrInvalidAccessKeyID { t.Fatalf(""Expected error 'ErrInvalidAccessKeyID', found %v"", s3Err) } ucreds, err := auth.CreateCredentials(""myuser1"", ""mypassword1"") if err != nil { t.Fatalf(""unable create credential, %s"", err) } globalIAMSys.CreateUser(ctx, ucreds.AccessKey, madmin.AddOrUpdateUserReq{ SecretKey: ucreds.SecretKey, Status: madmin.AccountEnabled, }) _, owner, s3Err = checkKeyValid(req, ucreds.AccessKey) if s3Err != ErrNone { t.Fatalf(""Unexpected failure with %v"", errorCodes.ToAPIErr(s3Err)) } if owner { t.Fatalf(""Expected owner to be 'false', found %t"", owner) } }"
221,"func TestCertLogin(t *testing.T) { s := newServer(t) defer s.Shutdown() clientKey := testSigners[""dsa""] caAuthKey := testSigners[""ecdsa""] cert := &ssh.Certificate{ Key: clientKey.PublicKey(), ValidPrincipals: []string{username()}, CertType: ssh.UserCert, ValidBefore: ssh.CertTimeInfinity, } if err := cert.SignCert(rand.Reader, caAuthKey); err != nil { t.Fatalf(""SetSignature: %v"", err) } certSigner, err := ssh.NewCertSigner(cert, clientKey) if err != nil { t.Fatalf(""NewCertSigner: %v"", err) } conf := &ssh.ClientConfig{ User: username(), } conf.Auth = append(conf.Auth, ssh.PublicKeys(certSigner)) client, err := s.TryDial(conf) if err != nil { t.Fatalf(""TryDial: %v"", err) } client.Close() }",True,Go,TestCertLogin,cert_test.go,https://github.com/golang/crypto,golang,Han-Wen Nienhuys,2017-03-30 15:57:35+00:00,"ssh: require host key checking in the ClientConfig

This change breaks existing behavior.

Before, a missing ClientConfig.HostKeyCallback would cause host key
checking to be disabled. In this configuration, establishing a
connection to any host just works, so today, most SSH client code in
the wild does not perform any host key checks.

This makes it easy to perform a MITM attack:

* SSH installations that use keyboard-interactive or password
authentication can be attacked with MITM, thereby stealing
passwords.

* Clients that use public-key authentication with agent forwarding are
also vulnerable: the MITM server could allow the login to succeed, and
then immediately ask the agent to authenticate the login to the real
server.

* Clients that use public-key authentication without agent forwarding
are harder to attack unnoticedly: an attacker cannot authenticate the
login to the real server, so it cannot in general present a convincing
server to the victim.

Now, a missing HostKeyCallback will cause the handshake to fail. This
change also provides InsecureIgnoreHostKey() and FixedHostKey(key) as
ready made host checkers.

A simplistic parser for OpenSSH's known_hosts file is given as an
example.  This change does not provide a full-fledged parser, as it
has complexity (wildcards, revocation, hashed addresses) that will
need further consideration.

When introduced, the host checking feature maintained backward
compatibility at the expense of security. We have decided this is not
the right tradeoff for the SSH library.

Fixes golang/go#19767

Change-Id: I45fc7ba9bd1ea29c31ec23f115cdbab99913e814
Reviewed-on: https://go-review.googlesource.com/38701
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-3204,"func getClaimsFromToken(token string) (map[string]interface{}, error) {"
223,"getReturnAddressWithDisplayName(identityId) { check(identityId, String); const identity = this.getIdentity(identityId); const displayName = identity.profile.name + "" (via "" + this.getServerTitle() + "")""; const sanitized = displayName.replace(/""|<|>|\\|\r/g, """"); return ""\"""" + sanitized + ""\"" <"" + this.getReturnAddress() + "">""; },",True,Go,getReturnAddressWithDisplayName,db.js,https://github.com/sandstorm-io/sandstorm,sandstorm-io,Kenton Varda,2017-03-01 14:23:15-08:00,Validate e-mail addresses more strictly.,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2017-6199,"func doesPolicySignatureV2Match(formValues http.Header) (auth.Credentials, APIErrorCode) { accessKey := formValues.Get(xhttp.AmzAccessKeyID) cred, _, s3Err := checkKeyValid(accessKey) if s3Err != ErrNone { return cred, s3Err } policy := formValues.Get(""Policy"") signature := formValues.Get(xhttp.AmzSignatureV2) if !compareSignatureV2(signature, calculateSignatureV2(policy, cred.SecretKey)) { return cred, ErrSignatureDoesNotMatch } return cred, ErrNone }"
227,"static void cmd_sdbk(Sdb *db, const char *input) { char *out = (input[0] == ' ') ? sdb_querys (db, NULL, 0, input + 1) : sdb_querys (db, NULL, 0, ""*""); if (out) { r_cons_println (out); free (out); } else { R_LOG_ERROR (""Usage: ask [query]""); } }",True,Go,cmd_sdbk,cmd_anal.c,https://github.com/radareorg/radare2,radareorg,pancake,2023-08-14 16:33:25+02:00,"Fix 1byte heap oobread in the brainfuck disassembler

* https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd/
* Kudos to @7resp4ss for reporting",CWE-787,Out-of-bounds Write,"The product writes data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/787.html,CVE-2023-4322,"func TestDoesPolicySignatureV2Match(t *testing.T) { obj, fsDir, err := prepareFS() if err != nil { t.Fatal(err) } defer os.RemoveAll(fsDir) if err = newTestConfig(globalMinioDefaultRegion, obj); err != nil { t.Fatal(err) } creds := globalActiveCred policy := ""policy"" testCases := []struct { accessKey string policy string signature string errCode APIErrorCode }{ {""invalidAccessKey"", policy, calculateSignatureV2(policy, creds.SecretKey), ErrInvalidAccessKeyID}, {creds.AccessKey, policy, calculateSignatureV2(""random"", creds.SecretKey), ErrSignatureDoesNotMatch}, {creds.AccessKey, policy, calculateSignatureV2(policy, creds.SecretKey), ErrNone}, } for i, test := range testCases { formValues := make(http.Header) formValues.Set(""Awsaccesskeyid"", test.accessKey) formValues.Set(""Signature"", test.signature) formValues.Set(""Policy"", test.policy) _, errCode := doesPolicySignatureV2Match(formValues) if errCode != test.errCode { t.Fatalf(""(%d) expected to get %s, instead got %s"", i+1, niceError(test.errCode), niceError(errCode)) } } }"
228,"static void axfm(RCore *core) { RVecAnalRef *refs = r_anal_xrefs_get_from (core->anal, UT64_MAX); if (refs && !RVecAnalRef_empty (refs)) { RVecAnalRef_sort (refs, compare_ref); ut64 last_addr = UT64_MAX; RAnalRef *ref; R_VEC_FOREACH (refs, ref) { const bool is_first = ref->addr != last_addr; const char *name; if (is_first) { name = axtm_name (core, ref->addr); r_cons_printf (""0x%""PFMT64x"": %s\n"", ref->addr, name? name: ""?""); } name = axtm_name (core, ref->at); r_cons_printf ("" 0x%""PFMT64x"": %s\n"", ref->at, name? name: ""?""); last_addr = ref->addr; } } RVecAnalRef_free (refs); }",True,Go,axfm,cmd_anal.c,https://github.com/radareorg/radare2,radareorg,pancake,2023-08-14 16:33:25+02:00,"Fix 1byte heap oobread in the brainfuck disassembler

* https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd/
* Kudos to @7resp4ss for reporting",CWE-787,Out-of-bounds Write,"The product writes data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/787.html,CVE-2023-4322,"func doesPolicySignatureV4Match(formValues http.Header) (auth.Credentials, APIErrorCode) { region := globalServerRegion credHeader, s3Err := parseCredentialHeader(""Credential=""+formValues.Get(xhttp.AmzCredential), region, serviceS3) if s3Err != ErrNone { return auth.Credentials{}, s3Err } cred, _, s3Err := checkKeyValid(credHeader.accessKey) if s3Err != ErrNone { return cred, s3Err } signingKey := getSigningKey(cred.SecretKey, credHeader.scope.date, credHeader.scope.region, serviceS3) newSignature := getSignature(signingKey, formValues.Get(""Policy"")) if !compareSignatureV4(newSignature, formValues.Get(xhttp.AmzSignature)) { return cred, ErrSignatureDoesNotMatch } return cred, ErrNone }"
229,"static void cmd_anal_ucall_ref(RCore *core, ut64 addr) { RAnalFunction * fcn = r_anal_get_function_at (core->anal, addr); if (fcn) { r_cons_printf ("" ; %s"", fcn->name); } else { r_cons_printf ("" ; 0x%"" PFMT64x, addr); } }",True,Go,cmd_anal_ucall_ref,cmd_anal.c,https://github.com/radareorg/radare2,radareorg,pancake,2023-08-14 16:33:25+02:00,"Fix 1byte heap oobread in the brainfuck disassembler

* https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd/
* Kudos to @7resp4ss for reporting",CWE-787,Out-of-bounds Write,"The product writes data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/787.html,CVE-2023-4322,"func doesPolicySignatureMatch(formValues http.Header) (auth.Credentials, APIErrorCode) { if _, ok := formValues[""Signature""]; ok { return doesPolicySignatureV2Match(formValues) } return doesPolicySignatureV4Match(formValues) }"
230,"static void _anal_calls(RCore *core, ut64 addr, ut64 addr_end, bool printCommands, bool importsOnly) { RAnalOp op = {0}; int depth = r_config_get_i (core->config, ""anal.depth""); const int addrbytes = core->io->addrbytes; const int bsz = 4096; int bufi = 0; int bufi_max = bsz - 16; if (addr_end - addr > UT32_MAX) { return; } ut8 *buf = malloc (bsz); ut8 *block0 = calloc (1, bsz); ut8 *block1 = malloc (bsz); if (!buf || !block0 || !block1) { free (buf); free (block0); free (block1); return; } memset (block1, -1, bsz); int minop = r_anal_archinfo (core->anal, R_ANAL_ARCHINFO_MIN_OP_SIZE); if (minop < 1) { minop = 1; } int setBits = r_config_get_i (core->config, ""asm.bits""); r_cons_break_push (NULL, NULL); while (addr < addr_end && !r_cons_is_breaked ()) { if (bufi > bufi_max) { bufi = 0; } if (!bufi) { (void)r_io_read_at (core->io, addr, buf, bsz); } if (!memcmp (buf, block0, bsz) || !memcmp (buf, block1, bsz)) { addr += bsz; continue; } RAnalHint *hint = r_anal_hint_get (core->anal, addr); if (hint && hint->bits) { setBits = hint->bits; } r_anal_hint_free (hint); if (setBits != core->rasm->config->bits) { r_config_set_i (core->config, ""asm.bits"", setBits); } if (r_anal_op (core->anal, &op, addr, buf + bufi, bsz - bufi, 0) > 0) { if (op.size < 1) { op.size = minop; } if (op.type == R_ANAL_OP_TYPE_CALL) { bool isValidCall = true; if (importsOnly) { RFlagItem *f = r_flag_get_i (core->flags, op.jump); if (!f || !strstr (f->name, ""imp."")) { isValidCall = false; } } RBinReloc *rel = r_core_getreloc (core, addr, op.size); if (rel && (rel->import || rel->symbol)) { isValidCall = false; } if (isValidCall) { ut8 buf[4] = {0}; r_io_read_at (core->io, op.jump, buf, 4); isValidCall = memcmp (buf, ""\x00\x00\x00\x00"", 4); } if (isValidCall) { #if JAYRO_03 if (!anal_is_bad_call (core, from, to, addr, buf, bufi)) { fcn = r_anal_get_fcn_in (core->anal, op.jump, R_ANAL_FCN_TYPE_ROOT); if (!fcn) { r_core_anal_fcn (core, op.jump, addr, R_ANAL_REF_TYPE_CALL, depth - 1); } } #else if (printCommands) { r_cons_printf (""ax 0x%08"" PFMT64x "" 0x%08"" PFMT64x ""\n"", op.jump, addr); r_cons_printf (""af @ 0x%08"" PFMT64x""\n"", op.jump); } else { r_anal_xrefs_set (core->anal, addr, op.jump, R_ANAL_REF_TYPE_CALL); if (r_io_is_valid_offset (core->io, op.jump, 1)) { r_core_anal_fcn (core, op.jump, addr, R_ANAL_REF_TYPE_CALL, depth - 1); } } #endif } } } else { op.size = minop; } if ((int)op.size < 1) { op.size = minop; } addr += op.size; bufi += addrbytes * op.size; r_anal_op_fini (&op); } r_cons_break_pop (); free (buf); free (block0); free (block1); }",True,Go,_anal_calls,cmd_anal.c,https://github.com/radareorg/radare2,radareorg,pancake,2023-08-14 16:33:25+02:00,"Fix 1byte heap oobread in the brainfuck disassembler

* https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd/
* Kudos to @7resp4ss for reporting",CWE-787,Out-of-bounds Write,"The product writes data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/787.html,CVE-2023-4322,"func TestDoesPolicySignatureMatch(t *testing.T) { credentialTemplate := ""%s/%s/%s/s3/aws4_request"" now := UTCNow() accessKey := globalActiveCred.AccessKey testCases := []struct { form http.Header expected APIErrorCode }{ { form: http.Header{}, expected: ErrCredMalformed, }, { form: http.Header{ ""X-Amz-Credential"": []string{fmt.Sprintf(credentialTemplate, ""EXAMPLEINVALIDEXAMPL"", now.Format(yyyymmdd), globalMinioDefaultRegion)}, }, expected: ErrInvalidAccessKeyID, }, { form: http.Header{ ""X-Amz-Credential"": []string{fmt.Sprintf(credentialTemplate, accessKey, now.Format(yyyymmdd), globalMinioDefaultRegion)}, ""X-Amz-Date"": []string{now.Format(iso8601Format)}, ""X-Amz-Signature"": []string{""invalidsignature""}, ""Policy"": []string{""policy""}, }, expected: ErrSignatureDoesNotMatch, }, { form: http.Header{ ""X-Amz-Credential"": []string{ fmt.Sprintf(credentialTemplate, accessKey, now.Format(yyyymmdd), globalMinioDefaultRegion), }, ""X-Amz-Date"": []string{now.Format(iso8601Format)}, ""X-Amz-Signature"": []string{ getSignature(getSigningKey(globalActiveCred.SecretKey, now, globalMinioDefaultRegion, serviceS3), ""policy""), }, ""Policy"": []string{""policy""}, }, expected: ErrNone, }, } for i, testCase := range testCases { _, code := doesPolicySignatureMatch(testCase.form) if code != testCase.expected { t.Errorf(""(%d) expected to get %s, instead got %s"", i, niceError(testCase.expected), niceError(code)) } } }"
232,"static bool anal_fcn_data (RCore *core, const char *input) { RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); ut32 fcn_size = r_anal_function_size_from_entry (fcn); if (fcn) { int i; bool gap = false; ut64 gap_addr = UT64_MAX; char *bitmap = calloc (1, fcn_size); if (bitmap) { RAnalBlock *b; RListIter *iter; r_list_foreach (fcn->bbs, iter, b) { int f = b->addr - fcn->addr; int t = R_MIN (f + b->size, fcn_size); if (f >= 0) { while (f < t) { bitmap[f++] = 1; } } } } for (i = 0; i < fcn_size; i++) { ut64 here = fcn->addr + i; if (bitmap && bitmap[i]) { if (gap) { r_cons_printf (""Cd %d @ 0x%08""PFMT64x""\n"", here - gap_addr, gap_addr); gap = false; } gap_addr = UT64_MAX; } else { if (!gap) { gap = true; gap_addr = here; } } } if (gap) { r_cons_printf (""Cd %d @ 0x%08""PFMT64x""\n"", fcn->addr + fcn_size - gap_addr, gap_addr); } free (bitmap); return true; } return false; }",True,Go,anal_fcn_data,cmd_anal.c,https://github.com/radareorg/radare2,radareorg,GitHub,2020-03-16 17:03:22+01:00,Fix segfault in adf  (#16230),CWE-908,Use of Uninitialized Resource,The product uses or accesses a resource that has not been initialized.,https://cwe.mitre.org/data/definitions/908.html,CVE-2020-27795,"func newSignV4ChunkedReader(req *http.Request) (io.ReadCloser, APIErrorCode) { cred, seedSignature, region, seedDate, errCode := calculateSeedSignature(req) if errCode != ErrNone { return nil, errCode } return &s3ChunkedReader{ reader: bufio.NewReader(req.Body), cred: cred, seedSignature: seedSignature, seedDate: seedDate, region: region, chunkSHA256Writer: sha256.New(), buffer: make([]byte, 64*1024), }, ErrNone }"
236,"func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) { ctx := newContext(r, w, ""AddUser"") defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) vars := mux.Vars(r) accessKey := vars[""accessKey""] objectAPI := newObjectLayerFn() if objectAPI == nil || globalNotificationSys == nil { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL) return } cred, claims, owner, s3Err := validateAdminSignature(ctx, r, """") if s3Err != ErrNone { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL) return } if owner && accessKey == cred.AccessKey { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL) return } userCred, exists := globalIAMSys.GetUser(ctx, accessKey) if exists && (userCred.IsTemp() || userCred.IsServiceAccount()) { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL) return } if (cred.IsTemp() || cred.IsServiceAccount()) && cred.ParentUser == accessKey { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL) return } checkDenyOnly := false if accessKey == cred.AccessKey { checkDenyOnly = true } if !globalIAMSys.IsAllowed(iampolicy.Args{ AccountName: cred.AccessKey, Groups: cred.Groups, Action: iampolicy.CreateUserAdminAction, ConditionValues: getConditionValues(r, """", cred.AccessKey, claims), IsOwner: owner, Claims: claims, DenyOnly: checkDenyOnly, }) { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL) return } if r.ContentLength > maxEConfigJSONSize || r.ContentLength == -1 { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigTooLarge), r.URL) return } password := cred.SecretKey configBytes, err := madmin.DecryptData(password, io.LimitReader(r.Body, r.ContentLength)) if err != nil { logger.LogIf(ctx, err) writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), r.URL) return } var uinfo madmin.UserInfo if err = json.Unmarshal(configBytes, &uinfo); err != nil { logger.LogIf(ctx, err) writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), r.URL) return } if err = globalIAMSys.CreateUser(ctx, accessKey, uinfo); err != nil { writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) return } }",True,Go,AddUser,admin-handlers-users.go,https://github.com/minio/minio,minio,GitHub,2021-12-23 09:21:21-08:00,"Fix user privilege escalation bug (#13976)

The AddUser() API endpoint was accepting a policy field. 
This API is used to update a user's secret key and account 
status, and allows a regular user to update their own secret key. 

The policy update is also applied though does not appear to 
be used by any existing client-side functionality.

This fix changes the accepted request body type and removes 
the ability to apply policy changes as that is possible via the 
policy set API.

NOTE: Changing passwords can be disabled as a workaround
for this issue by adding an explicit ""Deny"" rule to disable the API
for users.",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-43858,"func checkKeyValid(r *http.Request, accessKey string) (auth.Credentials, bool, APIErrorCode) { if !globalIAMSys.Initialized() && !globalIsGateway { return auth.Credentials{}, false, ErrServerNotInitialized } cred := globalActiveCred if cred.AccessKey != accessKey { ucred, ok := globalIAMSys.GetUser(accessKey) if !ok { return cred, false, ErrInvalidAccessKeyID } cred = ucred } claims, s3Err := checkClaimsFromToken(r, cred) if s3Err != ErrNone { return cred, false, s3Err } cred.Claims = claims owner := cred.AccessKey == globalActiveCred.AccessKey return cred, owner, ErrNone }"
242,"func (sys *IAMSys) CreateUser(ctx context.Context, accessKey string, uinfo madmin.UserInfo) error { if !sys.Initialized() { return errServerNotInitialized } if sys.usersSysType != MinIOUsersSysType { return errIAMActionNotAllowed } if !auth.IsAccessKeyValid(accessKey) { return auth.ErrInvalidAccessKeyLength } if !auth.IsSecretKeyValid(uinfo.SecretKey) { return auth.ErrInvalidSecretKeyLength } err := sys.store.AddUser(ctx, accessKey, uinfo) if err != nil { return err } sys.notifyForUser(ctx, accessKey, false) return nil }",True,Go,CreateUser,iam.go,https://github.com/minio/minio,minio,GitHub,2021-12-23 09:21:21-08:00,"Fix user privilege escalation bug (#13976)

The AddUser() API endpoint was accepting a policy field. 
This API is used to update a user's secret key and account 
status, and allows a regular user to update their own secret key. 

The policy update is also applied though does not appear to 
be used by any existing client-side functionality.

This fix changes the accepted request body type and removes 
the ability to apply policy changes as that is possible via the 
policy set API.

NOTE: Changing passwords can be disabled as a workaround
for this issue by adding an explicit ""Deny"" rule to disable the API
for users.",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-43858,"func isReqAuthenticated(r *http.Request, region string) (s3Error APIErrorCode) { if errCode := reqSignatureV4Verify(r, region); errCode != ErrNone { return errCode } var ( err error contentMD5, contentSHA256 []byte ) if _, ok := r.Header[""Content-Md5""]; ok { contentMD5, err = base64.StdEncoding.Strict().DecodeString(r.Header.Get(""Content-Md5"")) if err != nil || len(contentMD5) == 0 { return ErrInvalidDigest } } if skipSHA256 := skipContentSha256Cksum(r); !skipSHA256 && isRequestPresignedSignatureV4(r) { if sha256Sum, ok := r.URL.Query()[""X-Amz-Content-Sha256""]; ok && len(sha256Sum) > 0 { contentSHA256, err = hex.DecodeString(sha256Sum[0]) if err != nil { return ErrContentSHA256Mismatch } } } else if _, ok := r.Header[""X-Amz-Content-Sha256""]; !skipSHA256 && ok { contentSHA256, err = hex.DecodeString(r.Header.Get(""X-Amz-Content-Sha256"")) if err != nil || len(contentSHA256) == 0 { return ErrContentSHA256Mismatch } } reader, err := hash.NewReader(r.Body, -1, hex.EncodeToString(contentMD5), hex.EncodeToString(contentSHA256)) if err != nil { return toAPIErrorCode(err) } r.Body = ioutil.NopCloser(reader) return ErrNone }"
243,"func TestCheckValid(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() objLayer, fsDir, err := prepareFS() if err != nil { t.Fatal(err) } defer os.RemoveAll(fsDir) if err = newTestConfig(globalMinioDefaultRegion, objLayer); err != nil { t.Fatalf(""unable initialize config file, %s"", err) } newAllSubsystems() initConfigSubsystem(ctx, objLayer) globalIAMSys.Init(ctx, objLayer, globalEtcdClient, globalNotificationSys, 2*time.Second) req, err := newTestRequest(http.MethodGet, ""http: if err != nil { t.Fatal(err) } if err = signRequestV4(req, globalActiveCred.AccessKey, globalActiveCred.SecretKey); err != nil { t.Fatal(err) } _, owner, s3Err := checkKeyValid(req, globalActiveCred.AccessKey) if s3Err != ErrNone { t.Fatalf(""Unexpected failure with %v"", errorCodes.ToAPIErr(s3Err)) } if !owner { t.Fatalf(""Expected owner to be 'true', found %t"", owner) } _, _, s3Err = checkKeyValid(req, ""does-not-exist"") if s3Err != ErrInvalidAccessKeyID { t.Fatalf(""Expected error 'ErrInvalidAccessKeyID', found %v"", s3Err) } ucreds, err := auth.CreateCredentials(""myuser1"", ""mypassword1"") if err != nil { t.Fatalf(""unable create credential, %s"", err) } globalIAMSys.CreateUser(ctx, ucreds.AccessKey, madmin.UserInfo{ SecretKey: ucreds.SecretKey, Status: madmin.AccountEnabled, }) _, owner, s3Err = checkKeyValid(req, ucreds.AccessKey) if s3Err != ErrNone { t.Fatalf(""Unexpected failure with %v"", errorCodes.ToAPIErr(s3Err)) } if owner { t.Fatalf(""Expected owner to be 'false', found %t"", owner) } }",True,Go,TestCheckValid,signature-v4-utils_test.go,https://github.com/minio/minio,minio,GitHub,2021-12-23 09:21:21-08:00,"Fix user privilege escalation bug (#13976)

The AddUser() API endpoint was accepting a policy field. 
This API is used to update a user's secret key and account 
status, and allows a regular user to update their own secret key. 

The policy update is also applied though does not appear to 
be used by any existing client-side functionality.

This fix changes the accepted request body type and removes 
the ability to apply policy changes as that is possible via the 
policy set API.

NOTE: Changing passwords can be disabled as a workaround
for this issue by adding an explicit ""Deny"" rule to disable the API
for users.",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-43858,"func TestIsReqAuthenticated(t *testing.T) { path, err := newTestConfig(globalMinioDefaultRegion) if err != nil { t.Fatalf(""unable initialize config file, %s"", err) } defer os.RemoveAll(path) creds, err := auth.CreateCredentials(""myuser"", ""mypassword"") if err != nil { t.Fatalf(""unable create credential, %s"", err) } globalServerConfig.SetCredential(creds) testCases := []struct { req *http.Request s3Error APIErrorCode }{ {mustNewRequest(""GET"", ""http: {mustNewSignedEmptyMD5Request(""PUT"", ""http: {mustNewSignedShortMD5Request(""PUT"", ""http: {mustNewSignedBadMD5Request(""PUT"", ""http: {mustNewSignedRequest(""GET"", ""http: } for i, testCase := range testCases { if s3Error := isReqAuthenticated(testCase.req, globalServerConfig.GetRegion()); s3Error != testCase.s3Error { if _, err := ioutil.ReadAll(testCase.req.Body); toAPIErrorCode(err) != testCase.s3Error { t.Fatalf(""Test %d: Unexpected S3 error: want %d - got %d (got after reading request %d)"", i, testCase.s3Error, s3Error, toAPIErrorCode(err)) } } } }"
252,"func getClaimsFromToken(r *http.Request, token string) (map[string]interface{}, error) {",True,Go,getClaimsFromToken,auth-handler.go,https://github.com/minio/minio,minio,GitHub,2021-03-03 08:47:08-08:00,fix: missing user policy enforcement in PostPolicyHandler (#11682),CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-21362,"func enforceRetentionBypassForDelete(ctx context.Context, r *http.Request, bucket string, object ObjectToDelete, oi ObjectInfo, gerr error) APIErrorCode { opts, err := getOpts(ctx, r, bucket, object.ObjectName) if err != nil { return toAPIErrorCode(ctx, err) } opts.VersionID = object.VersionID if gerr != nil { switch gerr.(type) { case MethodNotAllowed: if oi.DeleteMarker || !oi.VersionPurgeStatus.Empty() { return ErrNone } } if isErrObjectNotFound(gerr) || isErrVersionNotFound(gerr) { return ErrNone } return toAPIErrorCode(ctx, gerr) } lhold := objectlock.GetObjectLegalHoldMeta(oi.UserDefined) if lhold.Status.Valid() && lhold.Status == objectlock.LegalHoldOn { return ErrObjectLocked } ret := objectlock.GetObjectRetentionMeta(oi.UserDefined) if ret.Mode.Valid() { switch ret.Mode { case objectlock.RetCompliance: t, err := objectlock.UTCNowNTP() if err != nil { logger.LogIf(ctx, err) return ErrObjectLocked } if !ret.RetainUntilDate.Before(t) { return ErrObjectLocked } return ErrNone case objectlock.RetGovernance: byPassSet := objectlock.IsObjectLockGovernanceBypassSet(r.Header) if !byPassSet { t, err := objectlock.UTCNowNTP() if err != nil { logger.LogIf(ctx, err) return ErrObjectLocked } if !ret.RetainUntilDate.Before(t) { return ErrObjectLocked } return ErrNone } if checkRequestAuthType(ctx, r, policy.BypassGovernanceRetentionAction, bucket, object.ObjectName) != ErrNone { return ErrAccessDenied } } } return ErrNone }"
254,"func doesPolicySignatureV2Match(formValues http.Header) APIErrorCode { cred := globalActiveCred accessKey := formValues.Get(xhttp.AmzAccessKeyID) cred, _, s3Err := checkKeyValid(accessKey) if s3Err != ErrNone { return s3Err } policy := formValues.Get(""Policy"") signature := formValues.Get(xhttp.AmzSignatureV2) if !compareSignatureV2(signature, calculateSignatureV2(policy, cred.SecretKey)) { return ErrSignatureDoesNotMatch } return ErrNone }",True,Go,doesPolicySignatureV2Match,signature-v2.go,https://github.com/minio/minio,minio,GitHub,2021-03-03 08:47:08-08:00,fix: missing user policy enforcement in PostPolicyHandler (#11682),CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-21362,"func isRequestPostPolicySignatureV4(r *http.Request) bool { mediaType, _, err := mime.ParseMediaType(r.Header.Get(xhttp.ContentType)) if err != nil { return false } return mediaType == ""multipart/form-data"" && r.Method == http.MethodPost }"
255,"func TestDoesPolicySignatureV2Match(t *testing.T) { obj, fsDir, err := prepareFS() if err != nil { t.Fatal(err) } defer os.RemoveAll(fsDir) if err = newTestConfig(globalMinioDefaultRegion, obj); err != nil { t.Fatal(err) } creds := globalActiveCred policy := ""policy"" testCases := []struct { accessKey string policy string signature string errCode APIErrorCode }{ {""invalidAccessKey"", policy, calculateSignatureV2(policy, creds.SecretKey), ErrInvalidAccessKeyID}, {creds.AccessKey, policy, calculateSignatureV2(""random"", creds.SecretKey), ErrSignatureDoesNotMatch}, {creds.AccessKey, policy, calculateSignatureV2(policy, creds.SecretKey), ErrNone}, } for i, test := range testCases { formValues := make(http.Header) formValues.Set(""Awsaccesskeyid"", test.accessKey) formValues.Set(""Signature"", test.signature) formValues.Set(""Policy"", test.policy) errCode := doesPolicySignatureV2Match(formValues) if errCode != test.errCode { t.Fatalf(""(%d) expected to get %s, instead got %s"", i+1, niceError(test.errCode), niceError(errCode)) } } }",True,Go,TestDoesPolicySignatureV2Match,signature-v2_test.go,https://github.com/minio/minio,minio,GitHub,2021-03-03 08:47:08-08:00,fix: missing user policy enforcement in PostPolicyHandler (#11682),CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-21362,"func hasBadPathComponent(path string) bool { path = filepath.ToSlash(strings.TrimSpace(path)) for _, p := range strings.Split(path, SlashSeparator) { switch strings.TrimSpace(p) { case dotdotComponent: return true case dotComponent: return true } } return false }"
259,"func doesPolicySignatureV4Match(formValues http.Header) APIErrorCode { region := globalServerRegion credHeader, s3Err := parseCredentialHeader(""Credential=""+formValues.Get(xhttp.AmzCredential), region, serviceS3) if s3Err != ErrNone { return s3Err } cred, _, s3Err := checkKeyValid(credHeader.accessKey) if s3Err != ErrNone { return s3Err } signingKey := getSigningKey(cred.SecretKey, credHeader.scope.date, credHeader.scope.region, serviceS3) newSignature := getSignature(signingKey, formValues.Get(""Policy"")) if !compareSignatureV4(newSignature, formValues.Get(xhttp.AmzSignature)) { return ErrSignatureDoesNotMatch } return ErrNone }",True,Go,doesPolicySignatureV4Match,signature-v4.go,https://github.com/minio/minio,minio,GitHub,2021-03-03 08:47:08-08:00,fix: missing user policy enforcement in PostPolicyHandler (#11682),CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-21362,"func testObjectAbortMultipartUpload(obj ObjectLayer, instanceType string, t TestErrHandler) { bucket := ""minio-bucket"" object := ""minio-object"" opts := ObjectOptions{} err := obj.MakeBucket(context.Background(), bucket, MakeBucketOptions{}) if err != nil { t.Fatalf(""%s : %s"", instanceType, err.Error()) } res, err := obj.NewMultipartUpload(context.Background(), bucket, object, opts) if err != nil { t.Fatalf(""%s : %s"", instanceType, err.Error()) } uploadID := res.UploadID abortTestCases := []struct { bucketName string objName string uploadID string expectedErrType error }{ {""--"", object, uploadID, BucketNotFound{}}, {""foo"", object, uploadID, BucketNotFound{}}, {bucket, object, ""foo-foo"", InvalidUploadID{}}, {bucket, object, uploadID, nil}, } if runtime.GOOS != globalWindowsOSName { abortTestCases = append(abortTestCases, struct { bucketName string objName string uploadID string expectedErrType error }{bucket, ""\\"", uploadID, InvalidUploadID{}}) } for i, testCase := range abortTestCases { err = obj.AbortMultipartUpload(context.Background(), testCase.bucketName, testCase.objName, testCase.uploadID, opts) if testCase.expectedErrType == nil && err != nil { t.Errorf(""Test %d, unexpected err is received: %v, expected:%v\n"", i+1, err, testCase.expectedErrType) } if testCase.expectedErrType != nil && !isSameType(err, testCase.expectedErrType) { t.Errorf(""Test %d, unexpected err is received: %v, expected:%v\n"", i+1, err, testCase.expectedErrType) } } }"
260,"func doesPolicySignatureMatch(formValues http.Header) APIErrorCode { if _, ok := formValues[""Signature""]; ok { return doesPolicySignatureV2Match(formValues) } return doesPolicySignatureV4Match(formValues) }",True,Go,doesPolicySignatureMatch,signature-v4.go,https://github.com/minio/minio,minio,GitHub,2021-03-03 08:47:08-08:00,fix: missing user policy enforcement in PostPolicyHandler (#11682),CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-21362,"func main() { if len(os.Args) < 3 { fatal(usage) } cmd, filename := os.Args[1], os.Args[2] ff := archiver.MatchingFormat(filename) if ff == nil { fatalf(""%s: Unsupported file extension"", filename) } var err error switch cmd { case ""make"": if len(os.Args) < 4 { fatal(usage) } err = ff.Make(filename, os.Args[3:]) case ""open"": dest, osErr := os.Getwd() if osErr != nil { fatal(err) } if len(os.Args) == 4 { dest = os.Args[3] } else if len(os.Args) > 4 { fatal(usage) } err = ff.Open(filename, dest) default: fatal(usage) } if err != nil { fatal(err) } }"
261,"func TestDoesPolicySignatureMatch(t *testing.T) { credentialTemplate := ""%s/%s/%s/s3/aws4_request"" now := UTCNow() accessKey := globalActiveCred.AccessKey testCases := []struct { form http.Header expected APIErrorCode }{ { form: http.Header{}, expected: ErrCredMalformed, }, { form: http.Header{ ""X-Amz-Credential"": []string{fmt.Sprintf(credentialTemplate, ""EXAMPLEINVALIDEXAMPL"", now.Format(yyyymmdd), globalMinioDefaultRegion)}, }, expected: ErrInvalidAccessKeyID, }, { form: http.Header{ ""X-Amz-Credential"": []string{fmt.Sprintf(credentialTemplate, accessKey, now.Format(yyyymmdd), globalMinioDefaultRegion)}, ""X-Amz-Date"": []string{now.Format(iso8601Format)}, ""X-Amz-Signature"": []string{""invalidsignature""}, ""Policy"": []string{""policy""}, }, expected: ErrSignatureDoesNotMatch, }, { form: http.Header{ ""X-Amz-Credential"": []string{ fmt.Sprintf(credentialTemplate, accessKey, now.Format(yyyymmdd), globalMinioDefaultRegion), }, ""X-Amz-Date"": []string{now.Format(iso8601Format)}, ""X-Amz-Signature"": []string{ getSignature(getSigningKey(globalActiveCred.SecretKey, now, globalMinioDefaultRegion, serviceS3), ""policy""), }, ""Policy"": []string{""policy""}, }, expected: ErrNone, }, } for i, testCase := range testCases { code := doesPolicySignatureMatch(testCase.form) if code != testCase.expected { t.Errorf(""(%d) expected to get %s, instead got %s"", i, niceError(testCase.expected), niceError(code)) } } }",True,Go,TestDoesPolicySignatureMatch,signature-v4_test.go,https://github.com/minio/minio,minio,GitHub,2021-03-03 08:47:08-08:00,fix: missing user policy enforcement in PostPolicyHandler (#11682),CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-21362,"func (rarFormat) Read(input io.Reader, destination string) error { rr, err := rardecode.NewReader(input, """") if err != nil { return fmt.Errorf(""read: failed to create reader: %v"", err) } for { header, err := rr.Next() if err == io.EOF { break } else if err != nil { return err } err = sanitizeExtractPath(header.Name, destination) if err != nil { return err } destpath := filepath.Join(destination, header.Name) if header.IsDir { err = mkdir(destpath) if err != nil { return err } continue } err = mkdir(filepath.Dir(destpath)) if err != nil { return err } err = writeNewFile(destpath, rr, header.Mode()) if err != nil { return err } } return nil }"
263,"func newSignV4ChunkedReader(req *http.Request) (io.ReadCloser, APIErrorCode) { cred, seedSignature, region, seedDate, errCode := calculateSeedSignature(req) if errCode != ErrNone { return nil, errCode } return &s3ChunkedReader{ reader: bufio.NewReader(req.Body), cred: cred, seedSignature: seedSignature, seedDate: seedDate, region: region, chunkSHA256Writer: sha256.New(), state: readChunkHeader, }, ErrNone }",True,Go,newSignV4ChunkedReader,streaming-signature-v4.go,https://github.com/minio/minio,minio,GitHub,2021-03-16 13:33:40-07:00,"s3v4: read and verify S3 signature v4 chunks separately (#11801)

This commit fixes a security issue in the signature v4 chunked
reader. Before, the reader returned unverified data to the caller
and would only verify the chunk signature once it has encountered
the end of the chunk payload.

Now, the chunk reader reads the entire chunk into an in-memory buffer,
verifies the signature and then returns data to the caller.

In general, this is a common security problem. We verifying data
streams, the verifier MUST NOT return data to the upper layers / its
callers as long as it has not verified the current data chunk / data
segment:
```
func (r *Reader) Read(buffer []byte) {
   if err := r.readNext(r.internalBuffer); err != nil {
      return err
   }
   if err := r.verify(r.internalBuffer); err != nil {
      return err
   }
   copy(buffer, r.internalBuffer)
}
```",CWE-924,Improper Enforcement of Message Integrity During Transmission in a Communication Channel,"The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.",https://cwe.mitre.org/data/definitions/924.html,CVE-2021-21390,"func generateDataset(dest []uint32, epoch uint64, cache []uint32) { logger := log.New(""epoch"", epoch) start := time.Now() defer func() { elapsed := time.Since(start) logFn := logger.Debug if elapsed > 3*time.Second { logFn = logger.Info } logFn(""Generated ethash verification cache"", ""elapsed"", common.PrettyDuration(elapsed)) }() swapped := !isLittleEndian() header := *(*reflect.SliceHeader)(unsafe.Pointer(&dest)) header.Len *= 4 header.Cap *= 4 dataset := *(*[]byte)(unsafe.Pointer(&header)) threads := runtime.NumCPU() size := uint64(len(dataset)) var pend sync.WaitGroup pend.Add(threads) var progress uint64 for i := 0; i < threads; i++ { go func(id int) { defer pend.Done() keccak512 := makeHasher(sha3.NewLegacyKeccak512()) batch := (size + hashBytes*uint64(threads) - 1) / (hashBytes * uint64(threads)) first := uint64(id) * batch limit := first + batch if limit > size/hashBytes { limit = size / hashBytes } percent := size / hashBytes / 100 for index := first; index < limit; index++ { item := generateDatasetItem(cache, uint32(index), keccak512) if swapped { swap(item) } copy(dataset[index*hashBytes:], item) if status := atomic.AddUint64(&progress, 1); status%percent == 0 { logger.Info(""Generating DAG in progress"", ""percentage"", (status*100)/(size/hashBytes), ""elapsed"", common.PrettyDuration(time.Since(start))) } } }(i) } pend.Wait() }"
264,"func (cr *s3ChunkedReader) readS3ChunkHeader() { var hexChunkSize, hexChunkSignature []byte hexChunkSize, hexChunkSignature, cr.err = readChunkLine(cr.reader) if cr.err != nil { return } cr.n, cr.err = parseHexUint(hexChunkSize) if cr.err != nil { return } if cr.n == 0 { cr.err = io.EOF } cr.chunkSignature = string(hexChunkSignature) }",True,Go,readS3ChunkHeader,streaming-signature-v4.go,https://github.com/minio/minio,minio,GitHub,2021-03-16 13:33:40-07:00,"s3v4: read and verify S3 signature v4 chunks separately (#11801)

This commit fixes a security issue in the signature v4 chunked
reader. Before, the reader returned unverified data to the caller
and would only verify the chunk signature once it has encountered
the end of the chunk payload.

Now, the chunk reader reads the entire chunk into an in-memory buffer,
verifies the signature and then returns data to the caller.

In general, this is a common security problem. We verifying data
streams, the verifier MUST NOT return data to the upper layers / its
callers as long as it has not verified the current data chunk / data
segment:
```
func (r *Reader) Read(buffer []byte) {
   if err := r.readNext(r.internalBuffer); err != nil {
      return err
   }
   if err := r.verify(r.internalBuffer); err != nil {
      return err
   }
   copy(buffer, r.internalBuffer)
}
```",CWE-924,Improper Enforcement of Message Integrity During Transmission in a Communication Channel,"The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.",https://cwe.mitre.org/data/definitions/924.html,CVE-2021-21390,"func TestGetDynamic(t *testing.T) { savedServices := services savedGetVCSDirFn := getVCSDirFn defer func() { services = savedServices getVCSDirFn = savedGetVCSDirFn }() services = []*service{{pattern: regexp.MustCompile("".*""), get: testGet}} getVCSDirFn = testGet client := &http.Client{Transport: testTransport(testWeb)} for _, tt := range getDynamicTests { dir, err := getDynamic(context.Background(), client, tt.importPath, """") if tt.dir == nil { if err == nil { t.Errorf(""getDynamic(ctx, client, %q, etag) did not return expected error"", tt.importPath) } continue } if err != nil { t.Errorf(""getDynamic(ctx, client, %q, etag) return unexpected error: %v"", tt.importPath, err) continue } if !cmp.Equal(dir, tt.dir) { t.Errorf(""getDynamic(client, %q, etag) =\n %+v,\nwant %+v"", tt.importPath, dir, tt.dir) for i, f := range dir.Files { var want *File if i < len(tt.dir.Files) { want = tt.dir.Files[i] } t.Errorf(""file %d = %+v, want %+v"", i, f, want) } } } }"
265,"func (cr *s3ChunkedReader) Read(buf []byte) (n int, err error) { for { switch cr.state { case readChunkHeader: cr.readS3ChunkHeader() if cr.n == 0 && cr.err == io.EOF { cr.state = readChunkTrailer cr.lastChunk = true continue } if cr.err != nil { return 0, cr.err } cr.state = readChunk case readChunkTrailer: cr.err = readCRLF(cr.reader) if cr.err != nil { return 0, errMalformedEncoding } cr.state = verifyChunk case readChunk: if len(buf) == 0 { return n, nil } rbuf := buf if uint64(len(rbuf)) > cr.n { rbuf = rbuf[:cr.n] } var n0 int n0, cr.err = cr.reader.Read(rbuf) if cr.err != nil { if cr.err == io.EOF { cr.err = io.ErrUnexpectedEOF } return 0, cr.err } cr.chunkSHA256Writer.Write(rbuf[:n0]) n += n0 buf = buf[n0:] cr.n -= uint64(n0) if cr.n == 0 { cr.state = readChunkTrailer continue } case verifyChunk: hashedChunk := hex.EncodeToString(cr.chunkSHA256Writer.Sum(nil)) newSignature := getChunkSignature(cr.cred, cr.seedSignature, cr.region, cr.seedDate, hashedChunk) if !compareSignatureV4(cr.chunkSignature, newSignature) { cr.err = errSignatureMismatch return 0, cr.err } cr.seedSignature = newSignature cr.chunkSHA256Writer.Reset() if cr.lastChunk { cr.state = eofChunk } else { cr.state = readChunkHeader } case eofChunk: return n, io.EOF } } }",True,Go,Read,streaming-signature-v4.go,https://github.com/minio/minio,minio,GitHub,2021-03-16 13:33:40-07:00,"s3v4: read and verify S3 signature v4 chunks separately (#11801)

This commit fixes a security issue in the signature v4 chunked
reader. Before, the reader returned unverified data to the caller
and would only verify the chunk signature once it has encountered
the end of the chunk payload.

Now, the chunk reader reads the entire chunk into an in-memory buffer,
verifies the signature and then returns data to the caller.

In general, this is a common security problem. We verifying data
streams, the verifier MUST NOT return data to the upper layers / its
callers as long as it has not verified the current data chunk / data
segment:
```
func (r *Reader) Read(buffer []byte) {
   if err := r.readNext(r.internalBuffer); err != nil {
      return err
   }
   if err := r.verify(r.internalBuffer); err != nil {
      return err
   }
   copy(buffer, r.internalBuffer)
}
```",CWE-924,Improper Enforcement of Message Integrity During Transmission in a Communication Channel,"The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.",https://cwe.mitre.org/data/definitions/924.html,CVE-2021-21390,"func (d *partialArray) add(key string, val *lazyNode) error { if key == ""-"" { *d = append(*d, val) return nil } idx, err := strconv.Atoi(key) if err != nil { return err } ary := make([]*lazyNode, len(*d)+1) cur := *d if idx < 0 { idx *= -1 if idx > len(ary) { return fmt.Errorf(""Unable to access invalid index: %d"", idx) } idx = len(ary) - idx } if idx < 0 || idx >= len(ary) || idx > len(cur) { return fmt.Errorf(""Unable to access invalid index: %d"", idx) } copy(ary[0:idx], cur[0:idx]) ary[idx] = val copy(ary[idx+1:], cur[idx:]) *d = ary return nil }"
267,"func (cs chunkState) String() string { stateString := """" switch cs { case readChunkHeader: stateString = ""readChunkHeader"" case readChunkTrailer: stateString = ""readChunkTrailer"" case readChunk: stateString = ""readChunk"" case verifyChunk: stateString = ""verifyChunk"" case eofChunk: stateString = ""eofChunk"" } return stateString }",True,Go,String,streaming-signature-v4.go,https://github.com/minio/minio,minio,GitHub,2021-03-16 13:33:40-07:00,"s3v4: read and verify S3 signature v4 chunks separately (#11801)

This commit fixes a security issue in the signature v4 chunked
reader. Before, the reader returned unverified data to the caller
and would only verify the chunk signature once it has encountered
the end of the chunk payload.

Now, the chunk reader reads the entire chunk into an in-memory buffer,
verifies the signature and then returns data to the caller.

In general, this is a common security problem. We verifying data
streams, the verifier MUST NOT return data to the upper layers / its
callers as long as it has not verified the current data chunk / data
segment:
```
func (r *Reader) Read(buffer []byte) {
   if err := r.readNext(r.internalBuffer); err != nil {
      return err
   }
   if err := r.verify(r.internalBuffer); err != nil {
      return err
   }
   copy(buffer, r.internalBuffer)
}
```",CWE-924,Improper Enforcement of Message Integrity During Transmission in a Communication Channel,"The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.",https://cwe.mitre.org/data/definitions/924.html,CVE-2021-21390,func (s *Shm) MarkDestroyed() { s.mu.Lock() defer s.mu.Unlock() s.key = linux.IPC_PRIVATE if !s.pendingDestruction { s.pendingDestruction = true s.DecRef() } }
269,"func checkKeyValid(r *http.Request, accessKey string) (auth.Credentials, bool, APIErrorCode) { if !globalIAMSys.Initialized() && !globalIsGateway { return auth.Credentials{}, false, ErrServerNotInitialized } var owner = true var cred = globalActiveCred if cred.AccessKey != accessKey { ucred, ok := globalIAMSys.GetUser(accessKey) if !ok { return cred, false, ErrInvalidAccessKeyID } cred = ucred } claims, s3Err := checkClaimsFromToken(r, cred) if s3Err != ErrNone { return cred, false, s3Err } if len(claims) > 0 { cred.Claims = claims if _, ok := claims[iampolicy.SessionPolicyName]; ok { owner = false } else { owner = cred.AccessKey == cred.ParentUser } } return cred, owner, ErrNone }",True,Go,checkKeyValid,signature-v4-utils.go,https://github.com/minio/minio,minio,GitHub,2021-10-12 13:18:02-07:00,"checkKeyValid() should return owner true for rootCreds (#13422)

Looks like policy restriction was not working properly
for normal users when they are not svc or STS accounts.

- svc accounts are now properly fixed to get
  right permissions when its inherited, so
  we do not have to set 'owner = true'

- sts accounts have always been using right
  permissions, do not need an explicit lookup

- regular users always have proper policy mapping",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2021-41137,"func Shmctl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { id := args[0].Int() cmd := args[1].Int() buf := args[2].Pointer() r := t.IPCNamespace().ShmRegistry() switch cmd { case linux.SHM_STAT: fallthrough case linux.IPC_STAT: segment, err := findSegment(t, id) if err != nil { return 0, nil, syserror.EINVAL } stat, err := segment.IPCStat(t) if err == nil { _, err = t.CopyOut(buf, stat) } return 0, nil, err case linux.IPC_INFO: params := r.IPCInfo() _, err := t.CopyOut(buf, params) return 0, nil, err case linux.SHM_INFO: info := r.ShmInfo() _, err := t.CopyOut(buf, info) return 0, nil, err } segment, err := findSegment(t, id) if err != nil { return 0, nil, syserror.EINVAL } switch cmd { case linux.IPC_SET: var ds linux.ShmidDS _, err = t.CopyIn(buf, &ds) if err != nil { return 0, nil, err } err = segment.Set(t, &ds) return 0, nil, err case linux.IPC_RMID: segment.MarkDestroyed() return 0, nil, nil case linux.SHM_LOCK, linux.SHM_UNLOCK: t.Kernel().EmitUnimplementedEvent(t) return 0, nil, nil default: return 0, nil, syserror.EINVAL } }"
275,"func TestIsReqAuthenticated(t *testing.T) { path, err := newTestConfig(globalMinioDefaultRegion) if err != nil { t.Fatalf(""unable initialize config file, %s"", err) } defer os.RemoveAll(path) creds, err := auth.CreateCredentials(""myuser"", ""mypassword"") if err != nil { t.Fatalf(""unable create credential, %s"", err) } globalServerConfig.SetCredential(creds) testCases := []struct { req *http.Request s3Error APIErrorCode }{ {nil, ErrInternalError}, {mustNewRequest(""GET"", ""http: {mustNewSignedEmptyMD5Request(""PUT"", ""http: {mustNewSignedShortMD5Request(""PUT"", ""http: {mustNewSignedBadMD5Request(""PUT"", ""http: {mustNewSignedRequest(""GET"", ""http: } for _, testCase := range testCases { if s3Error := isReqAuthenticated(testCase.req, globalServerConfig.GetRegion()); s3Error != testCase.s3Error { t.Fatalf(""Unexpected s3error returned wanted %d, got %d"", testCase.s3Error, s3Error) } } }",True,Go,TestIsReqAuthenticated,auth-handler_test.go,https://github.com/minio/minio,minio,Dee Koder,2018-05-18 11:27:25-07:00,"security: fix write-to-RAM DoS vulnerability (#5957)

This commit fixes a DoS vulnerability for certain APIs using
signature V4 by verifying the content-md5 and/or content-sha56 of
the request body in a streaming mode.

The issue was caused by reading the entire body of the request into
memory to verify the content-md5 or content-sha56 checksum if present.

The vulnerability could be exploited by either replaying a V4 request
(in the 15 min time frame) or sending a V4 presigned request with a
large body.",CWE-774,Allocation of File Descriptors or Handles Without Limits or Throttling,"The product allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/774.html,CVE-2018-1000538,"func inHeadIM(p *parser) bool { switch p.tok.Type { case TextToken: s := strings.TrimLeft(p.tok.Data, whitespace) if len(s) < len(p.tok.Data) { p.addText(p.tok.Data[:len(p.tok.Data)-len(s)]) if s == """" { return true } p.tok.Data = s } case StartTagToken: switch p.tok.DataAtom { case a.Html: return inBodyIM(p) case a.Base, a.Basefont, a.Bgsound, a.Link, a.Meta: p.addElement() p.oe.pop() p.acknowledgeSelfClosingTag() return true case a.Noscript: if p.scripting { p.parseGenericRawTextElement() return true } p.addElement() p.im = inHeadNoscriptIM p.tokenizer.NextIsNotRawText() return true case a.Script, a.Title: p.addElement() p.setOriginalIM() p.im = textIM return true case a.Noframes, a.Style: p.parseGenericRawTextElement() return true case a.Head: return true case a.Template: for _, e := range p.oe { if e.Namespace != """" { p.im = ignoreTheRemainingTokens return true } } p.addElement() p.afe = append(p.afe, &scopeMarker) p.framesetOK = false p.im = inTemplateIM p.templateStack = append(p.templateStack, inTemplateIM) return true } case EndTagToken: switch p.tok.DataAtom { case a.Head: p.oe.pop() p.im = afterHeadIM return true case a.Body, a.Html, a.Br: p.parseImpliedToken(EndTagToken, a.Head, a.Head.String()) return false case a.Template: if !p.oe.contains(a.Template) { return true } p.generateImpliedEndTags() for i := len(p.oe) - 1; i >= 0; i-- { if n := p.oe[i]; n.Namespace == """" && n.DataAtom == a.Template { p.oe = p.oe[:i] break } } p.clearActiveFormattingElements() p.templateStack.pop() p.resetInsertionMode() return true default: return true } case CommentToken: p.addChild(&Node{ Type: CommentNode, Data: p.tok.Data, }) return true case DoctypeToken: return true } p.parseImpliedToken(EndTagToken, a.Head, a.Head.String()) return false }"
277,"func NewReader(src io.Reader, size int64, md5Hex, sha256Hex string) (*Reader, error) { if _, ok := src.(*Reader); ok { return nil, errNestedReader } sha256sum, err := hex.DecodeString(sha256Hex) if err != nil { return nil, SHA256Mismatch{} } md5sum, err := hex.DecodeString(md5Hex) if err != nil { return nil, BadDigest{} } var sha256Hash hash.Hash if len(sha256sum) != 0 { sha256Hash = sha256.New() } return &Reader{ md5sum: md5sum, sha256sum: sha256sum, src: io.LimitReader(src, size), size: size, md5Hash: md5.New(), sha256Hash: sha256Hash, }, nil }",True,Go,NewReader,reader.go,https://github.com/minio/minio,minio,Dee Koder,2018-05-18 11:27:25-07:00,"security: fix write-to-RAM DoS vulnerability (#5957)

This commit fixes a DoS vulnerability for certain APIs using
signature V4 by verifying the content-md5 and/or content-sha56 of
the request body in a streaming mode.

The issue was caused by reading the entire body of the request into
memory to verify the content-md5 or content-sha56 checksum if present.

The vulnerability could be exploited by either replaying a V4 request
(in the 15 min time frame) or sending a V4 presigned request with a
large body.",CWE-774,Allocation of File Descriptors or Handles Without Limits or Throttling,"The product allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/774.html,CVE-2018-1000538,"func (net *Network) checkTopicRegister(data *topicRegister) (*pong, error) { var pongpkt ingressPacket if err := decodePacket(data.Pong, &pongpkt); err != nil { return nil, err } if pongpkt.ev != pongPacket { return nil, errors.New(""is not pong packet"") } if pongpkt.remoteID != net.tab.self.ID { return nil, errors.New(""not signed by us"") } hash, _, _ := wireHash(data.Topics) if hash != pongpkt.data.(*pong).TopicHash { return nil, errors.New(""topic hash mismatch"") } if int(data.Idx) < 0 || int(data.Idx) >= len(data.Topics) { return nil, errors.New(""topic index out of range"") } return pongpkt.data.(*pong), nil }"
279,"func enforceRetentionBypassForDelete(ctx context.Context, r *http.Request, bucket string, object ObjectToDelete, oi ObjectInfo, gerr error) APIErrorCode { opts, err := getOpts(ctx, r, bucket, object.ObjectName) if err != nil { return toAPIErrorCode(ctx, err) } opts.VersionID = object.VersionID if gerr != nil { switch gerr.(type) { case MethodNotAllowed: if oi.DeleteMarker || !oi.VersionPurgeStatus.Empty() { return ErrNone } } if isErrObjectNotFound(gerr) || isErrVersionNotFound(gerr) { return ErrNone } return toAPIErrorCode(ctx, gerr) } lhold := objectlock.GetObjectLegalHoldMeta(oi.UserDefined) if lhold.Status.Valid() && lhold.Status == objectlock.LegalHoldOn { return ErrObjectLocked } ret := objectlock.GetObjectRetentionMeta(oi.UserDefined) if ret.Mode.Valid() { switch ret.Mode { case objectlock.RetCompliance: t, err := objectlock.UTCNowNTP() if err != nil { logger.LogIf(ctx, err) return ErrObjectLocked } if !ret.RetainUntilDate.Before(t) { return ErrObjectLocked } return ErrNone case objectlock.RetGovernance: byPassSet := objectlock.IsObjectLockGovernanceBypassSet(r.Header) if !byPassSet { t, err := objectlock.UTCNowNTP() if err != nil { logger.LogIf(ctx, err) return ErrObjectLocked } if !ret.RetainUntilDate.Before(t) { return ErrObjectLocked } return ErrNone } govBypassPerms1 := checkRequestAuthType(ctx, r, policy.BypassGovernanceRetentionAction, bucket, object.ObjectName) govBypassPerms2 := checkRequestAuthType(ctx, r, policy.GetBucketObjectLockConfigurationAction, bucket, object.ObjectName) if govBypassPerms1 != ErrNone && govBypassPerms2 != ErrNone { return ErrAccessDenied } } } return ErrNone }",True,Go,enforceRetentionBypassForDelete,bucket-object-lock.go,https://github.com/minio/minio,minio,GitHub,2023-02-17 07:41:34+05:18,fix: evaluate BypassGov policy action in deletion correctly (#16635),NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2023-25812,"func SanitizePath(path string) string { path = strings.TrimLeft(path, ""/"") path = strings.Replace(path, ""../"", """", -1) return path }"
282,"func isRequestPostPolicySignatureV4(r *http.Request) bool { return strings.Contains(r.Header.Get(xhttp.ContentType), ""multipart/form-data"") && r.Method == http.MethodPost }",True,Go,isRequestPostPolicySignatureV4,auth-handler.go,https://github.com/minio/minio,minio,GitHub,2023-03-19 21:15:20-07:00,fix: post policy request security bypass (#16849),NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2023-28434,"func MakeEmailPrimary(userID int64, email *EmailAddress) error { has, err := x.Get(email) if err != nil { return err } else if !has { return errors.EmailNotFound{Email: email.Email} } if email.UID != userID { return errors.New(""not the owner of the email"") } if !email.IsActivated { return errors.EmailNotVerified{Email: email.Email} } user := &User{ID: email.UID} has, err = x.Get(user) if err != nil { return err } else if !has { return errors.UserNotExist{UserID: email.UID} } formerPrimaryEmail := &EmailAddress{Email: user.Email} has, err = x.Get(formerPrimaryEmail) if err != nil { return err } sess := x.NewSession() defer sess.Close() if err = sess.Begin(); err != nil { return err } if !has { formerPrimaryEmail.UID = user.ID formerPrimaryEmail.IsActivated = user.IsActive if _, err = sess.Insert(formerPrimaryEmail); err != nil { return err } } user.Email = email.Email if _, err = sess.ID(user.ID).AllCols().Update(user); err != nil { return err } return sess.Commit() }"
284,"func hasBadPathComponent(path string) bool { path = strings.TrimSpace(path) for _, p := range strings.Split(path, SlashSeparator) { switch strings.TrimSpace(p) { case dotdotComponent: return true case dotComponent: return true } } return false }",True,Go,hasBadPathComponent,generic-handlers.go,https://github.com/minio/minio,minio,GitHub,2023-03-20 00:35:25-07:00,fix: convert '\' to '/' on windows (#16852),NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2023-28433,"func SettingsEmailPost(c *context.Context, f form.AddEmail) { c.Title(""settings.emails"") c.PageIs(""SettingsEmails"") if c.Query(""_method"") == ""PRIMARY"" { if err := db.MakeEmailPrimary(c.UserID(), &db.EmailAddress{ID: c.QueryInt64(""id"")}); err != nil { c.ServerError(""MakeEmailPrimary"", err) return } c.SubURLRedirect(""/user/settings/email"") return } emails, err := db.GetEmailAddresses(c.User.ID) if err != nil { c.ServerError(""GetEmailAddresses"", err) return } c.Data[""Emails""] = emails if c.HasError() { c.Success(SETTINGS_EMAILS) return } emailAddr := &db.EmailAddress{ UID: c.User.ID, Email: f.Email, IsActivated: !conf.Auth.RequireEmailConfirmation, } if err := db.AddEmailAddress(emailAddr); err != nil { if db.IsErrEmailAlreadyUsed(err) { c.RenderWithErr(c.Tr(""form.email_been_used""), SETTINGS_EMAILS, &f) } else { c.ServerError(""AddEmailAddress"", err) } return } if conf.Auth.RequireEmailConfirmation { email.SendActivateEmailMail(c.Context, db.NewMailerUser(c.User), emailAddr.Email) if err := c.Cache.Put(""MailResendLimit_""+c.User.LowerName, c.User.LowerName, 180); err != nil { log.Error(""Set cache 'MailResendLimit' failed: %v"", err) } c.Flash.Info(c.Tr(""settings.add_email_confirmation_sent"", emailAddr.Email, conf.Auth.ActivateCodeLives/60)) } else { c.Flash.Success(c.Tr(""settings.add_email_success"")) } c.SubURLRedirect(""/user/settings/email"") }"
287,"func testObjectAbortMultipartUpload(obj ObjectLayer, instanceType string, t TestErrHandler) { bucket := ""minio-bucket"" object := ""minio-object"" opts := ObjectOptions{} err := obj.MakeBucket(context.Background(), bucket, MakeBucketOptions{}) if err != nil { t.Fatalf(""%s : %s"", instanceType, err.Error()) } res, err := obj.NewMultipartUpload(context.Background(), bucket, object, opts) if err != nil { t.Fatalf(""%s : %s"", instanceType, err.Error()) } uploadID := res.UploadID abortTestCases := []struct { bucketName string objName string uploadID string expectedErrType error }{ {""--"", object, uploadID, BucketNotFound{}}, {""foo"", object, uploadID, BucketNotFound{}}, {bucket, object, ""foo-foo"", InvalidUploadID{}}, {bucket, ""\\"", uploadID, InvalidUploadID{}}, {bucket, object, uploadID, nil}, } for i, testCase := range abortTestCases { err = obj.AbortMultipartUpload(context.Background(), testCase.bucketName, testCase.objName, testCase.uploadID, opts) if testCase.expectedErrType == nil && err != nil { t.Errorf(""Test %d, unexpected err is received: %v, expected:%v\n"", i+1, err, testCase.expectedErrType) } if testCase.expectedErrType != nil && !isSameType(err, testCase.expectedErrType) { t.Errorf(""Test %d, unexpected err is received: %v, expected:%v\n"", i+1, err, testCase.expectedErrType) } } }",True,Go,testObjectAbortMultipartUpload,object-api-multipart_test.go,https://github.com/minio/minio,minio,GitHub,2023-03-20 13:16:00-07:00,reject object names with '\' on windows (#16856),NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2023-28433,"func (err ErrInvalidCloneAddr) Error() string { return fmt.Sprintf(""invalid clone address [is_url_error: %v, is_invalid_path: %v, is_permission_denied: %v, is_blocked_local_address: %v]"", err.IsURLError, err.IsInvalidPath, err.IsPermissionDenied, err.IsBlockedLocalAddress) }"
291,"func main() { if len(os.Args) < 3 { fatal(usage) } cmd, filename := os.Args[1], os.Args[2] ff := archiver.MatchingFormat(filename) if ff == nil { fatalf(""%s: Unsupported file extension"", filename) } var err error switch cmd { case ""make"": if len(os.Args) < 4 { fatal(usage) } err = ff.Make(filename, os.Args[3:]) case ""open"": dest := """" if len(os.Args) == 4 { dest = os.Args[3] } else if len(os.Args) > 4 { fatal(usage) } err = ff.Open(filename, dest) default: fatal(usage) } if err != nil { fatal(err) } }",True,Go,main,main.go,https://github.com/mholt/archiver,mholt,Matt Holt,2018-04-17 16:02:35-06:00,"fix: prevent extraction of archived files outside target path (#65)

* fix: prevent extraction of archived files outside target path

* CR: consolidate the path sanitaiton logic",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2018-1002207,"func (f MigrateRepo) ParseRemoteAddr(user *db.User) (string, error) { remoteAddr := strings.TrimSpace(f.CloneAddr) if strings.HasPrefix(remoteAddr, ""http: strings.HasPrefix(remoteAddr, ""https: strings.HasPrefix(remoteAddr, ""git: u, err := url.Parse(remoteAddr) if err != nil { return """", db.ErrInvalidCloneAddr{IsURLError: true} } if netutil.IsBlockedLocalHostname(u.Hostname(), conf.Security.LocalNetworkAllowlist) { return """", db.ErrInvalidCloneAddr{IsBlockedLocalAddress: true} } if len(f.AuthUsername)+len(f.AuthPassword) > 0 { u.User = url.UserPassword(f.AuthUsername, f.AuthPassword) } if u.Scheme == ""git"" && (strings.Contains(remoteAddr, ""%0d"") || strings.Contains(remoteAddr, ""%0a"")) { return """", db.ErrInvalidCloneAddr{IsURLError: true} } remoteAddr = u.String() } else if !user.CanImportLocal() { return """", db.ErrInvalidCloneAddr{IsPermissionDenied: true} } else if !com.IsDir(remoteAddr) { return """", db.ErrInvalidCloneAddr{IsInvalidPath: true} } return remoteAddr, nil }"
293,"func (rarFormat) Read(input io.Reader, destination string) error { rr, err := rardecode.NewReader(input, """") if err != nil { return fmt.Errorf(""read: failed to create reader: %v"", err) } for { header, err := rr.Next() if err == io.EOF { break } else if err != nil { return err } if header.IsDir { err = mkdir(filepath.Join(destination, header.Name)) if err != nil { return err } continue } err = mkdir(filepath.Dir(filepath.Join(destination, header.Name))) if err != nil { return err } err = writeNewFile(filepath.Join(destination, header.Name), rr, header.Mode()) if err != nil { return err } } return nil }",True,Go,Read,rar.go,https://github.com/mholt/archiver,mholt,Matt Holt,2018-04-17 16:02:35-06:00,"fix: prevent extraction of archived files outside target path (#65)

* fix: prevent extraction of archived files outside target path

* CR: consolidate the path sanitaiton logic",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2018-1002207,"func TestIsLocalHostname(t *testing.T) { tests := []struct { hostname string allowlist []string want bool }{ {hostname: ""localhost"", want: true}, {hostname: ""127.0.0.1"", want: true}, {hostname: ""::1"", want: true}, {hostname: ""0:0:0:0:0:0:0:1"", want: true}, {hostname: ""fuf.me"", want: true}, {hostname: ""127.0.0.95"", want: true}, {hostname: ""0.0.0.0"", want: true}, {hostname: ""192.168.123.45"", want: true}, {hostname: ""gogs.io"", want: false}, {hostname: ""google.com"", want: false}, {hostname: ""165.232.140.255"", want: false}, {hostname: ""192.168.123.45"", allowlist: []string{""10.0.0.17""}, want: true}, {hostname: ""gogs.local"", allowlist: []string{""gogs.local""}, want: false}, } for _, test := range tests { t.Run("""", func(t *testing.T) { assert.Equal(t, test.want, IsBlockedLocalHostname(test.hostname, test.allowlist)) }) } }"
297,"func generateDataset(dest []uint32, epoch uint64, cache []uint32) { logger := log.New(""epoch"", epoch) start := time.Now() defer func() { elapsed := time.Since(start) logFn := logger.Debug if elapsed > 3*time.Second { logFn = logger.Info } logFn(""Generated ethash verification cache"", ""elapsed"", common.PrettyDuration(elapsed)) }() swapped := !isLittleEndian() header := *(*reflect.SliceHeader)(unsafe.Pointer(&dest)) header.Len *= 4 header.Cap *= 4 dataset := *(*[]byte)(unsafe.Pointer(&header)) threads := runtime.NumCPU() size := uint64(len(dataset)) var pend sync.WaitGroup pend.Add(threads) var progress uint64 for i := 0; i < threads; i++ { go func(id int) { defer pend.Done() keccak512 := makeHasher(sha3.NewLegacyKeccak512()) batch := uint32((size + hashBytes*uint64(threads) - 1) / (hashBytes * uint64(threads))) first := uint32(id) * batch limit := first + batch if limit > uint32(size/hashBytes) { limit = uint32(size / hashBytes) } percent := size / hashBytes / 100 for index := first; index < limit; index++ { item := generateDatasetItem(cache, index, keccak512) if swapped { swap(item) } copy(dataset[index*hashBytes:], item) if status := atomic.AddUint64(&progress, 1); status%percent == 0 { logger.Info(""Generating DAG in progress"", ""percentage"", (status*100)/(size/hashBytes), ""elapsed"", common.PrettyDuration(time.Since(start))) } } }(i) } pend.Wait() }",True,Go,generateDataset,algorithm.go,https://github.com/ethereum/go-ethereum,ethereum,GitHub,2020-11-11 21:13:12+01:00,"consensus/ethash: use 64bit indexes for the DAG generation (#21793)

* Bit boundary fix for the DAG generation routine

* Fix unnecessary conversion warnings

Co-authored-by: Sergey Pavlov <spavlov@gmail.com>",CWE-682,Incorrect Calculation,The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.,https://cwe.mitre.org/data/definitions/682.html,CVE-2020-26240,"func MigratePost(c *context.Context, f form.MigrateRepo) { c.Data[""Title""] = c.Tr(""new_migrate"") ctxUser := checkContextUser(c, f.Uid) if c.Written() { return } c.Data[""ContextUser""] = ctxUser if c.HasError() { c.Success(MIGRATE) return } remoteAddr, err := f.ParseRemoteAddr(c.User) if err != nil { if db.IsErrInvalidCloneAddr(err) { c.Data[""Err_CloneAddr""] = true addrErr := err.(db.ErrInvalidCloneAddr) switch { case addrErr.IsURLError: c.RenderWithErr(c.Tr(""repo.migrate.clone_address"")+c.Tr(""form.url_error""), MIGRATE, &f) case addrErr.IsPermissionDenied: c.RenderWithErr(c.Tr(""repo.migrate.permission_denied""), MIGRATE, &f) case addrErr.IsInvalidPath: c.RenderWithErr(c.Tr(""repo.migrate.invalid_local_path""), MIGRATE, &f) case addrErr.IsBlockedLocalAddress: c.RenderWithErr(c.Tr(""repo.migrate.clone_address_resolved_to_blocked_local_address""), MIGRATE, &f) default: c.Error(err, ""unexpected error"") } } else { c.Error(err, ""parse remote address"") } return } repo, err := db.MigrateRepository(c.User, ctxUser, db.MigrateRepoOptions{ Name: f.RepoName, Description: f.Description, IsPrivate: f.Private || conf.Repository.ForcePrivate, IsUnlisted: f.Unlisted, IsMirror: f.Mirror, RemoteAddr: remoteAddr, }) if err == nil { log.Trace(""Repository migrated [%d]: %s/%s"", repo.ID, ctxUser.Name, f.RepoName) c.Redirect(conf.Server.Subpath + ""/"" + ctxUser.Name + ""/"" + f.RepoName) return } if repo != nil { if errDelete := db.DeleteRepository(ctxUser.ID, repo.ID); errDelete != nil { log.Error(""DeleteRepository: %v"", errDelete) } } if strings.Contains(err.Error(), ""Authentication failed"") || strings.Contains(err.Error(), ""could not read Username"") { c.Data[""Err_Auth""] = true c.RenderWithErr(c.Tr(""form.auth_failed"", db.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f) return } else if strings.Contains(err.Error(), ""fatal:"") { c.Data[""Err_CloneAddr""] = true c.RenderWithErr(c.Tr(""repo.migrate.failed"", db.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f) return } handleCreateError(c, ctxUser, err, ""MigratePost"", MIGRATE, &f) }"
300,"func TestGetDynamic(t *testing.T) { savedServices := services savedGetVCSDirFn := getVCSDirFn defer func() { services = savedServices getVCSDirFn = savedGetVCSDirFn }() services = []*service{{pattern: regexp.MustCompile("".*""), get: testGet}} getVCSDirFn = testGet client := &http.Client{Transport: testTransport(testWeb)} for _, tt := range getDynamicTests { dir, err := getDynamic(context.Background(), client, tt.importPath, """") if tt.dir == nil { if err == nil { t.Errorf(""getDynamic(client, %q, etag) did not return expected error"", tt.importPath) } continue } if err != nil { t.Errorf(""getDynamic(client, %q, etag) return unexpected error: %v"", tt.importPath, err) continue } if !cmp.Equal(dir, tt.dir) { t.Errorf(""getDynamic(client, %q, etag) =\n %+v,\nwant %+v"", tt.importPath, dir, tt.dir) for i, f := range dir.Files { var want *File if i < len(tt.dir.Files) { want = tt.dir.Files[i] } t.Errorf(""file %d = %+v, want %+v"", i, f, want) } } } }",True,Go,TestGetDynamic,gosrc_test.go,https://github.com/golang/gddo,golang,Filippo Valsorda,2018-07-03 17:44:36+00:00,"gosrc: validate repo from meta

Fixes CVE-2018-12976.

Change-Id: I6b87ab692915d46ba4f668ab848473de9b054c8a
Reviewed-on: https://go-review.googlesource.com/121358
Reviewed-by: Filippo Valsorda <filippo@golang.org>",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2018-12976,"func validateWebhook(l macaron.Locale, w *db.Webhook) (field, msg string, ok bool) { payloadURL, err := url.Parse(w.URL) if err != nil { return ""PayloadURL"", l.Tr(""repo.settings.webhook.err_cannot_parse_payload_url"", err), false } if netutil.IsBlockedLocalHostname(payloadURL.Hostname(), conf.Security.LocalNetworkAllowlist) { return ""PayloadURL"", l.Tr(""repo.settings.webhook.url_resolved_to_blocked_local_address""), false } return """", """", true }"
303,"func (d *partialArray) add(key string, val *lazyNode) error { if key == ""-"" { *d = append(*d, val) return nil } idx, err := strconv.Atoi(key) if err != nil { return err } ary := make([]*lazyNode, len(*d)+1) cur := *d if idx < 0 { idx *= -1 if idx > len(ary) { return fmt.Errorf(""Unable to access invalid index: %d"", idx) } idx = len(ary) - idx } copy(ary[0:idx], cur[0:idx]) ary[idx] = val copy(ary[idx+1:], cur[idx:]) *d = ary return nil }",True,Go,add,patch.go,https://github.com/evanphx/json-patch,evanphx,Guoliang Wang,2018-05-25 22:54:09+08:00,fix check idx index,CWE-787,Out-of-bounds Write,"The product writes data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/787.html,CVE-2018-14632,"func validateAndCreateWebhook(c *context.Context, orCtx *orgRepoContext, w *db.Webhook) { c.Data[""Webhook""] = w if c.HasError() { c.Success(orCtx.TmplNew) return } field, msg, ok := validateWebhook(c.Locale, w) if !ok { c.FormErr(field) c.RenderWithErr(msg, orCtx.TmplNew, nil) return } if err := w.UpdateEvent(); err != nil { c.Error(err, ""update event"") return } else if err := db.CreateWebhook(w); err != nil { c.Error(err, ""create webhook"") return } c.Flash.Success(c.Tr(""repo.settings.add_hook_success"")) c.Redirect(orCtx.Link + ""/settings/hooks"") }"
304,func (s *Shm) MarkDestroyed() { s.mu.Lock() defer s.mu.Unlock() s.key = linux.IPC_PRIVATE s.pendingDestruction = true s.DecRef() },True,Go,MarkDestroyed,shm.go,https://github.com/google/gvisor,google,Shentubot,2018-11-01 15:54:14-07:00,"Prevent premature destruction of shm segments.

Shm segments can be marked for lazy destruction via shmctl(IPC_RMID),
which destroys a segment once it is no longer attached to any
processes. We were unconditionally decrementing the segment refcount
on shmctl(IPC_RMID) which allowed a user to force a segment to be
destroyed by repeatedly calling shmctl(IPC_RMID), with outstanding
memory maps to the segment.

This is problematic because the memory released by a segment destroyed
this way can be reused by a different process while remaining
accessible by the process with outstanding maps to the segment.

PiperOrigin-RevId: 219713660
Change-Id: I443ab838322b4fb418ed87b2722c3413ead21845",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2018-19333,"func validateAndUpdateWebhook(c *context.Context, orCtx *orgRepoContext, w *db.Webhook) { c.Data[""Webhook""] = w if c.HasError() { c.Success(orCtx.TmplNew) return } field, msg, ok := validateWebhook(c.Locale, w) if !ok { c.FormErr(field) c.RenderWithErr(msg, orCtx.TmplNew, nil) return } if err := w.UpdateEvent(); err != nil { c.Error(err, ""update event"") return } else if err := db.UpdateWebhook(w); err != nil { c.Error(err, ""update webhook"") return } c.Flash.Success(c.Tr(""repo.settings.update_hook_success"")) c.Redirect(fmt.Sprintf(""%s/settings/hooks/%d"", orCtx.Link, w.ID)) }"
307,"func Shmctl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { id := args[0].Int() cmd := args[1].Int() buf := args[2].Pointer() r := t.IPCNamespace().ShmRegistry() switch cmd { case linux.SHM_STAT: fallthrough case linux.IPC_STAT: segment, err := findSegment(t, id) if err != nil { return 0, nil, syserror.EINVAL } stat, err := segment.IPCStat(t) if err == nil { _, err = t.CopyOut(buf, stat) } return 0, nil, err case linux.IPC_INFO: params := r.IPCInfo() _, err := t.CopyOut(buf, params) return 0, nil, err case linux.SHM_INFO: info := r.ShmInfo() _, err := t.CopyOut(buf, info) return 0, nil, err } segment, err := findSegment(t, id) if err != nil { return 0, nil, syserror.EINVAL } switch cmd { case linux.IPC_SET: var ds linux.ShmidDS _, err = t.CopyIn(buf, &ds) if err != nil { return 0, nil, err } err = segment.Set(t, &ds) return 0, nil, err case linux.IPC_RMID: segment.MarkDestroyed() return 0, nil, nil case linux.SHM_LOCK, linux.SHM_UNLOCK: t.Kernel().EmitUnimplementedEvent(t) return 0, nil, nil default: return 0, nil, syserror.EINVAL } }",True,Go,Shmctl,sys_shm.go,https://github.com/google/gvisor,google,Shentubot,2018-11-01 15:54:14-07:00,"Prevent premature destruction of shm segments.

Shm segments can be marked for lazy destruction via shmctl(IPC_RMID),
which destroys a segment once it is no longer attached to any
processes. We were unconditionally decrementing the segment refcount
on shmctl(IPC_RMID) which allowed a user to force a segment to be
destroyed by repeatedly calling shmctl(IPC_RMID), with outstanding
memory maps to the segment.

This is problematic because the memory released by a segment destroyed
this way can be reused by a different process while remaining
accessible by the process with outstanding maps to the segment.

PiperOrigin-RevId: 219713660
Change-Id: I443ab838322b4fb418ed87b2722c3413ead21845",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2018-19333,"func isRepositoryGitPath(path string) bool { return strings.HasSuffix(path, "".git"") || strings.Contains(path, "".git/"") || strings.Contains(path, `.git\`) || strings.HasSuffix(path, "".git."") || strings.Contains(path, "".git./"") || strings.Contains(path, `.git.\`) }"
309,"s := strings.Map(func(c rune) rune { switch c { case ' ', '\t', '\n', '\f', '\r': return c } return -1 }, p.tok.Data) if s != """" { p.addText(s) } case StartTagToken: switch p.tok.DataAtom { case a.Html: return inBodyIM(p) case a.Frameset: p.addElement() case a.Frame: p.addElement() p.oe.pop() p.acknowledgeSelfClosingTag() case a.Noframes: return inHeadIM(p) case a.Template: return inTemplateIM(p) } case EndTagToken: switch p.tok.DataAtom { case a.Frameset: if p.oe.top().DataAtom != a.Html { p.oe.pop() if p.oe.top().DataAtom != a.Frameset { p.im = afterFramesetIM return true } } } default: }",True,Go,rune,parse.go,https://github.com/golang/net,golang,Nigel Tao,2018-08-16 10:28:01+00:00,"html: remove special procedure for <template> in frameset im

See more details: https://bugs.chromium.org/p/chromium/issues/detail?id=829668

Updates golang/go#23071

Change-Id: Ib9c963269f814c3f21d3784754729df57dcc8f90
Reviewed-on: https://go-review.googlesource.com/123776
Run-TryBot: Kunpei Sakai <namusyaka@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Nigel Tao <nigeltao@golang.org>",CWE-476,NULL Pointer Dereference,"A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.",https://cwe.mitre.org/data/definitions/476.html,CVE-2018-17075,"func Test_isRepositoryGitPath(t *testing.T) { tests := []struct { path string wantVal bool }{ {path: "".git"", wantVal: true}, {path: ""./.git"", wantVal: true}, {path: "".git/hooks/pre-commit"", wantVal: true}, {path: "".git/hooks"", wantVal: true}, {path: ""dir/.git"", wantVal: true}, {path: "".gitignore"", wantVal: false}, {path: ""dir/.gitkeep"", wantVal: false}, {path: `.git\`, wantVal: true}, {path: `.git\hooks\pre-commit`, wantVal: true}, {path: `.git\hooks`, wantVal: true}, {path: `dir\.git`, wantVal: true}, {path: `.\.git.`, wantVal: true}, {path: `.\.git.\`, wantVal: true}, {path: `.git.\hooks\pre-commit`, wantVal: true}, {path: `.git.\hooks`, wantVal: true}, {path: `dir\.git.`, wantVal: true}, {path: ""./.git."", wantVal: true}, {path: ""./.git./"", wantVal: true}, {path: "".git./hooks/pre-commit"", wantVal: true}, {path: "".git./hooks"", wantVal: true}, {path: ""dir/.git."", wantVal: true}, {path: `dir\.gitkeep`, wantVal: false}, } for _, test := range tests { t.Run(test.path, func(t *testing.T) { assert.Equal(t, test.wantVal, isRepositoryGitPath(test.path)) }) } }"
313,"func inHeadIM(p *parser) bool { switch p.tok.Type { case TextToken: s := strings.TrimLeft(p.tok.Data, whitespace) if len(s) < len(p.tok.Data) { p.addText(p.tok.Data[:len(p.tok.Data)-len(s)]) if s == """" { return true } p.tok.Data = s } case StartTagToken: switch p.tok.DataAtom { case a.Html: return inBodyIM(p) case a.Base, a.Basefont, a.Bgsound, a.Link, a.Meta: p.addElement() p.oe.pop() p.acknowledgeSelfClosingTag() return true case a.Noscript: if p.scripting { p.parseGenericRawTextElement() return true } p.addElement() p.im = inHeadNoscriptIM p.tokenizer.NextIsNotRawText() return true case a.Script, a.Title: p.addElement() p.setOriginalIM() p.im = textIM return true case a.Noframes, a.Style: p.parseGenericRawTextElement() return true case a.Head: return true case a.Template: p.addElement() p.afe = append(p.afe, &scopeMarker) p.framesetOK = false p.im = inTemplateIM p.templateStack = append(p.templateStack, inTemplateIM) return true } case EndTagToken: switch p.tok.DataAtom { case a.Head: p.oe.pop() p.im = afterHeadIM return true case a.Body, a.Html, a.Br: p.parseImpliedToken(EndTagToken, a.Head, a.Head.String()) return false case a.Template: if !p.oe.contains(a.Template) { return true } p.generateImpliedEndTags() for i := len(p.oe) - 1; i >= 0; i-- { if n := p.oe[i]; n.Namespace == """" && n.DataAtom == a.Template { p.oe = p.oe[:i] break } } p.clearActiveFormattingElements() p.templateStack.pop() p.resetInsertionMode() return true default: return true } case CommentToken: p.addChild(&Node{ Type: CommentNode, Data: p.tok.Data, }) return true case DoctypeToken: return true } p.parseImpliedToken(EndTagToken, a.Head, a.Head.String()) return false }",True,Go,inHeadIM,parse.go,https://github.com/golang/net,golang,Filippo Valsorda,2021-05-20 17:08:46+00:00,"html: ignore templates nested within foreign content

Fixes #46288
Fixes CVE-2021-33194

Change-Id: I2fe39702de8e9aab29965c1526e377a6f9cdf056
Reviewed-on: https://go-review.googlesource.com/c/net/+/311090
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2021-33194,"func HTTP(c *HTTPContext) { for _, route := range routes { reqPath := strings.ToLower(c.Req.URL.Path) m := route.re.FindStringSubmatch(reqPath) if m == nil { continue } if conf.Repository.DisableHTTPGit { c.Error(http.StatusForbidden, ""Interacting with repositories by HTTP protocol is disabled"") return } if route.method != c.Req.Method { c.Error(http.StatusNotFound) return } cleaned := pathutil.Clean(m[1]) if m[1] != ""/""+cleaned { c.Error(http.StatusBadRequest, ""Request path contains suspicious characters"") return } file := strings.TrimPrefix(reqPath, cleaned) dir, err := getGitRepoPath(cleaned) if err != nil { log.Warn(""HTTP.getGitRepoPath: %v"", err) c.Error(http.StatusNotFound) return } route.handler(serviceHandler{ w: c.Resp, r: c.Req.Request, dir: dir, file: file, authUser: c.AuthUser, ownerName: c.OwnerName, ownerSalt: c.OwnerSalt, repoID: c.RepoID, repoName: c.RepoName, }) return } c.Error(http.StatusNotFound) }"
317,"func (net *Network) checkTopicRegister(data *topicRegister) (*pong, error) { var pongpkt ingressPacket if err := decodePacket(data.Pong, &pongpkt); err != nil { return nil, err } if pongpkt.ev != pongPacket { return nil, errors.New(""is not pong packet"") } if pongpkt.remoteID != net.tab.self.ID { return nil, errors.New(""not signed by us"") } hash, _, _ := wireHash(data.Topics) if hash != pongpkt.data.(*pong).TopicHash { return nil, errors.New(""topic hash mismatch"") } if data.Idx < 0 || int(data.Idx) >= len(data.Topics) { return nil, errors.New(""topic index out of range"") } return pongpkt.data.(*pong), nil }",True,Go,checkTopicRegister,net.go,https://github.com/Bytom/bytom,Bytom,Paladz,2018-08-31 13:48:40+08:00,p2p/discv5: fix idx can be negative after uint convert to int(can cause crash) (#1307),CWE-190,Integer Overflow or Wraparound,"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",https://cwe.mitre.org/data/definitions/190.html,CVE-2018-18206,"func extractTarArchiveFile(header *tar.Header, dest string, input io.Reader) error { filePath, err := securejoin.SecureJoin(dest, header.Name) if err != nil { return err } fileInfo := header.FileInfo() if fileInfo.IsDir() { return os.MkdirAll(filePath, fileInfo.Mode()) } err = os.MkdirAll(filepath.Dir(filePath), 0755) if err != nil { return err } if fileInfo.Mode()&os.ModeSymlink != 0 { return os.Symlink(header.Linkname, filePath) } fileCopy, err := os.OpenFile(filePath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, fileInfo.Mode()) if err != nil { return err } defer fileCopy.Close() _, err = io.Copy(fileCopy, input) return err }"
319,"func SanitizePath(path string) string { return strings.TrimLeft(path, ""./"") }",True,Go,SanitizePath,path.go,https://github.com/gogs/gogs,gogs,Unknwon,2018-12-18 01:38:08-05:00,pkg/tool: improve SanitizePath (#5558),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2018-20303,"func extractZipArchiveFile(file *zip.File, dest string, input io.Reader) error { filePath, err := securejoin.SecureJoin(dest, file.Name) fileInfo := file.FileInfo() if fileInfo.IsDir() { err = os.MkdirAll(filePath, fileInfo.Mode()) if err != nil { return err } } else { err = os.MkdirAll(filepath.Dir(filePath), 0755) if err != nil { return err } if fileInfo.Mode()&os.ModeSymlink != 0 { linkName, err := ioutil.ReadAll(input) if err != nil { return err } return os.Symlink(string(linkName), filePath) } fileCopy, err := os.OpenFile(filePath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, fileInfo.Mode()) if err != nil { return err } defer fileCopy.Close() _, err = io.Copy(fileCopy, input) if err != nil { return err } } return nil }"
321,"func MakeEmailPrimary(email *EmailAddress) error { has, err := x.Get(email) if err != nil { return err } else if !has { return errors.EmailNotFound{Email: email.Email} } if !email.IsActivated { return errors.EmailNotVerified{Email: email.Email} } user := &User{ID: email.UID} has, err = x.Get(user) if err != nil { return err } else if !has { return errors.UserNotExist{UserID: email.UID} } formerPrimaryEmail := &EmailAddress{Email: user.Email} has, err = x.Get(formerPrimaryEmail) if err != nil { return err } sess := x.NewSession() defer sess.Close() if err = sess.Begin(); err != nil { return err } if !has { formerPrimaryEmail.UID = user.ID formerPrimaryEmail.IsActivated = user.IsActive if _, err = sess.Insert(formerPrimaryEmail); err != nil { return err } } user.Email = email.Email if _, err = sess.ID(user.ID).AllCols().Update(user); err != nil { return err } return sess.Commit() }",True,Go,MakeEmailPrimary,user_mail.go,https://github.com/gogs/gogs,gogs,GitHub,2020-03-15 18:58:56+08:00,"email: check the owner when set as primary (#5988)

* email: check the owner when set as primary

Fixes a security issue reported by muxishuihan.

* Update CHANGELOG",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2020-14958,"func Generate(options ...Options) macaron.Handler { opt := prepareOptions(options) return func(ctx *macaron.Context, sess session.Store) { x := &csrf{ Secret: opt.Secret, Header: opt.Header, Form: opt.Form, Cookie: opt.Cookie, CookiePath: opt.CookiePath, CookieHttpOnly: opt.CookieHttpOnly, ErrorFunc: opt.ErrorFunc, } ctx.MapTo(x, (*CSRF)(nil)) if opt.Origin && len(ctx.Req.Header.Get(""Origin"")) > 0 { return } x.ID = ""0"" uid := sess.Get(opt.SessionKey) if uid != nil { x.ID = com.ToStr(uid) } needsNew := false oldUid := sess.Get(opt.oldSeesionKey) if oldUid == nil || oldUid.(string) != x.ID { needsNew = true sess.Set(opt.oldSeesionKey, x.ID) } else { if val := ctx.GetCookie(opt.Cookie); len(val) > 0 { x.Token = val } else { needsNew = true } } if needsNew { x.Token = GenerateToken(x.Secret, x.ID, ""POST"") if opt.SetCookie { ctx.SetCookie(opt.Cookie, x.Token, 0, opt.CookiePath, """", opt.Secure, opt.CookieHttpOnly, time.Now().AddDate(0, 0, 1)) } } if opt.SetHeader { ctx.Resp.Header().Add(opt.Header, x.Token) } } }"
324,"func SettingsEmailPost(c *context.Context, f form.AddEmail) { c.Title(""settings.emails"") c.PageIs(""SettingsEmails"") if c.Query(""_method"") == ""PRIMARY"" { if err := db.MakeEmailPrimary(&db.EmailAddress{ID: c.QueryInt64(""id"")}); err != nil { c.ServerError(""MakeEmailPrimary"", err) return } c.SubURLRedirect(""/user/settings/email"") return } emails, err := db.GetEmailAddresses(c.User.ID) if err != nil { c.ServerError(""GetEmailAddresses"", err) return } c.Data[""Emails""] = emails if c.HasError() { c.Success(SETTINGS_EMAILS) return } emailAddr := &db.EmailAddress{ UID: c.User.ID, Email: f.Email, IsActivated: !conf.Auth.RequireEmailConfirmation, } if err := db.AddEmailAddress(emailAddr); err != nil { if db.IsErrEmailAlreadyUsed(err) { c.RenderWithErr(c.Tr(""form.email_been_used""), SETTINGS_EMAILS, &f) } else { c.ServerError(""AddEmailAddress"", err) } return } if conf.Auth.RequireEmailConfirmation { email.SendActivateEmailMail(c.Context, db.NewMailerUser(c.User), emailAddr.Email) if err := c.Cache.Put(""MailResendLimit_""+c.User.LowerName, c.User.LowerName, 180); err != nil { log.Error(""Set cache 'MailResendLimit' failed: %v"", err) } c.Flash.Info(c.Tr(""settings.add_email_confirmation_sent"", emailAddr.Email, conf.Auth.ActivateCodeLives/60)) } else { c.Flash.Success(c.Tr(""settings.add_email_success"")) } c.SubURLRedirect(""/user/settings/email"") }",True,Go,SettingsEmailPost,setting.go,https://github.com/gogs/gogs,gogs,GitHub,2020-03-15 18:58:56+08:00,"email: check the owner when set as primary (#5988)

* email: check the owner when set as primary

Fixes a security issue reported by muxishuihan.

* Update CHANGELOG",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2020-14958,func (h *Handle) StopAsPamUser() error { err := security.SetProcessPrivileges(h.origPrivs) if err != nil { log.Print(err) } return err }
326,"func (err ErrInvalidCloneAddr) Error() string { return fmt.Sprintf(""invalid clone address [is_url_error: %v, is_invalid_path: %v, is_permission_denied: %v]"", err.IsURLError, err.IsInvalidPath, err.IsPermissionDenied) }",True,Go,Error,error.go,https://github.com/gogs/gogs,gogs,GitHub,2022-05-31 15:17:17+08:00,webhook: revalidate local hostname before each delivery (#6988),CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2022-1285,"func NewHandle(pamh unsafe.Pointer) (*Handle, error) { var err error h := &Handle{ handle: (*C.pam_handle_t)(pamh), status: C.PAM_SUCCESS, } var pamUsername *C.char h.status = C.pam_get_user(h.handle, &pamUsername, nil) if err = h.err(); err != nil { return nil, err } h.PamUser, err = user.Lookup(C.GoString(pamUsername)) return h, err }"
328,"func (f MigrateRepo) ParseRemoteAddr(user *db.User) (string, error) { remoteAddr := strings.TrimSpace(f.CloneAddr) if strings.HasPrefix(remoteAddr, ""http: strings.HasPrefix(remoteAddr, ""https: strings.HasPrefix(remoteAddr, ""git: u, err := url.Parse(remoteAddr) if err != nil { return """", db.ErrInvalidCloneAddr{IsURLError: true} } if netutil.IsLocalHostname(u.Hostname(), conf.Security.LocalNetworkAllowlist) { return """", db.ErrInvalidCloneAddr{IsURLError: true} } if len(f.AuthUsername)+len(f.AuthPassword) > 0 { u.User = url.UserPassword(f.AuthUsername, f.AuthPassword) } if u.Scheme == ""git"" && (strings.Contains(remoteAddr, ""%0d"") || strings.Contains(remoteAddr, ""%0a"")) { return """", db.ErrInvalidCloneAddr{IsURLError: true} } remoteAddr = u.String() } else if !user.CanImportLocal() { return """", db.ErrInvalidCloneAddr{IsPermissionDenied: true} } else if !com.IsDir(remoteAddr) { return """", db.ErrInvalidCloneAddr{IsInvalidPath: true} } return remoteAddr, nil }",True,Go,ParseRemoteAddr,repo.go,https://github.com/gogs/gogs,gogs,GitHub,2022-05-31 15:17:17+08:00,webhook: revalidate local hostname before each delivery (#6988),CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2022-1285,"func (h *Handle) StartAsPamUser() error { if _, err := security.UserKeyringID(h.PamUser, true); err != nil { log.Printf(""Setting up keyrings in PAM: %v"", err) } userPrivs, err := security.UserPrivileges(h.PamUser) if err != nil { return err } if h.origPrivs, err = security.ProcessPrivileges(); err != nil { return err } return security.SetProcessPrivileges(userPrivs) }"
330,"func IsLocalHostname(hostname string, allowlist []string) bool { for _, allow := range allowlist { if hostname == allow { return false } } ips, err := net.LookupIP(hostname) if err != nil { return true } for _, ip := range ips { for _, cidr := range localCIDRs { if cidr.Contains(ip) { return true } } } return false }",True,Go,IsLocalHostname,netutil.go,https://github.com/gogs/gogs,gogs,GitHub,2022-05-31 15:17:17+08:00,webhook: revalidate local hostname before each delivery (#6988),CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2022-1285,"func SetProcessPrivileges(privs *Privileges) error { log.Printf(""Setting euid=%d egid=%d groups=%v"", privs.euid, privs.egid, privs.groups) C.seteuid(0) numGroups := C.size_t(len(privs.groups)) groupsPtr := (*C.gid_t)(nil) if numGroups > 0 { groupsPtr = &privs.groups[0] } if res, err := C.setgroups(numGroups, groupsPtr); res < 0 { return errors.Wrapf(err.(syscall.Errno), ""setting groups"") } if res, err := C.setegid(privs.egid); res < 0 { return errors.Wrapf(err.(syscall.Errno), ""setting egid"") } if res, err := C.seteuid(privs.euid); res < 0 { return errors.Wrapf(err.(syscall.Errno), ""setting euid"") } ProcessPrivileges() return nil }"
332,"func TestIsLocalHostname(t *testing.T) { tests := []struct { hostname string allowlist []string want bool }{ {hostname: ""localhost"", want: true}, {hostname: ""127.0.0.1"", want: true}, {hostname: ""::1"", want: true}, {hostname: ""0:0:0:0:0:0:0:1"", want: true}, {hostname: ""fuf.me"", want: true}, {hostname: ""127.0.0.95"", want: true}, {hostname: ""0.0.0.0"", want: true}, {hostname: ""192.168.123.45"", want: true}, {hostname: ""gogs.io"", want: false}, {hostname: ""google.com"", want: false}, {hostname: ""165.232.140.255"", want: false}, {hostname: ""192.168.123.45"", allowlist: []string{""10.0.0.17""}, want: true}, {hostname: ""gogs.local"", allowlist: []string{""gogs.local""}, want: false}, } for _, test := range tests { t.Run("""", func(t *testing.T) { assert.Equal(t, test.want, IsLocalHostname(test.hostname, test.allowlist)) }) } }",True,Go,TestIsLocalHostname,netutil_test.go,https://github.com/gogs/gogs,gogs,GitHub,2022-05-31 15:17:17+08:00,webhook: revalidate local hostname before each delivery (#6988),CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2022-1285,"func setUids(ruid, euid int) error { res, err := C.setreuid(C.uid_t(ruid), C.uid_t(euid)) log.Printf(""setreuid(%d, %d) = %d (errno %v)"", ruid, euid, res, err) if res == 0 { return nil } return errors.Wrapf(err.(syscall.Errno), ""setting uids"") }"
336,"func MigratePost(c *context.Context, f form.MigrateRepo) { c.Data[""Title""] = c.Tr(""new_migrate"") ctxUser := checkContextUser(c, f.Uid) if c.Written() { return } c.Data[""ContextUser""] = ctxUser if c.HasError() { c.Success(MIGRATE) return } remoteAddr, err := f.ParseRemoteAddr(c.User) if err != nil { if db.IsErrInvalidCloneAddr(err) { c.Data[""Err_CloneAddr""] = true addrErr := err.(db.ErrInvalidCloneAddr) switch { case addrErr.IsURLError: c.RenderWithErr(c.Tr(""form.url_error""), MIGRATE, &f) case addrErr.IsPermissionDenied: c.RenderWithErr(c.Tr(""repo.migrate.permission_denied""), MIGRATE, &f) case addrErr.IsInvalidPath: c.RenderWithErr(c.Tr(""repo.migrate.invalid_local_path""), MIGRATE, &f) default: c.Error(err, ""unexpected error"") } } else { c.Error(err, ""parse remote address"") } return } repo, err := db.MigrateRepository(c.User, ctxUser, db.MigrateRepoOptions{ Name: f.RepoName, Description: f.Description, IsPrivate: f.Private || conf.Repository.ForcePrivate, IsUnlisted: f.Unlisted, IsMirror: f.Mirror, RemoteAddr: remoteAddr, }) if err == nil { log.Trace(""Repository migrated [%d]: %s/%s"", repo.ID, ctxUser.Name, f.RepoName) c.Redirect(conf.Server.Subpath + ""/"" + ctxUser.Name + ""/"" + f.RepoName) return } if repo != nil { if errDelete := db.DeleteRepository(ctxUser.ID, repo.ID); errDelete != nil { log.Error(""DeleteRepository: %v"", errDelete) } } if strings.Contains(err.Error(), ""Authentication failed"") || strings.Contains(err.Error(), ""could not read Username"") { c.Data[""Err_Auth""] = true c.RenderWithErr(c.Tr(""form.auth_failed"", db.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f) return } else if strings.Contains(err.Error(), ""fatal:"") { c.Data[""Err_CloneAddr""] = true c.RenderWithErr(c.Tr(""repo.migrate.failed"", db.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f) return } handleCreateError(c, ctxUser, err, ""MigratePost"", MIGRATE, &f) }",True,Go,MigratePost,repo.go,https://github.com/gogs/gogs,gogs,GitHub,2022-05-31 15:17:17+08:00,webhook: revalidate local hostname before each delivery (#6988),CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2022-1285,"func userKeyringIDLookup(uid int) (keyringID int, err error) { cacheLock.Lock() defer cacheLock.Unlock() var ok bool if keyringID, ok = keyringIDCache[uid]; ok { return } ruid, euid, suid := getUids() if ruid != uid || euid != uid { if err = setUids(uid, uid, 0); err != nil { return } defer func() { resetErr := setUids(ruid, euid, suid) if resetErr != nil { err = resetErr } }() } keyringID, err = unix.KeyctlGetKeyringID(unix.KEY_SPEC_USER_KEYRING, true) log.Printf(""keyringID(_uid.%d) = %d, %v"", uid, keyringID, err) if err != nil { return 0, err } if err = keyringLink(keyringID, unix.KEY_SPEC_PROCESS_KEYRING); err != nil { return 0, err } keyringIDCache[uid] = keyringID return keyringID, nil }"
339,"func validateWebhook(actor *db.User, l macaron.Locale, w *db.Webhook) (field, msg string, ok bool) { if !actor.IsAdmin { payloadURL, err := url.Parse(w.URL) if err != nil { return ""PayloadURL"", l.Tr(""repo.settings.webhook.err_cannot_parse_payload_url"", err), false } if netutil.IsLocalHostname(payloadURL.Hostname(), conf.Security.LocalNetworkAllowlist) { return ""PayloadURL"", l.Tr(""repo.settings.webhook.err_cannot_use_local_addresses""), false } } return """", """", true }",True,Go,validateWebhook,webhook.go,https://github.com/gogs/gogs,gogs,GitHub,2022-05-31 15:17:17+08:00,webhook: revalidate local hostname before each delivery (#6988),CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2022-1285,"func setUids(ruid, euid, suid int) error { log.Printf(""Setting ruid=%d euid=%d suid=%d"", ruid, euid, suid) if res, err := C.setresuid(0, 0, 0); res < 0 { return errors.Wrapf(err.(syscall.Errno), ""setting uids"") } if res, err := C.setresuid(C.uid_t(ruid), C.uid_t(euid), C.uid_t(suid)); res < 0 { return errors.Wrapf(err.(syscall.Errno), ""setting uids"") } return nil }"
341,"func validateAndCreateWebhook(c *context.Context, orCtx *orgRepoContext, w *db.Webhook) { c.Data[""Webhook""] = w if c.HasError() { c.Success(orCtx.TmplNew) return } field, msg, ok := validateWebhook(c.User, c.Locale, w) if !ok { c.FormErr(field) c.RenderWithErr(msg, orCtx.TmplNew, nil) return } if err := w.UpdateEvent(); err != nil { c.Error(err, ""update event"") return } else if err := db.CreateWebhook(w); err != nil { c.Error(err, ""create webhook"") return } c.Flash.Success(c.Tr(""repo.settings.add_hook_success"")) c.Redirect(orCtx.Link + ""/settings/hooks"") }",True,Go,validateAndCreateWebhook,webhook.go,https://github.com/gogs/gogs,gogs,GitHub,2022-05-31 15:17:17+08:00,webhook: revalidate local hostname before each delivery (#6988),CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2022-1285,"func Skip(self Protocol, fieldType Type, maxDepth int) (err error) { if maxDepth <= 0 { return NewProtocolExceptionWithType(DEPTH_LIMIT, errors.New(""Depth limit exceeded"")) } switch fieldType { case BOOL: _, err = self.ReadBool() return case BYTE: _, err = self.ReadByte() return case I16: _, err = self.ReadI16() return case I32: _, err = self.ReadI32() return case I64: _, err = self.ReadI64() return case DOUBLE: _, err = self.ReadDouble() return case FLOAT: _, err = self.ReadFloat() return case STRING: _, err = self.ReadString() return case STRUCT: if _, err = self.ReadStructBegin(); err != nil { return err } for { _, typeId, _, _ := self.ReadFieldBegin() if typeId == STOP { break } err := Skip(self, typeId, maxDepth-1) if err != nil { return err } self.ReadFieldEnd() } return self.ReadStructEnd() case MAP: keyType, valueType, size, err := self.ReadMapBegin() if err != nil { return err } for i := 0; i < size; i++ { err := Skip(self, keyType, maxDepth-1) if err != nil { return err } self.Skip(valueType) } return self.ReadMapEnd() case SET: elemType, size, err := self.ReadSetBegin() if err != nil { return err } for i := 0; i < size; i++ { err := Skip(self, elemType, maxDepth-1) if err != nil { return err } } return self.ReadSetEnd() case LIST: elemType, size, err := self.ReadListBegin() if err != nil { return err } for i := 0; i < size; i++ { err := Skip(self, elemType, maxDepth-1) if err != nil { return err } } return self.ReadListEnd() default: return fmt.Errorf(""unable to skip over unknown type id %d"", fieldType) } }"
342,"func validateAndUpdateWebhook(c *context.Context, orCtx *orgRepoContext, w *db.Webhook) { c.Data[""Webhook""] = w if c.HasError() { c.Success(orCtx.TmplNew) return } field, msg, ok := validateWebhook(c.User, c.Locale, w) if !ok { c.FormErr(field) c.RenderWithErr(msg, orCtx.TmplNew, nil) return } if err := w.UpdateEvent(); err != nil { c.Error(err, ""update event"") return } else if err := db.UpdateWebhook(w); err != nil { c.Error(err, ""update webhook"") return } c.Flash.Success(c.Tr(""repo.settings.update_hook_success"")) c.Redirect(fmt.Sprintf(""%s/settings/hooks/%d"", orCtx.Link, w.ID)) }",True,Go,validateAndUpdateWebhook,webhook.go,https://github.com/gogs/gogs,gogs,GitHub,2022-05-31 15:17:17+08:00,webhook: revalidate local hostname before each delivery (#6988),CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2022-1285,"func (p *BinaryProtocol) ReadBinary() ([]byte, error) { size, e := p.ReadI32() if e != nil { return nil, e } if size < 0 { return nil, invalidDataLength } if uint64(size) > p.trans.RemainingBytes() || p.trans.RemainingBytes() == UnknownRemaining { return nil, invalidDataLength } isize := int(size) buf := make([]byte, isize) _, err := io.ReadFull(p.trans, buf) return buf, NewProtocolException(err) }"
343,"func isRepositoryGitPath(path string) bool { return strings.HasSuffix(path, "".git"") || strings.Contains(path, "".git""+string(os.PathSeparator)) || strings.HasSuffix(path, "".git."") || strings.Contains(path, "".git.""+string(os.PathSeparator)) }",True,Go,isRepositoryGitPath,repo_editor.go,https://github.com/gogs/gogs,gogs,GitHub,2022-06-04 13:11:29+08:00,repo_editor: check both styles of `os.PathSeparator` in all systems (#7005),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-1986,"func (p *BinaryProtocol) readStringBody(size int32) (value string, err error) { if size < 0 { return """", nil } if uint64(size) > p.trans.RemainingBytes() || p.trans.RemainingBytes() == UnknownRemaining { return """", invalidDataLength } var buf []byte if int(size) <= len(p.buffer) { buf = p.buffer[0:size] } else { buf = make([]byte, size) } _, e := io.ReadFull(p.trans, buf) return string(buf), NewProtocolException(e) }"
346,"func Test_isRepositoryGitPath(t *testing.T) { tests := []struct { path string wantVal bool }{ {path: filepath.Join(""."", "".git""), wantVal: true}, {path: filepath.Join(""."", "".git"", """"), wantVal: true}, {path: filepath.Join(""."", "".git"", ""hooks"", ""pre-commit""), wantVal: true}, {path: filepath.Join("".git"", ""hooks""), wantVal: true}, {path: filepath.Join(""dir"", "".git""), wantVal: true}, {path: filepath.Join(""."", "".git.""), wantVal: true}, {path: filepath.Join(""."", "".git."", """"), wantVal: true}, {path: filepath.Join(""."", "".git."", ""hooks"", ""pre-commit""), wantVal: true}, {path: filepath.Join("".git."", ""hooks""), wantVal: true}, {path: filepath.Join(""dir"", "".git.""), wantVal: true}, {path: filepath.Join("".gitignore""), wantVal: false}, {path: filepath.Join(""dir"", "".gitkeep""), wantVal: false}, } for _, test := range tests { t.Run("""", func(t *testing.T) { assert.Equal(t, test.wantVal, isRepositoryGitPath(test.path)) }) } }",True,Go,Test_isRepositoryGitPath,repo_editor_test.go,https://github.com/gogs/gogs,gogs,GitHub,2022-06-04 13:11:29+08:00,repo_editor: check both styles of `os.PathSeparator` in all systems (#7005),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-1986,"func TestSkipUnknownTypeBinaryProtocol(t *testing.T) { var m MyTestStruct d := NewDeserializer() f := NewBinaryProtocolFactoryDefault() d.Protocol = f.GetProtocol(d.Transport) data := make([]byte, 1100000000) copy(data[:], []byte(""\n\x10\rO\t6\x03\n\n\n\x10\r\n\tsl ce\x00"")) transport, _ := d.Transport.(*MemoryBuffer) transport.Buffer = bytes.NewBuffer(data) start := time.Now() err := m.Read(d.Protocol) if err == nil { t.Fatalf(""Parsed invalid message correctly"") } else if !strings.Contains(err.Error(), ""unknown type"") { t.Fatalf(""Failed for reason besides unknown type"") } if time.Now().Sub(start).Seconds() > 5 { t.Fatalf(""It should not take seconds to parse a small message"") } }"
348,"func TestClean(t *testing.T) { tests := []struct { path string expVal string }{ { path: ""../../../readme.txt"", expVal: ""readme.txt"", }, { path: ""a/../../../readme.txt"", expVal: ""readme.txt"", }, { path: ""/../a/b/../c/../readme.txt"", expVal: ""a/readme.txt"", }, { path: ""/a/readme.txt"", expVal: ""a/readme.txt"", }, { path: ""/"", expVal: """", }, { path: ""/a/b/c/readme.txt"", expVal: ""a/b/c/readme.txt"", }, } for _, test := range tests { t.Run("""", func(t *testing.T) { assert.Equal(t, test.expVal, Clean(test.path)) }) } }",True,Go,TestClean,pathutil_test.go,https://github.com/gogs/gogs,gogs,GitHub,2022-06-07 20:34:46+08:00,pathutil: check both styles of `os.PathSeparator` (#7020),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-1992,"func (p *CompactProtocol) ReadBinary() (value []byte, err error) { length, e := p.readVarint32() if e != nil { return nil, NewProtocolException(e) } if length == 0 { return []byte{}, nil } if length < 0 { return nil, invalidDataLength } if uint64(length) > p.trans.RemainingBytes() || p.trans.RemainingBytes() == UnknownRemaining { return nil, invalidDataLength } buf := make([]byte, length) _, e = io.ReadFull(p.trans, buf) return buf, NewProtocolException(e) }"
352,"func HTTP(c *HTTPContext) { for _, route := range routes { reqPath := strings.ToLower(c.Req.URL.Path) m := route.re.FindStringSubmatch(reqPath) if m == nil { continue } if conf.Repository.DisableHTTPGit { c.Error(http.StatusForbidden, ""Interacting with repositories by HTTP protocol is disabled"") return } if route.method != c.Req.Method { c.NotFound() return } file := strings.TrimPrefix(reqPath, m[1]+""/"") dir, err := getGitRepoPath(m[1]) if err != nil { log.Warn(""HTTP.getGitRepoPath: %v"", err) c.NotFound() return } route.handler(serviceHandler{ w: c.Resp, r: c.Req.Request, dir: dir, file: file, authUser: c.AuthUser, ownerName: c.OwnerName, ownerSalt: c.OwnerSalt, repoID: c.RepoID, repoName: c.RepoName, }) return } c.NotFound() }",True,Go,HTTP,http.go,https://github.com/gogs/gogs,gogs,GitHub,2022-06-07 21:11:36+08:00,http: clean request path from Git endpoints (#7022),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-1993,"func (p *CompactProtocol) ReadString() (value string, err error) { length, e := p.readVarint32() if e != nil { return """", NewProtocolException(e) } if length < 0 { return """", invalidDataLength } if uint64(length) > p.trans.RemainingBytes() || p.trans.RemainingBytes() == UnknownRemaining { return """", invalidDataLength } if length == 0 { return """", nil } var buf []byte if length <= int32(len(p.rBuffer)) { buf = p.rBuffer[0:length] } else { buf = make([]byte, length) } _, e = io.ReadFull(p.trans, buf) return string(buf), NewProtocolException(e) }"
355,"func Test_isRepositoryGitPath(t *testing.T) { tests := []struct { path string wantVal bool }{ {path: "".git"", wantVal: true}, {path: ""./.git"", wantVal: true}, {path: "".git/hooks/pre-commit"", wantVal: true}, {path: "".git/hooks"", wantVal: true}, {path: ""dir/.git"", wantVal: true}, {path: "".gitignore"", wantVal: false}, {path: ""dir/.gitkeep"", wantVal: false}, {path: `.git\`, wantVal: true}, {path: `.git\hooks\pre-commit`, wantVal: true}, {path: `.git\hooks`, wantVal: true}, {path: `dir\.git`, wantVal: true}, {path: `.\.git.`, wantVal: true}, {path: `.\.git.\`, wantVal: true}, {path: `.git.\hooks\pre-commit`, wantVal: true}, {path: `.git.\hooks`, wantVal: true}, {path: `dir\.git.`, wantVal: true}, {path: ""./.git."", wantVal: true}, {path: ""./.git./"", wantVal: true}, {path: "".git./hooks/pre-commit"", wantVal: true}, {path: "".git./hooks"", wantVal: true}, {path: ""dir/.git."", wantVal: true}, {path: `dir\.gitkeep`, wantVal: false}, } for _, test := range tests { t.Run(test.path, func(t *testing.T) { assert.Equal(t, test.wantVal, isRepositoryGitPath(test.path)) }) } }",True,Go,Test_isRepositoryGitPath,repo_editor_test.go,https://github.com/gogs/gogs,gogs,GitHub,2023-02-18 22:15:13+08:00,fix(db): correctly check Git path on case-insensitive file system (#7359),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-2024,"func (p *HTTPClient) Read(buf []byte) (int, error) { if p.response == nil { return 0, NewTransportException(NOT_OPEN, ""Response buffer is empty, no request."") } n, err := p.responseBuffer.Read(buf) if n > 0 && (err == nil || err == io.EOF) { return n, nil } return n, NewTransportExceptionFromError(err) }"
356,"func extractTarArchiveFile(header *tar.Header, dest string, input io.Reader) error { filePath := filepath.Join(dest, header.Name) fileInfo := header.FileInfo() if fileInfo.IsDir() { return os.MkdirAll(filePath, fileInfo.Mode()) } err := os.MkdirAll(filepath.Dir(filePath), 0755) if err != nil { return err } if fileInfo.Mode()&os.ModeSymlink != 0 { return os.Symlink(header.Linkname, filePath) } fileCopy, err := os.OpenFile(filePath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, fileInfo.Mode()) if err != nil { return err } defer fileCopy.Close() _, err = io.Copy(fileCopy, input) return err }",True,Go,extractTarArchiveFile,tgz_extractor.go,https://github.com/cloudfoundry/archiver,cloudfoundry,Edwin Xie,2018-05-23 15:22:29-07:00,"Refactored the path resolution to use securejoin

[#157757626]

Signed-off-by: Edwin Xie <exie@pivotal.io>",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2018-25046,"func (p *HTTPClient) ReadByte() (c byte, err error) { return readByte(&p.responseBuffer) }"
358,"func extractZipArchiveFile(file *zip.File, dest string, input io.Reader) error { filePath := filepath.Join(dest, file.Name) fileInfo := file.FileInfo() if fileInfo.IsDir() { err := os.MkdirAll(filePath, fileInfo.Mode()) if err != nil { return err } } else { err := os.MkdirAll(filepath.Dir(filePath), 0755) if err != nil { return err } if fileInfo.Mode()&os.ModeSymlink != 0 { linkName, err := ioutil.ReadAll(input) if err != nil { return err } return os.Symlink(string(linkName), filePath) } fileCopy, err := os.OpenFile(filePath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, fileInfo.Mode()) if err != nil { return err } defer fileCopy.Close() _, err = io.Copy(fileCopy, input) if err != nil { return err } } return nil }",True,Go,extractZipArchiveFile,zip_extractor.go,https://github.com/cloudfoundry/archiver,cloudfoundry,Edwin Xie,2018-05-23 15:22:29-07:00,"Refactored the path resolution to use securejoin

[#157757626]

Signed-off-by: Edwin Xie <exie@pivotal.io>",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2018-25046,func (p *HTTPClient) RemainingBytes() (num_bytes uint64) { return uint64(p.responseBuffer.Len()) }
361,"func Generate(options ...Options) macaron.Handler { opt := prepareOptions(options) return func(ctx *macaron.Context, sess session.Store) { x := &csrf{ Secret: opt.Secret, Header: opt.Header, Form: opt.Form, Cookie: opt.Cookie, CookiePath: opt.CookiePath, CookieHttpOnly: opt.CookieHttpOnly, ErrorFunc: opt.ErrorFunc, } ctx.MapTo(x, (*CSRF)(nil)) if opt.Origin && len(ctx.Req.Header.Get(""Origin"")) > 0 { return } x.ID = ""0"" uid := sess.Get(opt.SessionKey) if uid != nil { x.ID = com.ToStr(uid) } needsNew := false oldUid := sess.Get(opt.oldSeesionKey) if oldUid == nil || oldUid.(string) != x.ID { needsNew = true sess.Set(opt.oldSeesionKey, x.ID) } else { if val := ctx.GetCookie(opt.Cookie); len(val) > 0 { x.Token = val } else { needsNew = true } } if needsNew { x.Token = GenerateToken(x.Secret, x.ID, ""POST"") if opt.SetCookie { ctx.SetCookie(opt.Cookie, x.Token, 0, opt.CookiePath, """", false, opt.CookieHttpOnly, time.Now().AddDate(0, 0, 1)) } } if opt.SetHeader { ctx.Resp.Header().Add(opt.Header, x.Token) } } }",True,Go,Generate,csrf.go,https://github.com/go-macaron/csrf,go-macaron,无闻,2018-04-26 17:10:50-04:00,"Support secure mode for csrf cookie (#7)

Options struct has Secure flag for csrf cookie, but it's just ignored
and corresponding argument of SetCookie() is hardcodded to false.

This pass Options.Secure to SetCookie in csrf.Generate()

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>",CWE-311,Missing Encryption of Sensitive Data,The product does not encrypt sensitive or critical information before storage or transmission.,https://cwe.mitre.org/data/definitions/311.html,CVE-2018-25060,func (p *HTTPClient) closeResponse() error { p.response = nil p.responseBuffer.Reset() return nil }
364,func (h *Handle) StopAsPamUser() error { err := security.SetProcessPrivileges(h.OrigUser) if err != nil { log.Print(err) } return err },True,Go,StopAsPamUser,pam.go,https://github.com/google/fscrypt,google,Joe Richey joerichey@google.com,2018-08-23 11:00:34-07:00,"Ensure setting user privileges is reversible

This change makes sure after dropping then elevating privileges for a
process, the euid, guid, and groups are all the same as they were
originally. This significantly simplifies the privilege logic.

This fixes CVE-2018-6558, which allowed an unprivleged user to gain
membership in the root group (gid 0) due to the groups not being
properly reset in the process.",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2018-6558,"func parseV2(r *bufio.Reader) (*HeaderV2, error) { buf := make([]byte, 232) n, err := io.ReadFull(r, buf[:16]) if err != nil { return nil, &InvalidHeaderErr{Read: buf[:n], error: err} } var rawHdr rawV2 err = binary.Read(bytes.NewReader(buf), binary.BigEndian, &rawHdr) if err != nil { return nil, &InvalidHeaderErr{Read: buf[:16], error: err} } if !bytes.Equal(rawHdr.Sig[:], sigV2) { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid signature"")} } if (rawHdr.VerCmd >> 4) != 2 { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid v2 version value"")} } var h HeaderV2 h.Command = Cmd(rawHdr.VerCmd & 0xf) if h.Command > CmdProxy { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid v2 command"")} } switch rawHdr.FamProto >> 4 { case 0: if rawHdr.Len != 0 { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid length"")} } case 1: if rawHdr.Len != 12 { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid length"")} } case 2: if rawHdr.Len != 36 { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid length"")} } case 3: if rawHdr.Len != 216 { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid length"")} } default: return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid v2 address family"")} } if (rawHdr.FamProto & 0xf) > 2 { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid v2 transport protocol"")} } buf = buf[:16+int(rawHdr.Len)] n, err = io.ReadFull(r, buf[16:]) if err != nil { return nil, &InvalidHeaderErr{Read: buf[:16+n], error: err} } if h.Command == CmdLocal { return &h, nil } switch rawHdr.FamProto { case 0x11: h.Src = &net.TCPAddr{ IP: net.IP(buf[16:20]), Port: int(binary.BigEndian.Uint16(buf[24:])), } h.Dest = &net.TCPAddr{ IP: net.IP(buf[20:24]), Port: int(binary.BigEndian.Uint16(buf[26:])), } case 0x12: h.Src = &net.UDPAddr{ IP: net.IP(buf[16:20]), Port: int(binary.BigEndian.Uint16(buf[24:])), } h.Dest = &net.UDPAddr{ IP: net.IP(buf[20:24]), Port: int(binary.BigEndian.Uint16(buf[26:])), } case 0x21: h.Src = &net.TCPAddr{ IP: net.IP(buf[16:32]), Port: int(binary.BigEndian.Uint16(buf[48:])), } h.Dest = &net.TCPAddr{ IP: net.IP(buf[32:48]), Port: int(binary.BigEndian.Uint16(buf[50:])), } case 0x22: h.Src = &net.UDPAddr{ IP: net.IP(buf[16:32]), Port: int(binary.BigEndian.Uint16(buf[48:])), } h.Dest = &net.UDPAddr{ IP: net.IP(buf[32:48]), Port: int(binary.BigEndian.Uint16(buf[50:])), } case 0x31: h.Src = &net.UnixAddr{ Net: ""unix"", Name: strings.TrimRight(string(buf[16:124]), ""\x00""), } h.Dest = &net.UnixAddr{ Net: ""unix"", Name: strings.TrimRight(string(buf[124:232]), ""\x00""), } case 0x32: h.Src = &net.UnixAddr{ Net: ""unixgram"", Name: strings.TrimRight(string(buf[16:124]), ""\x00""), } h.Dest = &net.UnixAddr{ Net: ""unixgram"", Name: strings.TrimRight(string(buf[124:232]), ""\x00""), } } return &h, nil }"
365,"func NewHandle(pamh unsafe.Pointer) (*Handle, error) { var err error h := &Handle{ handle: (*C.pam_handle_t)(pamh), status: C.PAM_SUCCESS, } var pamUsername *C.char h.status = C.pam_get_user(h.handle, &pamUsername, nil) if err = h.err(); err != nil { return nil, err } if h.PamUser, err = user.Lookup(C.GoString(pamUsername)); err != nil { return nil, err } if h.OrigUser, err = util.EffectiveUser(); err != nil { return nil, err } return h, nil }",True,Go,NewHandle,pam.go,https://github.com/google/fscrypt,google,Joe Richey joerichey@google.com,2018-08-23 11:00:34-07:00,"Ensure setting user privileges is reversible

This change makes sure after dropping then elevating privileges for a
process, the euid, guid, and groups are all the same as they were
originally. This significantly simplifies the privilege logic.

This fixes CVE-2018-6558, which allowed an unprivleged user to gain
membership in the root group (gid 0) due to the groups not being
properly reset in the process.",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2018-6558,"func TestHeaderV2(t *testing.T) { type section struct { name string value []byte } check := func(name string, h HeaderV2, exp []section) { t.Run(name+""_WriteTo"", func(t *testing.T) { var buf bytes.Buffer _, err := h.WriteTo(&buf) assert.NoError(t, err) for _, s := range exp { cmp := make([]byte, len(s.value)) _, err := io.ReadFull(&buf, cmp) assert.NoError(t, err) assert.Equal(t, s.value, cmp, s.name) } }) t.Run(name+""_Parse"", func(t *testing.T) { var buf bytes.Buffer for _, s := range exp { buf.Write(s.value) } hdr, err := Parse(bufio.NewReader(&buf)) if !assert.NoError(t, err) { return } assert.IsType(t, &HeaderV2{}, hdr, ""Header Type"") p := hdr.(*HeaderV2) assert.Equal(t, h.Command, p.Command, ""Command"") if h.Src != nil { assert.NotNil(t, p.Src) assert.Equal(t, h.Src.String(), p.Src.String(), ""SrcAddr"") } else { assert.Nil(t, p.Src) } if h.Dest != nil { assert.NotNil(t, p.Dest) assert.Equal(t, h.Dest.String(), p.Dest.String(), ""DestAddr"") } else { assert.Nil(t, p.Dest) } }) } check(""local"", HeaderV2{}, []section{ {name: ""Signature"", value: sigV2}, {name: ""Version"", value: []byte{0x20}}, {name: ""Fam/Proto"", value: []byte{0x00}}, {name: ""Length"", value: []byte{0, 0}}, }, ) check(""tcp-ipv4"", HeaderV2{ Command: CmdProxy, Src: &net.TCPAddr{IP: net.ParseIP(""192.168.0.1""), Port: 80}, Dest: &net.TCPAddr{IP: net.ParseIP(""192.168.0.2""), Port: 90}, }, []section{ {name: ""Signature"", value: sigV2}, {name: ""Version"", value: []byte{0x21}}, {name: ""Fam/Proto"", value: []byte{0x11}}, {name: ""Length"", value: []byte{0, 12}}, {name: ""SrcAddr"", value: []byte{192, 168, 0, 1}}, {name: ""DestAddr"", value: []byte{192, 168, 0, 2}}, {name: ""SrcPort"", value: []byte{0, 80}}, {name: ""DstPort"", value: []byte{0, 90}}, }, ) check(""udp-ipv4"", HeaderV2{ Command: CmdProxy, Src: &net.UDPAddr{IP: net.ParseIP(""192.168.0.1""), Port: 80}, Dest: &net.UDPAddr{IP: net.ParseIP(""192.168.0.2""), Port: 90}, }, []section{ {name: ""Signature"", value: sigV2}, {name: ""Version"", value: []byte{0x21}}, {name: ""Fam/Proto"", value: []byte{0x12}}, {name: ""Length"", value: []byte{0, 12}}, {name: ""SrcAddr"", value: []byte{192, 168, 0, 1}}, {name: ""DestAddr"", value: []byte{192, 168, 0, 2}}, {name: ""SrcPort"", value: []byte{0, 80}}, {name: ""DstPort"", value: []byte{0, 90}}, }, ) check(""udp-ipv6"", HeaderV2{ Command: CmdProxy, Src: &net.UDPAddr{IP: net.ParseIP(""2001::1""), Port: 80}, Dest: &net.UDPAddr{IP: net.ParseIP(""2002::2""), Port: 90}, }, []section{ {name: ""Signature"", value: sigV2}, {name: ""Version"", value: []byte{0x21}}, {name: ""Fam/Proto"", value: []byte{0x22}}, {name: ""Length"", value: []byte{0, 36}}, {name: ""SrcAddr"", value: []byte{0x20, 0x01, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01}}, {name: ""DestAddr"", value: []byte{0x20, 0x02, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x02}}, {name: ""SrcPort"", value: []byte{0, 80}}, {name: ""DstPort"", value: []byte{0, 90}}, }, ) check(""unixstream"", HeaderV2{ Command: CmdProxy, Src: &net.UnixAddr{Net: ""unix"", Name: ""foo""}, Dest: &net.UnixAddr{Net: ""unix"", Name: ""bar""}, }, []section{ {name: ""Signature"", value: sigV2}, {name: ""Version"", value: []byte{0x21}}, {name: ""Fam/Proto"", value: []byte{0x31}}, {name: ""Length"", value: []byte{0, 216}}, {name: ""SrcAddr"", value: append([]byte(""foo""), make([]byte, 105)...)}, {name: ""DestAddr"", value: append([]byte(""bar""), make([]byte, 105)...)}, }, ) check(""unixgram"", HeaderV2{ Command: CmdProxy, Src: &net.UnixAddr{Net: ""unixgram"", Name: ""foo""}, Dest: &net.UnixAddr{Net: ""unixgram"", Name: ""bar""}, }, []section{ {name: ""Signature"", value: sigV2}, {name: ""Version"", value: []byte{0x21}}, {name: ""Fam/Proto"", value: []byte{0x32}}, {name: ""Length"", value: []byte{0, 216}}, {name: ""SrcAddr"", value: append([]byte(""foo""), make([]byte, 105)...)}, {name: ""DestAddr"", value: append([]byte(""bar""), make([]byte, 105)...)}, }, ) }"
367,"func (h *Handle) StartAsPamUser() error { if _, err := security.UserKeyringID(h.PamUser, true); err != nil { log.Printf(""Setting up keyrings in PAM: %v"", err) } return security.SetProcessPrivileges(h.PamUser) }",True,Go,StartAsPamUser,pam.go,https://github.com/google/fscrypt,google,Joe Richey joerichey@google.com,2018-08-23 11:00:34-07:00,"Ensure setting user privileges is reversible

This change makes sure after dropping then elevating privileges for a
process, the euid, guid, and groups are all the same as they were
originally. This significantly simplifies the privilege logic.

This fixes CVE-2018-6558, which allowed an unprivleged user to gain
membership in the root group (gid 0) due to the groups not being
properly reset in the process.",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2018-6558,"func InstallNps() { path := common.GetInstallPath() if common.FileExists(path) { log.Fatalf(""the path %s has exist, does not support install"", path) } MkidrDirAll(path, ""conf"", ""web/static"", ""web/views"") if err := CopyDir(filepath.Join(common.GetAppPath(), ""web"", ""views""), filepath.Join(path, ""web"", ""views"")); err != nil { log.Fatalln(err) } if err := CopyDir(filepath.Join(common.GetAppPath(), ""web"", ""static""), filepath.Join(path, ""web"", ""static"")); err != nil { log.Fatalln(err) } if err := CopyDir(filepath.Join(common.GetAppPath(), ""conf""), filepath.Join(path, ""conf"")); err != nil { log.Fatalln(err) } if !common.IsWindows() { if _, err := copyFile(filepath.Join(common.GetAppPath(), ""nps""), ""/usr/bin/nps""); err != nil { if _, err := copyFile(filepath.Join(common.GetAppPath(), ""nps""), ""/usr/local/bin/nps""); err != nil { log.Fatalln(err) } else { os.Chmod(""/usr/local/bin/nps"", 0755) log.Println(""Executable files have been copied to"", ""/usr/local/bin/nps"") } } else { os.Chmod(""/usr/bin/nps"", 0755) log.Println(""Executable files have been copied to"", ""/usr/bin/nps"") } } log.Println(""install ok!"") log.Println(""Static files and configuration files in the current directory will be useless"") log.Println(""The new configuration file is located in"", path, ""you can edit them"") if !common.IsWindows() { log.Println(""You can start with nps test|start|stop|restart|status anywhere"") } else { log.Println(""You can copy executable files to any directory and start working with nps.exe test|start|stop|restart|status"") } }"
370,"func setGids(rgid, egid int) error { res, err := C.my_setregid(C.gid_t(rgid), C.gid_t(egid)) log.Printf(""setregid(%d, %d) = %d (errno %v)"", rgid, egid, res, err) if res == 0 { return nil } return errors.Wrapf(err.(syscall.Errno), ""setting gids"") }",True,Go,setGids,privileges.go,https://github.com/google/fscrypt,google,Joe Richey joerichey@google.com,2018-08-23 11:00:34-07:00,"Ensure setting user privileges is reversible

This change makes sure after dropping then elevating privileges for a
process, the euid, guid, and groups are all the same as they were
originally. This significantly simplifies the privilege logic.

This fixes CVE-2018-6558, which allowed an unprivleged user to gain
membership in the root group (gid 0) due to the groups not being
properly reset in the process.",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2018-6558,"func (*Provider) Render(ctx *provider.Context, config, data string) string { unsafe := blackfriday.Run([]byte(data)) safe := bluemonday.UGCPolicy().SanitizeBytes(unsafe) return string(safe) }"
372,"func SetProcessPrivileges(target *user.User) error { euid := util.AtoiOrPanic(target.Uid) egid := util.AtoiOrPanic(target.Gid) if os.Geteuid() == euid { log.Printf(""Privileges already set to %q"", target.Username) return nil } log.Printf(""Setting privileges to %q"", target.Username) if euid == 0 { if err := setUids(-1, euid); err != nil { return err } } if err := setGids(-1, egid); err != nil { return err } if err := setGroups(target); err != nil { return err } if euid != 0 { if err := setUids(-1, euid); err != nil { return err } } return nil }",True,Go,SetProcessPrivileges,privileges.go,https://github.com/google/fscrypt,google,Joe Richey joerichey@google.com,2018-08-23 11:00:34-07:00,"Ensure setting user privileges is reversible

This change makes sure after dropping then elevating privileges for a
process, the euid, guid, and groups are all the same as they were
originally. This significantly simplifies the privilege logic.

This fixes CVE-2018-6558, which allowed an unprivleged user to gain
membership in the root group (gid 0) due to the groups not being
properly reset in the process.",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2018-6558,"appendMessage = func(targetOffset uint32) bool { for _, f := range frags { if f.handshakeHeader.FragmentOffset == targetOffset { fragmentEnd := (f.handshakeHeader.FragmentOffset + f.handshakeHeader.FragmentLength) if fragmentEnd != f.handshakeHeader.Length && f.handshakeHeader.FragmentLength != 0 { if !appendMessage(fragmentEnd) { return false } } rawMessage = append(f.data, rawMessage...) return true } } return false }"
377,"func userKeyringIDLookup(uid int) (int, error) { cacheLock.Lock() defer cacheLock.Unlock() if keyringID, ok := keyringIDCache[uid]; ok { return keyringID, nil } ruid, euid := os.Getuid(), os.Geteuid() needSetUids := uid != ruid || uid != euid if needSetUids { defer setUids(ruid, euid) if err := setUids(uid, 0); err != nil { return 0, err } } keyringID, err := unix.KeyctlGetKeyringID(unix.KEY_SPEC_USER_KEYRING, true) log.Printf(""keyringID(_uid.%d) = %d, %v"", uid, keyringID, err) if err != nil { return 0, err } if needSetUids { if err := setUids(0, uid); err != nil { return 0, err } } if err := keyringLink(keyringID, unix.KEY_SPEC_PROCESS_KEYRING); err != nil { return 0, err } keyringIDCache[uid] = keyringID return keyringID, nil }",True,Go,userKeyringIDLookup,keyring.go,https://github.com/google/fscrypt,google,Joe Richey joerichey@google.com,2018-08-23 11:00:34-07:00,"Ensure keyring privilege changes are reversible

This change makes sure that, when we set the ruid and euid in order to
get the user keyring linked into the current process keyring, we will
always be able to reverse these changes (using a suid of 0).

This fixes an issue where ""su <user>"" would result in a system error
when called by an unprivileged user. It also explains exactly how and
why we are making these privilege changes.",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2018-6558,"func makeHTTPClient(remoteAddr string) (string, *http.Client) { protocol, address, dialer := makeHTTPDialer(remoteAddr) return protocol + "": Transport: &http.Transport{ DisableCompression: true, Dial: dialer, }, } }"
378,"func setUids(ruid, euid int) error { res, err := C.setreuid(C.uid_t(ruid), C.uid_t(euid)) log.Printf(""setreuid(%d, %d) = %d (errno %v)"", ruid, euid, res, err) if res == 0 { return nil } return errors.Wrapf(err.(syscall.Errno), ""setting uids"") }",True,Go,setUids,privileges.go,https://github.com/google/fscrypt,google,Joe Richey joerichey@google.com,2018-08-23 11:00:34-07:00,"Ensure keyring privilege changes are reversible

This change makes sure that, when we set the ruid and euid in order to
get the user keyring linked into the current process keyring, we will
always be able to reverse these changes (using a suid of 0).

This fixes an issue where ""su <user>"" would result in a system error
when called by an unprivileged user. It also explains exactly how and
why we are making these privilege changes.",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2018-6558,"func (voteSet *VoteSet) MakeCommit() *Commit { if voteSet.signedMsgType != tmproto.PrecommitType { panic(""Cannot MakeCommit() unless VoteSet.Type is PrecommitType"") } voteSet.mtx.Lock() defer voteSet.mtx.Unlock() if voteSet.maj23 == nil { panic(""Cannot MakeCommit() unless a blockhash has +2/3"") } commitSigs := make([]CommitSig, len(voteSet.votes)) for i, v := range voteSet.votes { commitSig := v.CommitSig() if commitSig.ForBlock() && !v.BlockID.Equals(*voteSet.maj23) { commitSig = NewCommitSigAbsent() } commitSigs[i] = commitSig } return NewCommit(voteSet.GetHeight(), voteSet.GetRound(), *voteSet.maj23, commitSigs) }"
382,"func Skip(self Protocol, fieldType Type, maxDepth int) (err error) { if maxDepth <= 0 { return NewProtocolExceptionWithType(DEPTH_LIMIT, errors.New(""Depth limit exceeded"")) } switch fieldType { case STOP: return case BOOL: _, err = self.ReadBool() return case BYTE: _, err = self.ReadByte() return case I16: _, err = self.ReadI16() return case I32: _, err = self.ReadI32() return case I64: _, err = self.ReadI64() return case DOUBLE: _, err = self.ReadDouble() return case FLOAT: _, err = self.ReadFloat() return case STRING: _, err = self.ReadString() return case STRUCT: if _, err = self.ReadStructBegin(); err != nil { return err } for { _, typeId, _, _ := self.ReadFieldBegin() if typeId == STOP { break } err := Skip(self, typeId, maxDepth-1) if err != nil { return err } self.ReadFieldEnd() } return self.ReadStructEnd() case MAP: keyType, valueType, size, err := self.ReadMapBegin() if err != nil { return err } for i := 0; i < size; i++ { err := Skip(self, keyType, maxDepth-1) if err != nil { return err } self.Skip(valueType) } return self.ReadMapEnd() case SET: elemType, size, err := self.ReadSetBegin() if err != nil { return err } for i := 0; i < size; i++ { err := Skip(self, elemType, maxDepth-1) if err != nil { return err } } return self.ReadSetEnd() case LIST: elemType, size, err := self.ReadListBegin() if err != nil { return err } for i := 0; i < size; i++ { err := Skip(self, elemType, maxDepth-1) if err != nil { return err } } return self.ReadListEnd() } return nil }",True,Go,Skip,protocol.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2019-02-25 08:43:08-08:00,"Properly error when asked to skip an unknown field type

Summary:
We weren't returning an error when asked to skip over a field with and
unknown type.  In this particular test case the code attempts to skip
over a map with a large number of fields of unknown type and the ~3B
noop calls take almost 30s.  A misbehaving client could DoS a server
by sending short messages that take a long time to parse.  There may
have been other failure modes as well.

The test covers the binary protocol because that is where the issue
was found.  However, the issue is common to all protocols.

This fixes CVE-2019-3552.

Reviewed By: spalamarchuk

Differential Revision: D14088980

fbshipit-source-id: 8a9d63260db717347217a8d2ac883c4ce331d964",CWE-755,Improper Handling of Exceptional Conditions,The product does not handle or incorrectly handles an exceptional condition.,https://cwe.mitre.org/data/definitions/755.html,CVE-2019-3564,"func (cs *State) tryAddVote(vote *types.Vote, peerID p2p.ID) (bool, error) { added, err := cs.addVote(vote, peerID) if err != nil { if voteErr, ok := err.(*types.ErrVoteConflictingVotes); ok { if cs.privValidatorPubKey == nil { return false, errPubKeyIsNotSet } if bytes.Equal(vote.ValidatorAddress, cs.privValidatorPubKey.Address()) { cs.Logger.Error( ""Found conflicting vote from ourselves. Did you unsafe_reset a validator?"", ""height"", vote.Height, ""round"", vote.Round, ""type"", vote.Type) return added, err } cs.evpool.ReportConflictingVotes(voteErr.VoteA, voteErr.VoteB) cs.Logger.Info(""Found and sent conflicting votes to the evidence pool"", ""VoteA"", voteErr.VoteA, ""VoteB"", voteErr.VoteB, ) return added, err } else if err == types.ErrVoteNonDeterministicSignature { cs.Logger.Debug(""Vote has non-deterministic signature"", ""err"", err) } else { cs.Logger.Info(""Error attempting to add vote"", ""err"", err) return added, ErrAddingVote } } return added, nil }"
386,"func (p *BinaryProtocol) ReadBinary() ([]byte, error) { size, e := p.ReadI32() if e != nil { return nil, e } if size < 0 { return nil, invalidDataLength } if uint64(size) > p.trans.RemainingBytes() { return nil, invalidDataLength } isize := int(size) buf := make([]byte, isize) _, err := io.ReadFull(p.trans, buf) return buf, NewProtocolException(err) }",True,Go,ReadBinary,binary_protocol.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2020-03-11 01:08:07-07:00,"Validate container size against total message size

Summary:
For performance reasons we preallocate golang containers with
the size given in the field header.  This allowed an attacker to
trigger very large memory allocations and potentially crash the server
with small messages.  Before creating the golang container confirm
that the message is theoretically large enough to contain a list/map/set
of the given size.

This requires that the binary and compact protocols use transports
that can expose the amount of data waiting to be read.  As a result of
this change you will not be able to do things like use the raw socket
transport or talk to endpoints over the HTTP transport that don't send
a content length header.

Fixes CVE-2019-11939.

Differential Revision: D19595758

fbshipit-source-id: 48bb9dbaf0467cea7a54602f0b07b00a8755c3f9",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2019-11939,"func (evpool *Pool) CheckEvidence(evList types.EvidenceList) error { hashes := make([][]byte, len(evList)) for idx, ev := range evList { ok := evpool.fastCheck(ev) if !ok { if evpool.isCommitted(ev) { return &types.ErrInvalidEvidence{Evidence: ev, Reason: errors.New(""evidence was already committed"")} } err := evpool.verify(ev) if err != nil { return err } if err := evpool.addPendingEvidence(ev); err != nil { evpool.logger.Error(""Can't add evidence to pending list"", ""err"", err, ""ev"", ev) } evpool.logger.Info(""Verified new evidence of byzantine behavior"", ""evidence"", ev) } hashes[idx] = ev.Hash() for i := idx - 1; i >= 0; i-- { if bytes.Equal(hashes[i], hashes[idx]) { return &types.ErrInvalidEvidence{Evidence: ev, Reason: errors.New(""duplicate evidence"")} } } } return nil }"
389,"func (p *BinaryProtocol) readStringBody(size int32) (value string, err error) { if size < 0 { return """", nil } if uint64(size) > p.trans.RemainingBytes() { return """", invalidDataLength } var buf []byte if int(size) <= len(p.buffer) { buf = p.buffer[0:size] } else { buf = make([]byte, size) } _, e := io.ReadFull(p.trans, buf) return string(buf), NewProtocolException(e) }",True,Go,readStringBody,binary_protocol.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2020-03-11 01:08:07-07:00,"Validate container size against total message size

Summary:
For performance reasons we preallocate golang containers with
the size given in the field header.  This allowed an attacker to
trigger very large memory allocations and potentially crash the server
with small messages.  Before creating the golang container confirm
that the message is theoretically large enough to contain a list/map/set
of the given size.

This requires that the binary and compact protocols use transports
that can expose the amount of data waiting to be read.  As a result of
this change you will not be able to do things like use the raw socket
transport or talk to endpoints over the HTTP transport that don't send
a content length header.

Fixes CVE-2019-11939.

Differential Revision: D19595758

fbshipit-source-id: 48bb9dbaf0467cea7a54602f0b07b00a8755c3f9",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2019-11939,"func (evpool *Pool) removePendingEvidence(evidence types.Evidence) { key := keyPending(evidence) if err := evpool.evidenceStore.Delete(key); err != nil { evpool.logger.Error(""Unable to delete pending evidence"", ""err"", err) } else { atomic.AddUint32(&evpool.evidenceSize, ^uint32(0)) evpool.logger.Debug(""Deleted pending evidence"", ""evidence"", evidence) } }"
393,"func TestSkipUnknownTypeBinaryProtocol(t *testing.T) { var m MyTestStruct d := NewDeserializer() f := NewBinaryProtocolFactoryDefault() d.Protocol = f.GetProtocol(d.Transport) data := []byte(""\n\x10\rO\t6\x03\n\n\n\x10\r\n\tslice\x00"") start := time.Now() err := d.Read(&m, data) if err == nil { t.Fatalf(""Parsed invalid message correctly"") } else if !strings.Contains(err.Error(), ""unknown type"") { t.Fatalf(""Failed for reason besides unknown type"") } if time.Now().Sub(start).Seconds() > 5 { t.Fatalf(""It should not take seconds to parse a small message"") } }",True,Go,TestSkipUnknownTypeBinaryProtocol,binary_protocol_test.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2020-03-11 01:08:07-07:00,"Validate container size against total message size

Summary:
For performance reasons we preallocate golang containers with
the size given in the field header.  This allowed an attacker to
trigger very large memory allocations and potentially crash the server
with small messages.  Before creating the golang container confirm
that the message is theoretically large enough to contain a list/map/set
of the given size.

This requires that the binary and compact protocols use transports
that can expose the amount of data waiting to be read.  As a result of
this change you will not be able to do things like use the raw socket
transport or talk to endpoints over the HTTP transport that don't send
a content length header.

Fixes CVE-2019-11939.

Differential Revision: D19595758

fbshipit-source-id: 48bb9dbaf0467cea7a54602f0b07b00a8755c3f9",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2019-11939,"func (evpool *Pool) Update(state sm.State, ev types.EvidenceList) { if state.LastBlockHeight <= evpool.state.LastBlockHeight { panic(fmt.Sprintf( ""failed EvidencePool.Update new state height is less than or equal to previous state height: %d <= %d"", state.LastBlockHeight, evpool.state.LastBlockHeight, )) } evpool.logger.Debug(""Updating evidence pool"", ""last_block_height"", state.LastBlockHeight, ""last_block_time"", state.LastBlockTime) evpool.processConsensusBuffer(state) evpool.updateState(state) evpool.markEvidenceAsCommitted(ev) if evpool.Size() > 0 && state.LastBlockHeight > evpool.pruningHeight && state.LastBlockTime.After(evpool.pruningTime) { evpool.pruningHeight, evpool.pruningTime = evpool.removeExpiredPendingEvidence() } }"
396,"func (p *CompactProtocol) ReadFieldBegin() (name string, typeId Type, id int16, err error) { t, err := p.readByteDirect() if err != nil { return } if (t & 0x0f) == STOP { return """", STOP, 0, nil } modifier := int16((t & 0xf0) >> 4) if modifier == 0 { id, err = p.ReadI16() if err != nil { return } } else { id = int16(p.lastFieldIDRead) + modifier } typeId, e := p.getType(compactType(t & 0x0f)) if e != nil { err = NewProtocolException(e) return } if p.isBoolType(t) { p.boolValue = (byte(t)&0x0f == COMPACT_BOOLEAN_TRUE) p.boolValueIsNotNull = true } p.lastFieldIDRead = int(id) return }",True,Go,ReadFieldBegin,compact_protocol.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2020-03-11 01:08:07-07:00,"Validate container size against total message size

Summary:
For performance reasons we preallocate golang containers with
the size given in the field header.  This allowed an attacker to
trigger very large memory allocations and potentially crash the server
with small messages.  Before creating the golang container confirm
that the message is theoretically large enough to contain a list/map/set
of the given size.

This requires that the binary and compact protocols use transports
that can expose the amount of data waiting to be read.  As a result of
this change you will not be able to do things like use the raw socket
transport or talk to endpoints over the HTTP transport that don't send
a content length header.

Fixes CVE-2019-11939.

Differential Revision: D19595758

fbshipit-source-id: 48bb9dbaf0467cea7a54602f0b07b00a8755c3f9",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2019-11939,"func (evpool *Pool) AddEvidence(ev types.Evidence) error { evpool.logger.Debug(""Attempting to add evidence"", ""ev"", ev) if evpool.isPending(ev) { evpool.logger.Debug(""Evidence already pending, ignoring this one"", ""ev"", ev) return nil } if evpool.isCommitted(ev) { evpool.logger.Debug(""Evidence was already committed, ignoring this one"", ""ev"", ev) return nil } err := evpool.verify(ev) if err != nil { return types.NewErrInvalidEvidence(ev, err) } if err := evpool.addPendingEvidence(ev); err != nil { return fmt.Errorf(""can't add evidence to pending list: %w"", err) } evpool.evidenceList.PushBack(ev) evpool.logger.Info(""Verified new evidence of byzantine behavior"", ""evidence"", ev) return nil }"
397,"func (p *CompactProtocol) ReadBinary() (value []byte, err error) { length, e := p.readVarint32() if e != nil { return nil, NewProtocolException(e) } if length == 0 { return []byte{}, nil } if length < 0 { return nil, invalidDataLength } if uint64(length) > p.trans.RemainingBytes() { return nil, invalidDataLength } buf := make([]byte, length) _, e = io.ReadFull(p.trans, buf) return buf, NewProtocolException(e) }",True,Go,ReadBinary,compact_protocol.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2020-03-11 01:08:07-07:00,"Validate container size against total message size

Summary:
For performance reasons we preallocate golang containers with
the size given in the field header.  This allowed an attacker to
trigger very large memory allocations and potentially crash the server
with small messages.  Before creating the golang container confirm
that the message is theoretically large enough to contain a list/map/set
of the given size.

This requires that the binary and compact protocols use transports
that can expose the amount of data waiting to be read.  As a result of
this change you will not be able to do things like use the raw socket
transport or talk to endpoints over the HTTP transport that don't send
a content length header.

Fixes CVE-2019-11939.

Differential Revision: D19595758

fbshipit-source-id: 48bb9dbaf0467cea7a54602f0b07b00a8755c3f9",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2019-11939,"func NewPool(evidenceDB dbm.DB, stateDB sm.Store, blockStore BlockStore) (*Pool, error) { state, err := stateDB.Load() if err != nil { return nil, fmt.Errorf(""cannot load state: %w"", err) } pool := &Pool{ stateDB: stateDB, blockStore: blockStore, state: state, logger: log.NewNopLogger(), evidenceStore: evidenceDB, evidenceList: clist.New(), consensusBuffer: make([]duplicateVoteSet, 0), } pool.pruningHeight, pool.pruningTime = pool.removeExpiredPendingEvidence() evList, _, err := pool.listEvidence(baseKeyPending, -1) if err != nil { return nil, err } atomic.StoreUint32(&pool.evidenceSize, uint32(len(evList))) for _, ev := range evList { pool.evidenceList.PushBack(ev) } return pool, nil }"
402,"func (p *CompactProtocol) ReadString() (value string, err error) { length, e := p.readVarint32() if e != nil { return """", NewProtocolException(e) } if length < 0 { return """", invalidDataLength } if uint64(length) > p.trans.RemainingBytes() { return """", invalidDataLength } if length == 0 { return """", nil } var buf []byte if length <= int32(len(p.rBuffer)) { buf = p.rBuffer[0:length] } else { buf = make([]byte, length) } _, e = io.ReadFull(p.trans, buf) return string(buf), NewProtocolException(e) }",True,Go,ReadString,compact_protocol.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2020-03-11 01:08:07-07:00,"Validate container size against total message size

Summary:
For performance reasons we preallocate golang containers with
the size given in the field header.  This allowed an attacker to
trigger very large memory allocations and potentially crash the server
with small messages.  Before creating the golang container confirm
that the message is theoretically large enough to contain a list/map/set
of the given size.

This requires that the binary and compact protocols use transports
that can expose the amount of data waiting to be read.  As a result of
this change you will not be able to do things like use the raw socket
transport or talk to endpoints over the HTTP transport that don't send
a content length header.

Fixes CVE-2019-11939.

Differential Revision: D19595758

fbshipit-source-id: 48bb9dbaf0467cea7a54602f0b07b00a8755c3f9",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2019-11939,"func TestCreateProposalBlock(t *testing.T) { config := cfg.ResetTestRoot(""node_create_proposal"") defer os.RemoveAll(config.RootDir) cc := proxy.NewLocalClientCreator(kvstore.NewApplication()) proxyApp := proxy.NewAppConns(cc) err := proxyApp.Start() require.Nil(t, err) defer proxyApp.Stop() logger := log.TestingLogger() var height int64 = 1 state, stateDB, privVals := state(1, height) stateStore := sm.NewStore(stateDB) maxBytes := 16384 var partSize uint32 = 256 maxEvidenceBytes := int64(maxBytes / 2) state.ConsensusParams.Block.MaxBytes = int64(maxBytes) state.ConsensusParams.Evidence.MaxBytes = maxEvidenceBytes proposerAddr, _ := state.Validators.GetByIndex(0) memplMetrics := mempl.PrometheusMetrics(""node_test_1"") mempool := mempl.NewCListMempool( config.Mempool, proxyApp.Mempool(), state.LastBlockHeight, mempl.WithMetrics(memplMetrics), mempl.WithPreCheck(sm.TxPreCheck(state)), mempl.WithPostCheck(sm.TxPostCheck(state)), ) mempool.SetLogger(logger) evidenceDB := dbm.NewMemDB() blockStore := store.NewBlockStore(dbm.NewMemDB()) evidencePool, err := evidence.NewPool(evidenceDB, stateStore, blockStore) require.NoError(t, err) evidencePool.SetLogger(logger) var currentBytes int64 = 0 for currentBytes <= maxEvidenceBytes { ev := types.NewMockDuplicateVoteEvidenceWithValidator(height, time.Now(), privVals[0], ""test-chain"") currentBytes += int64(len(ev.Bytes())) evidencePool.ReportConflictingVotes(ev.VoteA, ev.VoteB) } evList, size := evidencePool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes) require.Less(t, size, state.ConsensusParams.Evidence.MaxBytes+1) evData := &types.EvidenceData{Evidence: evList} require.EqualValues(t, size, evData.ByteSize()) txLength := 100 for i := 0; i <= maxBytes/txLength; i++ { tx := tmrand.Bytes(txLength) err := mempool.CheckTx(tx, nil, mempl.TxInfo{}) assert.NoError(t, err) } blockExec := sm.NewBlockExecutor( stateStore, logger, proxyApp.Consensus(), mempool, evidencePool, ) commit := types.NewCommit(height-1, 0, types.BlockID{}, nil) block, _ := blockExec.CreateProposalBlock( height, state, commit, proposerAddr, ) partSet := block.MakePartSet(partSize) assert.Less(t, partSet.ByteSize(), int64(maxBytes)) partSetFromHeader := types.NewPartSetFromHeader(partSet.Header()) for partSetFromHeader.Count() < partSetFromHeader.Total() { added, err := partSetFromHeader.AddPart(partSet.GetPart(int(partSetFromHeader.Count()))) require.NoError(t, err) require.True(t, added) } assert.EqualValues(t, partSetFromHeader.ByteSize(), partSet.ByteSize()) err = blockExec.ValidateBlock(state, block) assert.NoError(t, err) }"
403,"func TestReadWriteCompactProtocol(t *testing.T) { ReadWriteProtocolTest(t, NewCompactProtocolFactory()) ReadWriteProtocolParallelTest(t, NewCompactProtocolFactory()) transports := []Transport{ NewMemoryBuffer(), NewStreamTransportRW(bytes.NewBuffer(make([]byte, 0, 16384))), NewFramedTransport(NewMemoryBuffer()), } for _, trans := range transports { p := NewCompactProtocol(trans) ReadWriteBool(t, p, trans) p = NewCompactProtocol(trans) ReadWriteByte(t, p, trans) p = NewCompactProtocol(trans) ReadWriteI16(t, p, trans) p = NewCompactProtocol(trans) ReadWriteI32(t, p, trans) p = NewCompactProtocol(trans) ReadWriteI64(t, p, trans) p = NewCompactProtocol(trans) ReadWriteDouble(t, p, trans) p = NewCompactProtocol(trans) ReadWriteFloat(t, p, trans) p = NewCompactProtocol(trans) ReadWriteString(t, p, trans) p = NewCompactProtocol(trans) ReadWriteBinary(t, p, trans) p = NewCompactProtocol(trans) ReadWriteStruct(t, p, trans) trans.Close() } }",True,Go,TestReadWriteCompactProtocol,compact_protocol_test.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2020-03-11 01:08:07-07:00,"Validate container size against total message size

Summary:
For performance reasons we preallocate golang containers with
the size given in the field header.  This allowed an attacker to
trigger very large memory allocations and potentially crash the server
with small messages.  Before creating the golang container confirm
that the message is theoretically large enough to contain a list/map/set
of the given size.

This requires that the binary and compact protocols use transports
that can expose the amount of data waiting to be read.  As a result of
this change you will not be able to do things like use the raw socket
transport or talk to endpoints over the HTTP transport that don't send
a content length header.

Fixes CVE-2019-11939.

Differential Revision: D19595758

fbshipit-source-id: 48bb9dbaf0467cea7a54602f0b07b00a8755c3f9",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2019-11939,func (EmptyEvidencePool) AddEvidence(types.Evidence) error { return nil }
410,"func (p *HTTPClient) Read(buf []byte) (int, error) { if p.response == nil { return 0, NewTransportException(NOT_OPEN, ""Response buffer is empty, no request."") } n, err := p.response.Body.Read(buf) if n > 0 && (err == nil || err == io.EOF) { return n, nil } return n, NewTransportExceptionFromError(err) }",True,Go,Read,http_client.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2020-03-11 01:08:07-07:00,"Validate container size against total message size

Summary:
For performance reasons we preallocate golang containers with
the size given in the field header.  This allowed an attacker to
trigger very large memory allocations and potentially crash the server
with small messages.  Before creating the golang container confirm
that the message is theoretically large enough to contain a list/map/set
of the given size.

This requires that the binary and compact protocols use transports
that can expose the amount of data waiting to be read.  As a result of
this change you will not be able to do things like use the raw socket
transport or talk to endpoints over the HTTP transport that don't send
a content length header.

Fixes CVE-2019-11939.

Differential Revision: D19595758

fbshipit-source-id: 48bb9dbaf0467cea7a54602f0b07b00a8755c3f9",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2019-11939,"func (EmptyEvidencePool) Update(State, types.EvidenceList) {}"
412,"func (p *HTTPClient) ReadByte() (c byte, err error) { return readByte(p.response.Body) }",True,Go,ReadByte,http_client.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2020-03-11 01:08:07-07:00,"Validate container size against total message size

Summary:
For performance reasons we preallocate golang containers with
the size given in the field header.  This allowed an attacker to
trigger very large memory allocations and potentially crash the server
with small messages.  Before creating the golang container confirm
that the message is theoretically large enough to contain a list/map/set
of the given size.

This requires that the binary and compact protocols use transports
that can expose the amount of data waiting to be read.  As a result of
this change you will not be able to do things like use the raw socket
transport or talk to endpoints over the HTTP transport that don't send
a content length header.

Fixes CVE-2019-11939.

Differential Revision: D19595758

fbshipit-source-id: 48bb9dbaf0467cea7a54602f0b07b00a8755c3f9",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2019-11939,func (EmptyEvidencePool) CheckEvidence(evList types.EvidenceList) error { return nil }
414,func (p *HTTPClient) RemainingBytes() (num_bytes uint64) { len := p.response.ContentLength if len >= 0 { return uint64(len) } return UnknownRemaining },True,Go,RemainingBytes,http_client.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2020-03-11 01:08:07-07:00,"Validate container size against total message size

Summary:
For performance reasons we preallocate golang containers with
the size given in the field header.  This allowed an attacker to
trigger very large memory allocations and potentially crash the server
with small messages.  Before creating the golang container confirm
that the message is theoretically large enough to contain a list/map/set
of the given size.

This requires that the binary and compact protocols use transports
that can expose the amount of data waiting to be read.  As a result of
this change you will not be able to do things like use the raw socket
transport or talk to endpoints over the HTTP transport that don't send
a content length header.

Fixes CVE-2019-11939.

Differential Revision: D19595758

fbshipit-source-id: 48bb9dbaf0467cea7a54602f0b07b00a8755c3f9",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2019-11939,"func (cs *State) tryAddVote(vote *types.Vote, peerID p2p.ID) (bool, error) { added, err := cs.addVote(vote, peerID) if err != nil { if voteErr, ok := err.(*types.ErrVoteConflictingVotes); ok { if cs.privValidatorPubKey == nil { return false, errPubKeyIsNotSet } if bytes.Equal(vote.ValidatorAddress, cs.privValidatorPubKey.Address()) { cs.Logger.Error( ""Found conflicting vote from ourselves. Did you unsafe_reset a validator?"", ""height"", vote.Height, ""round"", vote.Round, ""type"", vote.Type) return added, err } cs.evpool.ReportConflictingVotes(voteErr.VoteA, voteErr.VoteB) return added, err } else if err == types.ErrVoteNonDeterministicSignature { cs.Logger.Debug(""Vote has non-deterministic signature"", ""err"", err) } else { cs.Logger.Info(""Error attempting to add vote"", ""err"", err) return added, ErrAddingVote } } return added, nil }"
416,"func (p *HTTPClient) closeResponse() error { var err error if p.response != nil && p.response.Body != nil { io.Copy(ioutil.Discard, p.response.Body) err = p.response.Body.Close() } p.response = nil return err }",True,Go,closeResponse,http_client.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2020-03-11 01:08:07-07:00,"Validate container size against total message size

Summary:
For performance reasons we preallocate golang containers with
the size given in the field header.  This allowed an attacker to
trigger very large memory allocations and potentially crash the server
with small messages.  Before creating the golang container confirm
that the message is theoretically large enough to contain a list/map/set
of the given size.

This requires that the binary and compact protocols use transports
that can expose the amount of data waiting to be read.  As a result of
this change you will not be able to do things like use the raw socket
transport or talk to endpoints over the HTTP transport that don't send
a content length header.

Fixes CVE-2019-11939.

Differential Revision: D19595758

fbshipit-source-id: 48bb9dbaf0467cea7a54602f0b07b00a8755c3f9",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2019-11939,"func (h *Handler) DefaultErrorHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { h.L.Warnln(""A client requested the default error URL, environment variable OAUTH2_ERROR_URL is probably not set."") t, err := template.New(""consent"").Parse(` <html> <head> <title>An OAuth 2.0 Error Occurred</title> </head> <body> <h1> The OAuth2 request resulted in an error. </h1> <ul> <li>Error: {{ .Name }}</li> <li>Description: {{ .Description }}</li> <li>Hint: {{ .Hint }}</li> <li>Debug: {{ .Debug }}</li> </ul> <p> You are seeing this default error page because the administrator has not set a dedicated error URL (environment variable <code>OAUTH2_ERROR_URL</code> is not set). If you are an administrator, please read <a href=""https: need to do. If you are a user, please contact the administrator. </p> </body> </html> `) if err != nil { h.H.WriteError(w, r, err) return } if err := t.Execute(w, struct { Name string Description string Hint string Debug string }{ Name: r.URL.Query().Get(""error""), Description: r.URL.Query().Get(""error_description""), Hint: r.URL.Query().Get(""error_hint""), Debug: r.URL.Query().Get(""error_debug""), }); err != nil { h.H.WriteError(w, r, err) return } }"
417,"func ReadWriteProtocolTest(t *testing.T, protocolFactory ProtocolFactory) { buf := bytes.NewBuffer(make([]byte, 0, 1024)) l := HTTPClientSetupForTest(t) defer l.Close() transports := []TransportFactory{ NewMemoryBufferTransportFactory(1024), NewStreamTransportFactory(buf, buf, true), NewFramedTransportFactory(NewMemoryBufferTransportFactory(1024)), NewHTTPPostClientTransportFactory(""http: } doForAllTransports := func(protTest protocolTest) { for _, tf := range transports { trans := tf.GetTransport(nil) p := protocolFactory.GetProtocol(trans) protTest(t, p, trans) trans.Close() } } doForAllTransports(ReadWriteBool) doForAllTransports(ReadWriteByte) doForAllTransports(ReadWriteI16) doForAllTransports(ReadWriteI32) doForAllTransports(ReadWriteI64) doForAllTransports(ReadWriteDouble) doForAllTransports(ReadWriteFloat) doForAllTransports(ReadWriteString) doForAllTransports(ReadWriteBinary) doForAllTransports(ReadWriteStruct) doForAllTransports(func(t testing.TB, p Protocol, trans Transport) { ReadWriteI64(t, p, trans) ReadWriteDouble(t, p, trans) ReadWriteFloat(t, p, trans) ReadWriteBinary(t, p, trans) ReadWriteByte(t, p, trans) ReadWriteStruct(t, p, trans) }) }",True,Go,ReadWriteProtocolTest,protocol_test.go,https://github.com/facebook/fbthrift,facebook,Facebook Github Bot,2020-03-11 01:08:07-07:00,"Validate container size against total message size

Summary:
For performance reasons we preallocate golang containers with
the size given in the field header.  This allowed an attacker to
trigger very large memory allocations and potentially crash the server
with small messages.  Before creating the golang container confirm
that the message is theoretically large enough to contain a list/map/set
of the given size.

This requires that the binary and compact protocols use transports
that can expose the amount of data waiting to be read.  As a result of
this change you will not be able to do things like use the raw socket
transport or talk to endpoints over the HTTP transport that don't send
a content length header.

Fixes CVE-2019-11939.

Differential Revision: D19595758

fbshipit-source-id: 48bb9dbaf0467cea7a54602f0b07b00a8755c3f9",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2019-11939,"func (h *Handler) DefaultConsentHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { h.L.Warnln(""It looks like no consent/login URL was set. All OAuth2 flows except client credentials will fail."") h.L.Warnln(""A client requested the default login & consent URL, environment variable OAUTH2_CONSENT_URL or OAUTH2_LOGIN_URL or both are probably not set."") t, err := template.New(""consent"").Parse(` <html> <head> <title>Misconfigured consent/login URL</title> </head> <body> <p> It looks like you forgot to set the consent/login provider url, which can be set using the <code>OAUTH2_CONSENT_URL</code> and <code>OAUTH2_LOGIN_URL</code> environment variable. </p> <p> If you are an administrator, please read <a href=""https: the guide</a> to understand what you need to do. If you are a user, please contact the administrator. </p> </body> </html> `) if err != nil { h.H.WriteError(w, r, err) return } if err := t.Execute(w, nil); err != nil { h.H.WriteError(w, r, err) return } }"
418,"func parseV2(r *bufio.Reader) (*HeaderV2, error) { buf := make([]byte, 232) n, err := io.ReadFull(r, buf[:16]) if err != nil { return nil, &InvalidHeaderErr{Read: buf[:n], error: err} } var rawHdr rawV2 err = binary.Read(bytes.NewReader(buf), binary.BigEndian, &rawHdr) if err != nil { return nil, &InvalidHeaderErr{Read: buf[:16], error: err} } if !bytes.Equal(rawHdr.Sig[:], sigV2) { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid signature"")} } if (rawHdr.VerCmd >> 4) != 2 { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid v2 version value"")} } var h HeaderV2 h.Command = Cmd(rawHdr.VerCmd & 0xf) if h.Command > CmdProxy { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid v2 command"")} } if (rawHdr.FamProto >> 4) > 3 { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid v2 address family"")} } if (rawHdr.FamProto & 0xf) > 2 { return nil, &InvalidHeaderErr{Read: buf[:16], error: errors.New(""invalid v2 transport protocol"")} } if 16+int(rawHdr.Len) > len(buf) { newBuf := make([]byte, 16+int(rawHdr.Len)) copy(newBuf, buf[:16]) buf = newBuf } else { buf = buf[:16+int(rawHdr.Len)] } n, err = io.ReadFull(r, buf[16:]) if err != nil { return nil, &InvalidHeaderErr{Read: buf[:16+n], error: err} } if h.Command == CmdLocal { return &h, nil } switch rawHdr.FamProto { case 0x11: h.Src = &net.TCPAddr{ IP: net.IP(buf[16:20]), Port: int(binary.BigEndian.Uint16(buf[24:])), } h.Dest = &net.TCPAddr{ IP: net.IP(buf[20:24]), Port: int(binary.BigEndian.Uint16(buf[26:])), } case 0x12: h.Src = &net.UDPAddr{ IP: net.IP(buf[16:20]), Port: int(binary.BigEndian.Uint16(buf[24:])), } h.Dest = &net.UDPAddr{ IP: net.IP(buf[20:24]), Port: int(binary.BigEndian.Uint16(buf[26:])), } case 0x21: h.Src = &net.TCPAddr{ IP: net.IP(buf[16:32]), Port: int(binary.BigEndian.Uint16(buf[48:])), } h.Dest = &net.TCPAddr{ IP: net.IP(buf[32:48]), Port: int(binary.BigEndian.Uint16(buf[50:])), } case 0x22: h.Src = &net.UDPAddr{ IP: net.IP(buf[16:32]), Port: int(binary.BigEndian.Uint16(buf[48:])), } h.Dest = &net.UDPAddr{ IP: net.IP(buf[32:48]), Port: int(binary.BigEndian.Uint16(buf[50:])), } case 0x31: h.Src = &net.UnixAddr{ Net: ""unix"", Name: strings.TrimRight(string(buf[16:124]), ""\x00""), } h.Dest = &net.UnixAddr{ Net: ""unix"", Name: strings.TrimRight(string(buf[124:232]), ""\x00""), } case 0x32: h.Src = &net.UnixAddr{ Net: ""unixgram"", Name: strings.TrimRight(string(buf[16:124]), ""\x00""), } h.Dest = &net.UnixAddr{ Net: ""unixgram"", Name: strings.TrimRight(string(buf[124:232]), ""\x00""), } } return &h, nil }",True,Go,parseV2,headerv2.go,https://github.com/mastercactapus/proxyprotocol,mastercactapus,Nathaniel Caza,2019-07-23 08:34:30-05:00,Add test and fix for malformed/truncated header,CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2019-14243,"func (h *Handler) DefaultLogoutHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { h.L.Warnln(""A client requested the default logout URL, environment variable OAUTH2_LOGOUT_REDIRECT_URL is probably not set."") t, err := template.New(""consent"").Parse(` <html> <head> <title>You logged out successfully</title> </head> <body> <h1> You logged out successfully! </h1> <p> You are seeing this default page because the administrator did not specify a redirect URL (environment variable <code>OAUTH2_LOGOUT_REDIRECT_URL</code> is not set). If you are an administrator, please read <a href=""https: need to do. If you are a user, please contact the administrator. </p> </body> </html> `) if err != nil { h.H.WriteError(w, r, err) return } if err := t.Execute(w, nil); err != nil { h.H.WriteError(w, r, err) return } }"
420,"func TestHeaderV2(t *testing.T) { type section struct { name string value []byte } check := func(name string, h HeaderV2, exp []section) { t.Run(name+""_WriteTo"", func(t *testing.T) { var buf bytes.Buffer _, err := h.WriteTo(&buf) assert.NoError(t, err) for _, s := range exp { cmp := make([]byte, len(s.value)) _, err := io.ReadFull(&buf, cmp) assert.NoError(t, err) assert.Equal(t, s.value, cmp, s.name) } }) t.Run(name+""_Parse"", func(t *testing.T) { var buf bytes.Buffer for _, s := range exp { buf.Write(s.value) } hdr, err := Parse(bufio.NewReader(&buf)) assert.NoError(t, err) assert.IsType(t, &HeaderV2{}, hdr, ""Header Type"") p := hdr.(*HeaderV2) assert.Equal(t, h.Command, p.Command, ""Command"") if h.Src != nil { assert.NotNil(t, p.Src) assert.Equal(t, h.Src.String(), p.Src.String(), ""SrcAddr"") } else { assert.Nil(t, p.Src) } if h.Dest != nil { assert.NotNil(t, p.Dest) assert.Equal(t, h.Dest.String(), p.Dest.String(), ""DestAddr"") } else { assert.Nil(t, p.Dest) } }) } check(""local"", HeaderV2{}, []section{ {name: ""Signature"", value: sigV2}, {name: ""Version"", value: []byte{0x20}}, {name: ""Fam/Proto"", value: []byte{0x00}}, {name: ""Length"", value: []byte{0, 0}}, }, ) check(""tcp-ipv4"", HeaderV2{ Command: CmdProxy, Src: &net.TCPAddr{IP: net.ParseIP(""192.168.0.1""), Port: 80}, Dest: &net.TCPAddr{IP: net.ParseIP(""192.168.0.2""), Port: 90}, }, []section{ {name: ""Signature"", value: sigV2}, {name: ""Version"", value: []byte{0x21}}, {name: ""Fam/Proto"", value: []byte{0x11}}, {name: ""Length"", value: []byte{0, 12}}, {name: ""SrcAddr"", value: []byte{192, 168, 0, 1}}, {name: ""DestAddr"", value: []byte{192, 168, 0, 2}}, {name: ""SrcPort"", value: []byte{0, 80}}, {name: ""DstPort"", value: []byte{0, 90}}, }, ) check(""udp-ipv4"", HeaderV2{ Command: CmdProxy, Src: &net.UDPAddr{IP: net.ParseIP(""192.168.0.1""), Port: 80}, Dest: &net.UDPAddr{IP: net.ParseIP(""192.168.0.2""), Port: 90}, }, []section{ {name: ""Signature"", value: sigV2}, {name: ""Version"", value: []byte{0x21}}, {name: ""Fam/Proto"", value: []byte{0x12}}, {name: ""Length"", value: []byte{0, 12}}, {name: ""SrcAddr"", value: []byte{192, 168, 0, 1}}, {name: ""DestAddr"", value: []byte{192, 168, 0, 2}}, {name: ""SrcPort"", value: []byte{0, 80}}, {name: ""DstPort"", value: []byte{0, 90}}, }, ) check(""udp-ipv6"", HeaderV2{ Command: CmdProxy, Src: &net.UDPAddr{IP: net.ParseIP(""2001::1""), Port: 80}, Dest: &net.UDPAddr{IP: net.ParseIP(""2002::2""), Port: 90}, }, []section{ {name: ""Signature"", value: sigV2}, {name: ""Version"", value: []byte{0x21}}, {name: ""Fam/Proto"", value: []byte{0x22}}, {name: ""Length"", value: []byte{0, 36}}, {name: ""SrcAddr"", value: []byte{0x20, 0x01, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01}}, {name: ""DestAddr"", value: []byte{0x20, 0x02, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x02}}, {name: ""SrcPort"", value: []byte{0, 80}}, {name: ""DstPort"", value: []byte{0, 90}}, }, ) check(""unixstream"", HeaderV2{ Command: CmdProxy, Src: &net.UnixAddr{Net: ""unix"", Name: ""foo""}, Dest: &net.UnixAddr{Net: ""unix"", Name: ""bar""}, }, []section{ {name: ""Signature"", value: sigV2}, {name: ""Version"", value: []byte{0x21}}, {name: ""Fam/Proto"", value: []byte{0x31}}, {name: ""Length"", value: []byte{0, 216}}, {name: ""SrcAddr"", value: append([]byte(""foo""), make([]byte, 105)...)}, {name: ""DestAddr"", value: append([]byte(""bar""), make([]byte, 105)...)}, }, ) check(""unixgram"", HeaderV2{ Command: CmdProxy, Src: &net.UnixAddr{Net: ""unixgram"", Name: ""foo""}, Dest: &net.UnixAddr{Net: ""unixgram"", Name: ""bar""}, }, []section{ {name: ""Signature"", value: sigV2}, {name: ""Version"", value: []byte{0x21}}, {name: ""Fam/Proto"", value: []byte{0x32}}, {name: ""Length"", value: []byte{0, 216}}, {name: ""SrcAddr"", value: append([]byte(""foo""), make([]byte, 105)...)}, {name: ""DestAddr"", value: append([]byte(""bar""), make([]byte, 105)...)}, }, ) }",True,Go,TestHeaderV2,headerv2_test.go,https://github.com/mastercactapus/proxyprotocol,mastercactapus,Nathaniel Caza,2019-07-23 08:34:30-05:00,Add test and fix for malformed/truncated header,CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2019-14243,"func NewFositeMemoryStore( r InternalRegistry, c Configuration, ) *FositeMemoryStore { return &FositeMemoryStore{ AuthorizeCodes: make(map[string]authorizeCode), IDSessions: make(map[string]fosite.Requester), AccessTokens: make(map[string]fosite.Requester), PKCES: make(map[string]fosite.Requester), RefreshTokens: make(map[string]fosite.Requester), BlacklistedJTIs: make(map[string]time.Time), c: c, r: r, } }"
423,"func InstallNps() { path := common.GetInstallPath() if common.FileExists(path) { log.Fatalf(""the path %s has exist, does not support install"", path) } MkidrDirAll(path, ""conf"", ""web/static"", ""web/views"") if err := CopyDir(filepath.Join(common.GetAppPath(), ""web"", ""views""), filepath.Join(path, ""web"", ""views"")); err != nil { log.Fatalln(err) } if err := CopyDir(filepath.Join(common.GetAppPath(), ""web"", ""static""), filepath.Join(path, ""web"", ""static"")); err != nil { log.Fatalln(err) } if err := CopyDir(filepath.Join(common.GetAppPath(), ""conf""), filepath.Join(path, ""conf"")); err != nil { log.Fatalln(err) } if !common.IsWindows() { if _, err := copyFile(filepath.Join(common.GetAppPath(), ""nps""), ""/usr/bin/nps""); err != nil { if _, err := copyFile(filepath.Join(common.GetAppPath(), ""nps""), ""/usr/local/bin/nps""); err != nil { log.Fatalln(err) } else { os.Chmod(""/usr/local/bin/nps"", 0777) log.Println(""Executable files have been copied to"", ""/usr/local/bin/nps"") } } else { os.Chmod(""/usr/bin/nps"", 0777) log.Println(""Executable files have been copied to"", ""/usr/bin/nps"") } } log.Println(""install ok!"") log.Println(""Static files and configuration files in the current directory will be useless"") log.Println(""The new configuration file is located in"", path, ""you can edit them"") if !common.IsWindows() { log.Println(""You can start with nps test|start|stop|restart|status anywhere"") } else { log.Println(""You can copy executable files to any directory and start working with nps.exe test|start|stop|restart|status"") } }",True,Go,InstallNps,install.go,https://github.com/cnlh/nps,cnlh,ffdfgdfg,2019-08-16 10:48:48+08:00,"Change to 755, fixes #176",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2019-15119,"func (h *Handler) AuthHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var ctx = r.Context() authorizeRequest, err := h.r.OAuth2Provider().NewAuthorizeRequest(ctx, r) if err != nil { x.LogError(err, h.r.Logger()) h.writeAuthorizeError(w, r, authorizeRequest, err) return } session, err := h.r.ConsentStrategy().HandleOAuth2AuthorizationRequest(w, r, authorizeRequest) if errors.Cause(err) == consent.ErrAbortOAuth2Request { return } else if err != nil { x.LogError(err, h.r.Logger()) h.writeAuthorizeError(w, r, authorizeRequest, err) return } for _, scope := range session.GrantedScope { authorizeRequest.GrantScope(scope) } for _, audience := range session.GrantedAudience { authorizeRequest.GrantAudience(audience) } openIDKeyID, err := h.r.OpenIDJWTStrategy().GetPublicKeyID(r.Context()) if err != nil { x.LogError(err, h.r.Logger()) h.writeAuthorizeError(w, r, authorizeRequest, err) return } var accessTokenKeyID string if h.c.AccessTokenStrategy() == ""jwt"" { accessTokenKeyID, err = h.r.AccessTokenJWTStrategy().GetPublicKeyID(r.Context()) if err != nil { x.LogError(err, h.r.Logger()) h.writeAuthorizeError(w, r, authorizeRequest, err) return } } authorizeRequest.SetID(session.Challenge) claims := &jwt.IDTokenClaims{ Subject: session.ConsentRequest.SubjectIdentifier, Issuer: strings.TrimRight(h.c.IssuerURL().String(), ""/"") + ""/"", IssuedAt: time.Now().UTC(), AuthTime: time.Time(session.AuthenticatedAt), RequestedAt: session.RequestedAt, Extra: session.Session.IDToken, AuthenticationContextClassReference: session.ConsentRequest.ACR, } claims.Add(""sid"", session.ConsentRequest.LoginSessionID) response, err := h.r.OAuth2Provider().NewAuthorizeResponse(ctx, authorizeRequest, &Session{ DefaultSession: &openid.DefaultSession{ Claims: claims, Headers: &jwt.Headers{Extra: map[string]interface{}{ ""kid"": openIDKeyID, }}, Subject: session.ConsentRequest.Subject, }, Extra: session.Session.AccessToken, KID: accessTokenKeyID, ClientID: authorizeRequest.GetClient().GetID(), ConsentChallenge: session.Challenge, }) if err != nil { x.LogError(err, h.r.Logger()) h.writeAuthorizeError(w, r, authorizeRequest, err) return } h.r.OAuth2Provider().WriteAuthorizeResponse(w, authorizeRequest, response) }"
429,"func (*Provider) Render(ctx *provider.Context, config, data string) string { result := blackfriday.Run([]byte(data)) return string(result) }",True,Go,Render,markdown.go,https://github.com/documize/community,documize,sauls8t,2019-11-19 11:47:51+00:00,Sanitize HTML in Markdown sections,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-19619,"func NewHandler(appLister applisters.ApplicationLister, namespace string, enabledNamespaces []string, db db.ArgoDB, enf *rbac.Enforcer, cache *servercache.Cache, appResourceTree AppResourceTreeFn, allowedShells []string, sessionManager util_session.SessionManager) *terminalHandler { return &terminalHandler{ appLister: appLister, db: db, enf: enf, cache: cache, appResourceTreeFn: appResourceTree, allowedShells: allowedShells, namespace: namespace, enabledNamespaces: enabledNamespaces, sessionManager: sessionManager, } }"
432,"appendMessage = func(targetOffset uint32) bool { for _, f := range frags { if f.handshakeHeader.FragmentOffset == targetOffset { fragmentEnd := (f.handshakeHeader.FragmentOffset + f.handshakeHeader.FragmentLength) if fragmentEnd != f.handshakeHeader.Length { if !appendMessage(fragmentEnd) { return false } } rawMessage = append(f.data, rawMessage...) return true } } return false }",True,Go,bool,fragment_buffer.go,https://github.com/pion/dtls,pion,Sean DuBois,2022-05-10 15:36:11-04:00,"Don't attempt to append zero length fragments

Before the fragmentBuffer would process zero length fragments. Since
they are zero length the append would not do anything. This would
result in an infinite loop.",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2022-29190,"func newTerminalSession(w http.ResponseWriter, r *http.Request, responseHeader http.Header, sessionManager util_session.SessionManager) (*terminalSession, error) { token, err := getToken(r) if err != nil { return nil, err } conn, err := upgrader.Upgrade(w, r, responseHeader) if err != nil { return nil, err } session := &terminalSession{ wsConn: conn, tty: true, sizeChan: make(chan remotecommand.TerminalSize), doneChan: make(chan struct{}), sessionManager: sessionManager, token: &token, } return session, nil }"
450,"func makeHTTPClient(remoteAddr string) (string, *http.Client) { protocol, address, dialer := makeHTTPDialer(remoteAddr) return protocol + "": Transport: &http.Transport{ Dial: dialer, }, } }",True,Go,makeHTTPClient,http_client.go,https://github.com/tendermint/tendermint,tendermint,Ethan Buchman,2019-03-19 20:18:18-04:00,rpc: client disable compression (#3430),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2019-25072,"func Test_nativeHelmChart_ExtractChart(t *testing.T) { client := NewClient(""https: path, closer, err := client.ExtractChart(""argo-cd"", ""0.7.1"", false, math.MaxInt64, true) assert.NoError(t, err) defer io.Close(closer) info, err := os.Stat(path) assert.NoError(t, err) assert.True(t, info.IsDir()) }"
454,"func (voteSet *VoteSet) MakeCommit() *Commit { if voteSet.signedMsgType != tmproto.PrecommitType { panic(""Cannot MakeCommit() unless VoteSet.Type is PrecommitType"") } voteSet.mtx.Lock() defer voteSet.mtx.Unlock() if voteSet.maj23 == nil { panic(""Cannot MakeCommit() unless a blockhash has +2/3"") } commitSigs := make([]CommitSig, len(voteSet.votes)) for i, v := range voteSet.votes { commitSigs[i] = v.CommitSig() } return NewCommit(voteSet.GetHeight(), voteSet.GetRound(), *voteSet.maj23, commitSigs) }",True,Go,MakeCommit,vote_set.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2020-07-02 15:41:49+02:00,"consensus: Do not allow signatures for a wrong block in commits

Closes #4926

The dump consensus state had this:

      ""last_commit"": {
        ""votes"": [
          ""Vote{0:04CBBF43CA3E 385085/00/2(Precommit) 1B73DA9FC4C8 42C97B86D89D @ 2020-05-27T06:46:51.042392895Z}"",
          ""Vote{1:055799E028FA 385085/00/2(Precommit) 652B08AD61EA 0D507D7FA3AB @ 2020-06-28T04:57:29.20793209Z}"",
          ""Vote{2:056024CFA910 385085/00/2(Precommit) 652B08AD61EA C8E95532A4C3 @ 2020-06-28T04:57:29.452696998Z}"",
          ""Vote{3:0741C95814DA 385085/00/2(Precommit) 652B08AD61EA 36D567615F7C @ 2020-06-28T04:57:29.279788593Z}"",

Note there's a precommit in there from the first val from May (2020-05-27) while the rest are from today (2020-06-28). It suggests there's a validator from an old instance of the network at this height (they're using the same chain-id!). Obviously a single bad validator shouldn't be an issue. But the Commit refactor work introduced a bug.

When we propose a block, we get the block.LastCommit by calling MakeCommit on the set of precommits we saw for the last height. This set may include precommits for a different block, and hence the block.LastCommit we propose may include precommits that aren't actually for the last block (but of course +2/3 will be). Before v0.33, we just skipped over these precommits during verification. But in v0.33, we expect all signatures for a blockID to be for the same block ID! Thus we end up proposing a block that we can't verify.",CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2020-15091,"func Test_nativeHelmChart_ExtractChart_insecure(t *testing.T) { client := NewClient(""https: path, closer, err := client.ExtractChart(""argo-cd"", ""0.7.1"", false, math.MaxInt64, true) assert.NoError(t, err) defer io.Close(closer) info, err := os.Stat(path) assert.NoError(t, err) assert.True(t, info.IsDir()) }"
456,"func (cs *State) tryAddVote(vote *types.Vote, peerID p2p.ID) (bool, error) { added, err := cs.addVote(vote, peerID) if err != nil { if voteErr, ok := err.(*types.ErrVoteConflictingVotes); ok { if cs.privValidatorPubKey == nil { return false, errPubKeyIsNotSet } if bytes.Equal(vote.ValidatorAddress, cs.privValidatorPubKey.Address()) { cs.Logger.Error( ""Found conflicting vote from ourselves. Did you unsafe_reset a validator?"", ""height"", vote.Height, ""round"", vote.Round, ""type"", vote.Type) return added, err } var timestamp time.Time if voteErr.VoteA.Height == cs.state.InitialHeight { timestamp = cs.state.LastBlockTime } else { timestamp = sm.MedianTime(cs.LastCommit.MakeCommit(), cs.LastValidators) } ev := types.NewDuplicateVoteEvidence(voteErr.VoteA, voteErr.VoteB, timestamp, cs.Validators) evidenceErr := cs.evpool.AddEvidenceFromConsensus(ev) if evidenceErr != nil { cs.Logger.Error(""Failed to add evidence to the evidence pool"", ""err"", evidenceErr) } else { cs.Logger.Debug(""Added evidence to the evidence pool"", ""ev"", ev) } return added, err } else if err == types.ErrVoteNonDeterministicSignature { cs.Logger.Debug(""Vote has non-deterministic signature"", ""err"", err) } else { cs.Logger.Info(""Error attempting to add vote"", ""err"", err) return added, ErrAddingVote } } return added, nil }",True,Go,tryAddVote,state.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"if rf, ok := ret.Get(0).(func(string, kube.ResourceKey, func(v1alpha1.ResourceNode, string) bool) error); ok { r0 = rf(server, key, action) } else { r0 = ret.Error(0) } return r0 }"
458,"func (evpool *Pool) CheckEvidence(evList types.EvidenceList) error { hashes := make([][]byte, len(evList)) for idx, ev := range evList { ok := evpool.fastCheck(ev) if !ok { if evpool.isCommitted(ev) { return &types.ErrInvalidEvidence{Evidence: ev, Reason: errors.New(""evidence was already committed"")} } err := evpool.verify(ev) if err != nil { return &types.ErrInvalidEvidence{Evidence: ev, Reason: err} } if err := evpool.addPendingEvidence(ev); err != nil { evpool.logger.Error(""Can't add evidence to pending list"", ""err"", err, ""ev"", ev) } evpool.logger.Info(""Verified new evidence of byzantine behavior"", ""evidence"", ev) } hashes[idx] = ev.Hash() for i := idx - 1; i >= 0; i-- { if bytes.Equal(hashes[i], hashes[idx]) { return &types.ErrInvalidEvidence{Evidence: ev, Reason: errors.New(""duplicate evidence"")} } } } return nil }",True,Go,CheckEvidence,pool.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func (proj AppProject) IsLiveResourcePermitted(un *unstructured.Unstructured, server string, name string) bool { return proj.IsResourcePermitted(un.GroupVersionKind().GroupKind(), un.GetNamespace(), ApplicationDestination{Server: server, Name: name}) }"
460,"func (evpool *Pool) removePendingEvidence(evidence types.Evidence) { key := keyPending(evidence) if err := evpool.evidenceStore.Delete(key); err != nil { evpool.logger.Error(""Unable to delete pending evidence"", ""err"", err) } else { atomic.AddUint32(&evpool.evidenceSize, ^uint32(0)) evpool.logger.Info(""Deleted pending evidence"", ""evidence"", evidence) } }",True,Go,removePendingEvidence,pool.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func TestPermissions(t *testing.T) { appCtx := Given(t) projName := ""argo-project"" projActions := projectFixture. Given(t). Name(projName). When(). Create() sourceError := fmt.Sprintf(""application repo %s is not permitted in project 'argo-project'"", RepoURL(RepoURLTypeFile)) destinationError := fmt.Sprintf(""application destination {%s %s} is not permitted in project 'argo-project'"", KubernetesInternalAPIServerAddr, DeploymentNamespace()) appCtx. Path(""guestbook-logs""). Project(projName). When(). IgnoreErrors(). CreateApp(). Then(). Expect(Error("""", sourceError)). Expect(Error("""", destinationError)). When(). DoNotIgnoreErrors(). And(func() { projActions.AddDestination(""*"", ""*"") projActions.AddSource(""*"") }). CreateApp(). Sync(). Then(). And(func(app *Application) { assertResourceActions(t, app.Name, true) }). When(). And(func() { projActions.UpdateProject(func(proj *AppProject) { proj.Spec.Destinations = nil proj.Spec.SourceRepos = nil }) }). Refresh(RefreshTypeNormal). Then(). Expect(Condition(ApplicationConditionInvalidSpecError, destinationError)). Expect(Condition(ApplicationConditionInvalidSpecError, sourceError)). And(func(app *Application) { closer, cdClient := ArgoCDClientset.NewApplicationClientOrDie() defer io.Close(closer) tree, err := cdClient.ResourceTree(context.Background(), &applicationpkg.ResourcesQuery{ApplicationName: &app.Name}) require.NoError(t, err) assert.Len(t, tree.Nodes, 0) assert.Len(t, tree.OrphanedNodes, 0) }). When(). And(func() { projActions. AddDestination(""*"", ""*""). AddSource(""*""). UpdateProject(func(proj *AppProject) { proj.Spec.NamespaceResourceBlacklist = []metav1.GroupKind{{Group: ""*"", Kind: ""Deployment""}} }) }). Refresh(RefreshTypeNormal). Then(). And(func(app *Application) { assertResourceActions(t, ""test-permissions"", false) }) }"
467,"func (evpool *Pool) AddEvidenceFromConsensus(ev types.Evidence) error { if evpool.isPending(ev) { evpool.logger.Info(""Evidence already pending, ignoring this one"", ""ev"", ev) return nil } evpool.mtx.Lock() defer evpool.mtx.Unlock() evpool.consensusBuffer = append(evpool.consensusBuffer, ev) evpool.logger.Info(""received new evidence of byzantine behavior from consensus"", ""evidence"", ev) return nil }",True,Go,AddEvidenceFromConsensus,pool.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func (r *schemaResolver) UpdateSavedSearch(ctx context.Context, args *struct { ID graphql.ID Description string Query string NotifyOwner bool NotifySlack bool OrgID *graphql.ID UserID *graphql.ID }) (*savedSearchResolver, error) { id, err := unmarshalSavedSearchID(args.ID) if err != nil { return nil, err } old, err := r.db.SavedSearches().GetByID(ctx, id) if err != nil { return nil, errors.Wrap(err, ""fetch old saved search"") } if old.Config.UserID != nil { if err := backend.CheckSiteAdminOrSameUser(ctx, r.db, *old.Config.UserID); err != nil { return nil, err } } else if old.Config.OrgID != nil { if err := backend.CheckOrgAccessOrSiteAdmin(ctx, r.db, *old.Config.OrgID); err != nil { return nil, err } } else { return nil, errors.New(""failed to update saved search: no Org ID or User ID associated with saved search"") } if !queryHasPatternType(args.Query) { return nil, errMissingPatternType } ss, err := r.db.SavedSearches().Update(ctx, &types.SavedSearch{ ID: id, Description: args.Description, Query: args.Query, Notify: args.NotifyOwner, NotifySlack: args.NotifySlack, UserID: old.Config.UserID, OrgID: old.Config.OrgID, }) if err != nil { return nil, err } return r.toSavedSearchResolver(*ss), nil }"
468,"func (evpool *Pool) Update(state sm.State, ev types.EvidenceList) { if state.LastBlockHeight <= evpool.state.LastBlockHeight { panic(fmt.Sprintf( ""Failed EvidencePool.Update new state height is less than or equal to previous state height: %d <= %d"", state.LastBlockHeight, evpool.state.LastBlockHeight, )) } evpool.logger.Info(""Updating evidence pool"", ""last_block_height"", state.LastBlockHeight, ""last_block_time"", state.LastBlockTime) evpool.logger.Info( ""updating evidence pool"", ""last_block_height"", state.LastBlockHeight, ""last_block_time"", state.LastBlockTime, ) evpool.mtx.Lock() evpool.flushConsensusBuffer() evpool.state = state evpool.mtx.Unlock() evpool.markEvidenceAsCommitted(ev) if evpool.Size() > 0 && state.LastBlockHeight > evpool.pruningHeight && state.LastBlockTime.After(evpool.pruningTime) { evpool.pruningHeight, evpool.pruningTime = evpool.removeExpiredPendingEvidence() } }",True,Go,Update,pool.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func TestUpdateSavedSearch(t *testing.T) { ctx := context.Background() key := int32(1) users := database.NewMockUserStore() users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{SiteAdmin: true, ID: key}, nil) ss := database.NewMockSavedSearchStore() ss.UpdateFunc.SetDefaultHook(func(ctx context.Context, savedSearch *types.SavedSearch) (*types.SavedSearch, error) { return &types.SavedSearch{ ID: key, Description: savedSearch.Description, Query: savedSearch.Query, Notify: savedSearch.Notify, NotifySlack: savedSearch.NotifySlack, UserID: savedSearch.UserID, OrgID: savedSearch.OrgID, }, nil }) ss.GetByIDFunc.SetDefaultReturn(&api.SavedQuerySpecAndConfig{ Config: api.ConfigSavedQuery{ UserID: &key, }, }, nil) db := database.NewMockDB() db.UsersFunc.SetDefaultReturn(users) db.SavedSearchesFunc.SetDefaultReturn(ss) userID := MarshalUserID(key) savedSearches, err := (&schemaResolver{db: db}).UpdateSavedSearch(ctx, &struct { ID graphql.ID Description string Query string NotifyOwner bool NotifySlack bool OrgID *graphql.ID UserID *graphql.ID }{ ID: marshalSavedSearchID(key), Description: ""updated query description"", Query: ""test type:diff patternType:regexp"", OrgID: nil, UserID: &userID, }) if err != nil { t.Fatal(err) } want := &savedSearchResolver{db, types.SavedSearch{ ID: key, Description: ""updated query description"", Query: ""test type:diff patternType:regexp"", OrgID: nil, UserID: &key, }} mockrequire.Called(t, ss.UpdateFunc) if !reflect.DeepEqual(savedSearches, want) { t.Errorf(""got %v+, want %v+"", savedSearches, want) } _, err = (&schemaResolver{db: db}).UpdateSavedSearch(ctx, &struct { ID graphql.ID Description string Query string NotifyOwner bool NotifySlack bool OrgID *graphql.ID UserID *graphql.ID }{ID: marshalSavedSearchID(key), Description: ""updated query description"", Query: ""test type:diff"", NotifyOwner: true, NotifySlack: false, OrgID: nil, UserID: &userID}) if err == nil { t.Error(""Expected error for updateSavedSearch when query does not provide a patternType: field."") } }"
469,"func (evpool *Pool) flushConsensusBuffer() { for _, ev := range evpool.consensusBuffer { if err := evpool.addPendingEvidence(ev); err != nil { evpool.logger.Error(""failed to flush evidence from consensus buffer to pending list: %w"", err) continue } evpool.evidenceList.PushBack(ev) } evpool.consensusBuffer = make([]types.Evidence, 0) }",True,Go,flushConsensusBuffer,pool.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func (g DashboardHandler) Append(router *mux.Router) { if g.Assets == nil { log.WithoutContext().Error(""No assets for dashboard"") return } router.Methods(http.MethodGet). Path(""/""). HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { http.Redirect(resp, req, safePrefix(req)+""/dashboard/"", http.StatusFound) }) router.Methods(http.MethodGet). PathPrefix(""/dashboard/""). Handler(http.StripPrefix(""/dashboard/"", http.FileServer(g.Assets))) }"
471,"func (evpool *Pool) AddEvidence(ev types.Evidence) error { evpool.logger.Debug(""Attempting to add evidence"", ""ev"", ev) if evpool.isPending(ev) { evpool.logger.Info(""Evidence already pending, ignoring this one"", ""ev"", ev) return nil } if evpool.isCommitted(ev) { evpool.logger.Debug(""Evidence was already committed, ignoring this one"", ""ev"", ev) return nil } err := evpool.verify(ev) if err != nil { return types.NewErrInvalidEvidence(ev, err) } if err := evpool.addPendingEvidence(ev); err != nil { return fmt.Errorf(""can't add evidence to pending list: %w"", err) } evpool.evidenceList.PushBack(ev) evpool.logger.Info(""Verified new evidence of byzantine behavior"", ""evidence"", ev) return nil }",True,Go,AddEvidence,pool.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func TestResolveChartRef(t *testing.T) { tests := []struct { name, ref, expect, version string fail bool }{ {name: ""full URL"", ref: ""http: {name: ""full URL, HTTPS"", ref: ""https: {name: ""full URL, with authentication"", ref: ""http: {name: ""reference, testing repo"", ref: ""testing/alpine"", expect: ""http: {name: ""reference, version, testing repo"", ref: ""testing/alpine"", version: ""0.2.0"", expect: ""http: {name: ""reference, version, malformed repo"", ref: ""malformed/alpine"", version: ""1.2.3"", expect: ""http: {name: ""reference, querystring repo"", ref: ""testing-querystring/alpine"", expect: ""http: {name: ""reference, testing-relative repo"", ref: ""testing-relative/foo"", expect: ""http: {name: ""reference, testing-relative repo"", ref: ""testing-relative/bar"", expect: ""http: {name: ""reference, testing-relative-trailing-slash repo"", ref: ""testing-relative-trailing-slash/foo"", expect: ""http: {name: ""reference, testing-relative-trailing-slash repo"", ref: ""testing-relative-trailing-slash/bar"", expect: ""http: {name: ""full URL, HTTPS, irrelevant version"", ref: ""https: {name: ""full URL, file"", ref: ""file: {name: ""invalid"", ref: ""invalid-1.2.3"", fail: true}, {name: ""not found"", ref: ""nosuchthing/invalid-1.2.3"", fail: true}, } c := ChartDownloader{ Out: os.Stderr, RepositoryConfig: repoConfig, RepositoryCache: repoCache, Getters: getter.All(&cli.EnvSettings{ RepositoryConfig: repoConfig, RepositoryCache: repoCache, }), } for _, tt := range tests { u, err := c.ResolveChartVersion(tt.ref, tt.version) if err != nil { if tt.fail { continue } t.Errorf(""%s: failed with error %q"", tt.name, err) continue } if got := u.String(); got != tt.expect { t.Errorf(""%s: expected %s, got %s"", tt.name, tt.expect, got) } } }"
472,"func NewPool(evidenceDB dbm.DB, stateDB sm.Store, blockStore BlockStore) (*Pool, error) { state, err := stateDB.Load() if err != nil { return nil, fmt.Errorf(""cannot load state: %w"", err) } pool := &Pool{ stateDB: stateDB, blockStore: blockStore, state: state, logger: log.NewNopLogger(), evidenceStore: evidenceDB, evidenceList: clist.New(), consensusBuffer: make([]types.Evidence, 0), } pool.pruningHeight, pool.pruningTime = pool.removeExpiredPendingEvidence() evList, _, err := pool.listEvidence(baseKeyPending, -1) if err != nil { return nil, err } atomic.StoreUint32(&pool.evidenceSize, uint32(len(evList))) for _, ev := range evList { pool.evidenceList.PushBack(ev) } return pool, nil }",True,Go,NewPool,pool.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func loadIndex(data []byte) (*IndexFile, error) { i := &IndexFile{} if err := yaml.UnmarshalStrict(data, i); err != nil { return i, err } i.SortEntries() if i.APIVersion == """" { return i, ErrNoAPIVersion } return i, nil }"
473,"func TestAddEvidenceFromConsensus(t *testing.T) { var height int64 = 10 pool, val := defaultTestPool(height) ev := types.NewMockDuplicateVoteEvidenceWithValidator(height, defaultEvidenceTime, val, evidenceChainID) require.NoError(t, pool.AddEvidenceFromConsensus(ev)) evList, evSize := pool.PendingEvidence(defaultEvidenceMaxBytes) require.Empty(t, evList) require.Zero(t, evSize) next := pool.EvidenceFront() require.Nil(t, next) state := pool.State() state.LastBlockHeight++ pool.Update(state, []types.Evidence{}) evList, _ = pool.PendingEvidence(defaultEvidenceMaxBytes) require.Equal(t, []types.Evidence{ev}, evList) require.NoError(t, pool.AddEvidenceFromConsensus(ev)) state = pool.State() state.LastBlockHeight++ pool.Update(state, []types.Evidence{}) evList2, _ := pool.PendingEvidence(defaultEvidenceMaxBytes) require.Equal(t, evList, evList2) }",True,Go,TestAddEvidenceFromConsensus,pool_test.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func LoadAll(basedir string) ([]*Plugin, error) { plugins := []*Plugin{} scanpath := filepath.Join(basedir, ""*"", PluginFileName) matches, err := filepath.Glob(scanpath) if err != nil { return plugins, errors.Wrapf(err, ""failed to find plugins in %q"", scanpath) } if matches == nil { return plugins, nil } for _, yaml := range matches { dir := filepath.Dir(yaml) p, err := LoadDir(dir) if err != nil { return plugins, err } plugins = append(plugins, p) } return plugins, detectDuplicates(plugins) }"
476,"func TestCreateProposalBlock(t *testing.T) { config := cfg.ResetTestRoot(""node_create_proposal"") defer os.RemoveAll(config.RootDir) cc := proxy.NewLocalClientCreator(kvstore.NewApplication()) proxyApp := proxy.NewAppConns(cc) err := proxyApp.Start() require.Nil(t, err) defer proxyApp.Stop() logger := log.TestingLogger() var height int64 = 1 state, stateDB, privVals := state(1, height) stateStore := sm.NewStore(stateDB) maxBytes := 16384 var partSize uint32 = 256 maxEvidenceBytes := int64(maxBytes / 2) state.ConsensusParams.Block.MaxBytes = int64(maxBytes) state.ConsensusParams.Evidence.MaxBytes = maxEvidenceBytes proposerAddr, _ := state.Validators.GetByIndex(0) memplMetrics := mempl.PrometheusMetrics(""node_test_1"") mempool := mempl.NewCListMempool( config.Mempool, proxyApp.Mempool(), state.LastBlockHeight, mempl.WithMetrics(memplMetrics), mempl.WithPreCheck(sm.TxPreCheck(state)), mempl.WithPostCheck(sm.TxPostCheck(state)), ) mempool.SetLogger(logger) evidenceDB := dbm.NewMemDB() blockStore := store.NewBlockStore(dbm.NewMemDB()) evidencePool, err := evidence.NewPool(evidenceDB, stateStore, blockStore) require.NoError(t, err) evidencePool.SetLogger(logger) var currentBytes int64 = 0 for currentBytes <= maxEvidenceBytes { ev := types.NewMockDuplicateVoteEvidenceWithValidator(height, time.Now(), privVals[0], ""test-chain"") currentBytes += int64(len(ev.Bytes())) err := evidencePool.AddEvidenceFromConsensus(ev) require.NoError(t, err) } evList, size := evidencePool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes) require.Less(t, size, state.ConsensusParams.Evidence.MaxBytes+1) evData := &types.EvidenceData{Evidence: evList} require.EqualValues(t, size, evData.ByteSize()) txLength := 100 for i := 0; i <= maxBytes/txLength; i++ { tx := tmrand.Bytes(txLength) err := mempool.CheckTx(tx, nil, mempl.TxInfo{}) assert.NoError(t, err) } blockExec := sm.NewBlockExecutor( stateStore, logger, proxyApp.Consensus(), mempool, evidencePool, ) commit := types.NewCommit(height-1, 0, types.BlockID{}, nil) block, _ := blockExec.CreateProposalBlock( height, state, commit, proposerAddr, ) partSet := block.MakePartSet(partSize) assert.Less(t, partSet.ByteSize(), int64(maxBytes)) partSetFromHeader := types.NewPartSetFromHeader(partSet.Header()) for partSetFromHeader.Count() < partSetFromHeader.Total() { added, err := partSetFromHeader.AddPart(partSet.GetPart(int(partSetFromHeader.Count()))) require.NoError(t, err) require.True(t, added) } assert.EqualValues(t, partSetFromHeader.ByteSize(), partSet.ByteSize()) err = blockExec.ValidateBlock(state, block) assert.NoError(t, err) }",True,Go,TestCreateProposalBlock,node_test.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func LoadDir(dirname string) (*Plugin, error) { pluginfile := filepath.Join(dirname, PluginFileName) data, err := ioutil.ReadFile(pluginfile) if err != nil { return nil, errors.Wrapf(err, ""failed to read plugin at %q"", pluginfile) } plug := &Plugin{Dir: dirname} if err := yaml.Unmarshal(data, &plug.Metadata); err != nil { return nil, errors.Wrapf(err, ""failed to load plugin at %q"", pluginfile) } return plug, validatePluginData(plug, pluginfile) }"
478,func (EmptyEvidencePool) AddEvidence(types.Evidence) error { return nil },True,Go,AddEvidence,services.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func(ctx etreeutils.NSContext, signedInfo *etree.Element) error { detachedSignedInfo, err := etreeutils.NSDetatch(ctx, signedInfo) if err != nil { return err } c14NMethod, err := etreeutils.NSFindOneChildCtx(ctx, detachedSignedInfo, Namespace, CanonicalizationMethodTag) if err != nil { return err } if c14NMethod == nil { return errors.New(""missing CanonicalizationMethod on Signature"") } c14NAlgorithm := c14NMethod.SelectAttrValue(AlgorithmAttr, """") var canonicalSignedInfo *etree.Element switch AlgorithmID(c14NAlgorithm) { case CanonicalXML10ExclusiveAlgorithmId: err := etreeutils.TransformExcC14n(detachedSignedInfo, """") if err != nil { return err } canonicalSignedInfo = detachedSignedInfo case CanonicalXML11AlgorithmId: canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}) case CanonicalXML10RecAlgorithmId: canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}) case CanonicalXML10CommentAlgorithmId: canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}) default: return fmt.Errorf(""invalid CanonicalizationMethod on Signature: %s"", c14NAlgorithm) } signatureEl.RemoveChild(signedInfo) signatureEl.AddChild(canonicalSignedInfo) found = true return etreeutils.ErrTraversalHalted })"
480,"func (EmptyEvidencePool) Update(State, types.EvidenceList) {}",True,Go,Update,services.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func (f *Fosite) writeJsonError(rw http.ResponseWriter, err error) { rw.Header().Set(""Content-Type"", ""application/json;charset=UTF-8"") rw.Header().Set(""Cache-Control"", ""no-store"") rw.Header().Set(""Pragma"", ""no-cache"") rfcerr := ErrorToRFC6749Error(err) if !f.SendDebugMessagesToClients { rfcerr = rfcerr.Sanitize() } js, err := json.Marshal(rfcerr) if err != nil { if f.SendDebugMessagesToClients { errorMessage := EscapeJSONString(err.Error()) http.Error(rw, fmt.Sprintf(`{""error"":""server_error"",""error_description"":""%s""}`, errorMessage), http.StatusInternalServerError) } else { http.Error(rw, `{""error"":""server_error""}`, http.StatusInternalServerError) } return } rw.WriteHeader(rfcerr.Code) _, _ = rw.Write(js) }"
481,func (EmptyEvidencePool) AddEvidenceFromConsensus(evidence types.Evidence) error { return nil },True,Go,AddEvidenceFromConsensus,services.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func (f *Fosite) WriteAccessResponse(rw http.ResponseWriter, requester AccessRequester, responder AccessResponder) { rw.Header().Set(""Cache-Control"", ""no-store"") rw.Header().Set(""Pragma"", ""no-cache"") js, err := json.Marshal(responder.ToMap()) if err != nil { http.Error(rw, err.Error(), http.StatusInternalServerError) return } rw.Header().Set(""Content-Type"", ""application/json;charset=UTF-8"") rw.WriteHeader(http.StatusOK) _, _ = rw.Write(js) }"
482,func (EmptyEvidencePool) CheckEvidence(evList types.EvidenceList) error { return nil },True,Go,CheckEvidence,services.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func (f *Fosite) WriteAuthorizeError(rw http.ResponseWriter, ar AuthorizeRequester, err error) { rw.Header().Set(""Cache-Control"", ""no-store"") rw.Header().Set(""Pragma"", ""no-cache"") rfcerr := ErrorToRFC6749Error(err) if !f.SendDebugMessagesToClients { rfcerr = rfcerr.Sanitize() } if !ar.IsRedirectURIValid() { rw.Header().Set(""Content-Type"", ""application/json;charset=UTF-8"") js, err := json.Marshal(rfcerr) if err != nil { if f.SendDebugMessagesToClients { errorMessage := EscapeJSONString(err.Error()) http.Error(rw, fmt.Sprintf(`{""error"":""server_error"",""error_description"":""%s""}`, errorMessage), http.StatusInternalServerError) } else { http.Error(rw, `{""error"":""server_error""}`, http.StatusInternalServerError) } return } rw.WriteHeader(rfcerr.Code) _, _ = rw.Write(js) return } redirectURI := ar.GetRedirectURI() redirectURI.Fragment = """" query := rfcerr.ToValues() query.Add(""state"", ar.GetState()) var redirectURIString string if !(len(ar.GetResponseTypes()) == 0 || ar.GetResponseTypes().ExactOne(""code"")) && !errors.Is(err, ErrUnsupportedResponseType) { redirectURIString = redirectURI.String() + ""#"" + query.Encode() } else { for key, values := range redirectURI.Query() { for _, value := range values { query.Add(key, value) } } redirectURI.RawQuery = query.Encode() redirectURIString = redirectURI.String() } rw.Header().Add(""Location"", redirectURIString) rw.WriteHeader(http.StatusFound) }"
486,"func (cs *State) tryAddVote(vote *types.Vote, peerID p2p.ID) (bool, error) { added, err := cs.addVote(vote, peerID) if err != nil { if voteErr, ok := err.(*types.ErrVoteConflictingVotes); ok { if cs.privValidatorPubKey == nil { return false, errPubKeyIsNotSet } if bytes.Equal(vote.ValidatorAddress, cs.privValidatorPubKey.Address()) { cs.Logger.Error( ""Found conflicting vote from ourselves. Did you unsafe_reset a validator?"", ""height"", vote.Height, ""round"", vote.Round, ""type"", vote.Type) return added, err } var timestamp time.Time if voteErr.VoteA.Height == cs.state.InitialHeight { timestamp = cs.state.LastBlockTime } else { timestamp = sm.MedianTime(cs.LastCommit.MakeCommit(), cs.LastValidators) } ev := types.NewDuplicateVoteEvidence(voteErr.VoteA, voteErr.VoteB, timestamp, cs.Validators) evidenceErr := cs.evpool.AddEvidenceFromConsensus(ev) if evidenceErr != nil { cs.Logger.Error(""Failed to add evidence to the evidence pool"", ""err"", evidenceErr) } return added, err } else if err == types.ErrVoteNonDeterministicSignature { cs.Logger.Debug(""Vote has non-deterministic signature"", ""err"", err) } else { cs.Logger.Info(""Error attempting to add vote"", ""err"", err) return added, ErrAddingVote } } return added, nil }",True,Go,tryAddVote,state.go,https://github.com/tendermint/tendermint,tendermint,Tess Rinearson,2021-01-19 16:00:02+01:00,"use correct source of evidence time

Conflicting votes are now sent to the evidence pool to form duplicate vote evidence only once
the height of the evidence is finished and the time of the block finalised.",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-21271,"func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error { discoveryFuncs := []func() (request fosite.Requester, err error){ func() (request fosite.Requester, err error) { signature := r.RefreshTokenStrategy.RefreshTokenSignature(token) return r.TokenRevocationStorage.GetRefreshTokenSession(ctx, signature, nil) }, func() (request fosite.Requester, err error) { signature := r.AccessTokenStrategy.AccessTokenSignature(token) return r.TokenRevocationStorage.GetAccessTokenSession(ctx, signature, nil) }, } if tokenType == fosite.AccessToken { discoveryFuncs[0], discoveryFuncs[1] = discoveryFuncs[1], discoveryFuncs[0] } var ar fosite.Requester var err1, err2 error if ar, err1 = discoveryFuncs[0](); err1 != nil { ar, err2 = discoveryFuncs[1]() } if err2 != nil { return storeErrorsToRevocationError(err1, err2) } if ar.GetClient().GetID() != client.GetID() { return errors.WithStack(fosite.ErrUnauthorizedClient) } requestID := ar.GetID() err1 = r.TokenRevocationStorage.RevokeRefreshToken(ctx, requestID) err2 = r.TokenRevocationStorage.RevokeAccessToken(ctx, requestID) return storeErrorsToRevocationError(err1, err2) }"
489,"func (h *Handler) DefaultErrorHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { h.L.Warnln(""A client requested the default error URL, environment variable OAUTH2_ERROR_URL is probably not set."") fmt.Fprintf(w, ` <html> <head> <title>An OAuth 2.0 Error Occurred</title> </head> <body> <h1> The OAuth2 request resulted in an error. </h1> <ul> <li>Error: %s</li> <li>Description: %s</li> <li>Hint: %s</li> <li>Debug: %s</li> </ul> <p> You are seeing this default error page because the administrator has not set a dedicated error URL (environment variable <code>OAUTH2_ERROR_URL</code> is not set). If you are an administrator, please read <a href=""https: need to do. If you are a user, please contact the administrator. </p> </body> </html> `, r.URL.Query().Get(""error""), r.URL.Query().Get(""error_description""), r.URL.Query().Get(""error_hint""), r.URL.Query().Get(""error_debug"")) }",True,Go,DefaultErrorHandler,handler_fallback_endpoints.go,https://github.com/ory/hydra,ory,GitHub,2018-12-06 10:18:48+01:00,"oauth2: Use html templates in fallback endpoints (#1202)

Signed-off-by: aeneasr <aeneas@ory.sh>",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-8400,"mock func() expectErr error client fosite.Client }{ { description: ""should fail - token was issued to another client"", expectErr: fosite.ErrUnauthorizedClient, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.RefreshToken rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil) ar.EXPECT().GetClient().Return(&fosite.DefaultClient{ID: ""foo""}) }, }, { description: ""should pass - refresh token discovery first; refresh token found"", expectErr: nil, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.RefreshToken rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil) ar.EXPECT().GetID() ar.EXPECT().GetClient().Return(&fosite.DefaultClient{ID: ""bar""}) store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any()) store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any()) }, }, { description: ""should pass - access token discovery first; access token found"", expectErr: nil, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.AccessToken atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil) ar.EXPECT().GetID() ar.EXPECT().GetClient().Return(&fosite.DefaultClient{ID: ""bar""}) store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any()) store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any()) }, }, { description: ""should pass - refresh token discovery first; refresh token not found"", expectErr: nil, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.AccessToken atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil) ar.EXPECT().GetID() ar.EXPECT().GetClient().Return(&fosite.DefaultClient{ID: ""bar""}) store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any()) store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any()) }, }, { description: ""should pass - access token discovery first; access token not found"", expectErr: nil, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.RefreshToken rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil) ar.EXPECT().GetID() ar.EXPECT().GetClient().Return(&fosite.DefaultClient{ID: ""bar""}) store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any()) store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any()) }, }, { description: ""should pass - refresh token discovery first; both tokens not found"", expectErr: nil, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.RefreshToken rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) }, }, { description: ""should pass - access token discovery first; both tokens not found"", expectErr: nil, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.AccessToken atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) }, }, { description: ""should fail - store error for access token get"", expectErr: fosite.ErrTemporarilyUnavailable, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.AccessToken atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fmt.Errorf(""random error"")) rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) }, }, { description: ""should fail - store error for refresh token get"", expectErr: fosite.ErrTemporarilyUnavailable, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.RefreshToken atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fmt.Errorf(""random error"")) }, }, { description: ""should fail - store error for access token revoke"", expectErr: fosite.ErrTemporarilyUnavailable, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.AccessToken atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil) ar.EXPECT().GetID() ar.EXPECT().GetClient().Return(&fosite.DefaultClient{ID: ""bar""}) store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any()).Return(fosite.ErrNotFound) store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any()).Return(fmt.Errorf(""random error"")) }, }, { description: ""should fail - store error for refresh token revoke"", expectErr: fosite.ErrTemporarilyUnavailable, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.RefreshToken rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil) ar.EXPECT().GetID() ar.EXPECT().GetClient().Return(&fosite.DefaultClient{ID: ""bar""}) store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any()).Return(fmt.Errorf(""random error"")) store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any()).Return(fosite.ErrNotFound) }, }, } { t.Run(fmt.Sprintf(""case=%d/description=%s"", k, c.description), func(t *testing.T) { c.mock() err := h.RevokeToken(nil, token, tokenType, c.client) if c.expectErr != nil { require.EqualError(t, err, c.expectErr.Error()) } else { require.NoError(t, err) } }) } }"
490,"func (h *Handler) DefaultConsentHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { h.L.Warnln(""It looks like no consent/login URL was set. All OAuth2 flows except client credentials will fail."") h.L.Warnln(""A client requested the default login & consent URL, environment variable OAUTH2_CONSENT_URL or OAUTH2_LOGIN_URL or both are probably not set."") w.Write([]byte(` <html> <head> <title>Misconfigured consent/login URL</title> </head> <body> <p> It looks like you forgot to set the consent/login provider url, which can be set using the <code>OAUTH2_CONSENT_URL</code> and <code>OAUTH2_LOGIN_URL</code> environment variable. </p> <p> If you are an administrator, please read <a href=""https: the guide</a> to understand what you need to do. If you are a user, please contact the administrator. </p> </body> </html> `)) }",True,Go,DefaultConsentHandler,handler_fallback_endpoints.go,https://github.com/ory/hydra,ory,GitHub,2018-12-06 10:18:48+01:00,"oauth2: Use html templates in fallback endpoints (#1202)

Signed-off-by: aeneasr <aeneas@ory.sh>",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-8400,"func (i *IDTokenHandleHelper) GetAccessTokenHash(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) string { token := responder.GetAccessToken() buffer := bytes.NewBufferString(token) hash := sha256.New() _, err := hash.Write(buffer.Bytes()) if err != nil { panic(err) } hashBuf := bytes.NewBuffer(hash.Sum([]byte{})) len := hashBuf.Len() return base64.RawURLEncoding.EncodeToString(hashBuf.Bytes()[:len/2]) }"
491,"func (h *Handler) DefaultLogoutHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { h.L.Warnln(""A client requested the default logout URL, environment variable OAUTH2_LOGOUT_REDIRECT_URL is probably not set."") fmt.Fprintf(w, ` <html> <head> <title>You logged out successfully</title> </head> <body> <h1> You logged out successfully! </h1> <p> You are seeing this default page because the administrator did not specify a redirect URL (environment variable <code>OAUTH2_LOGOUT_REDIRECT_URL</code> is not set). If you are an administrator, please read <a href=""https: need to do. If you are a user, please contact the administrator. </p> </body> </html> `) }",True,Go,DefaultLogoutHandler,handler_fallback_endpoints.go,https://github.com/ory/hydra,ory,GitHub,2018-12-06 10:18:48+01:00,"oauth2: Use html templates in fallback endpoints (#1202)

Signed-off-by: aeneasr <aeneas@ory.sh>",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-8400,"func (f *Fosite) WriteRevocationResponse(rw http.ResponseWriter, err error) { rw.Header().Set(""Cache-Control"", ""no-store"") rw.Header().Set(""Pragma"", ""no-cache"") if err == nil { rw.WriteHeader(http.StatusOK) return } if errors.Is(err, ErrInvalidRequest) { rw.Header().Set(""Content-Type"", ""application/json;charset=UTF-8"") js, err := json.Marshal(ErrInvalidRequest) if err != nil { http.Error(rw, fmt.Sprintf(`{""error"": ""%s""}`, err.Error()), http.StatusInternalServerError) return } rw.WriteHeader(ErrInvalidRequest.Code) _, _ = rw.Write(js) } else if errors.Is(err, ErrInvalidClient) { rw.Header().Set(""Content-Type"", ""application/json;charset=UTF-8"") js, err := json.Marshal(ErrInvalidClient) if err != nil { http.Error(rw, fmt.Sprintf(`{""error"": ""%s""}`, err.Error()), http.StatusInternalServerError) return } rw.WriteHeader(ErrInvalidClient.Code) _, _ = rw.Write(js) } else { rw.WriteHeader(http.StatusOK) } }"
499,"func NewFositeMemoryStore( r InternalRegistry, c Configuration, ) *FositeMemoryStore { return &FositeMemoryStore{ AuthorizeCodes: make(map[string]authorizeCode), IDSessions: make(map[string]fosite.Requester), AccessTokens: make(map[string]fosite.Requester), PKCES: make(map[string]fosite.Requester), RefreshTokens: make(map[string]fosite.Requester), c: c, r: r, } }",True,Go,NewFositeMemoryStore,fosite_store_memory.go,https://github.com/ory/hydra,ory,GitHub,2020-04-02 11:35:32+02:00,"Merge pull request from GHSA-3p3g-vpw6-4w66

BREAKING CHANGE: This patch requires a new SQL Table which needs to be created using `hydra migrate sql`. No other breaking changes have been introduced by this patch.

This patch introduces a blacklist for JTIs which prevents a potential replay of `private_key_jwt` JWTs when performing client authorization.

## GHSA-3p3g-vpw6-4w66

### Impact

When using client authentication method ""private_key_jwt"" [1], OpenId specification says the following about assertion `jti`:

> A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties

Hydra does not seem to check the uniqueness of this `jti` value. Here is me sending the same token request twice, hence with the same `jti` assertion, and getting two access tokens:

```
$ curl --insecure --location --request POST 'https://localhost/_/oauth2/token' \
   --header 'Content-Type: application/x-www-form-urlencoded' \
   --data-urlencode 'grant_type=client_credentials' \
   --data-urlencode 'client_id=c001d00d-5ecc-beef-ca4e-b00b1e54a111' \
   --data-urlencode 'scope=application openid' \
   --data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
   --data-urlencode 'client_assertion=eyJhb [...] jTw'
{""access_token"":""zeG0NoqOtlACl8q5J6A-TIsNegQRRUzqLZaYrQtoBZQ.VR6iUcJQYp3u_j7pwvL7YtPqGhtyQe5OhnBE2KCp5pM"",""expires_in"":3599,""scope"":""application openid"",""token_type"":""bearer""}⏎            ~$ curl --insecure --location --request POST 'https://localhost/_/oauth2/token' \
   --header 'Content-Type: application/x-www-form-urlencoded' \
   --data-urlencode 'grant_type=client_credentials' \
   --data-urlencode 'client_id=c001d00d-5ecc-beef-ca4e-b00b1e54a111' \
   --data-urlencode 'scope=application openid' \
   --data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
   --data-urlencode 'client_assertion=eyJhb [...] jTw'
{""access_token"":""wOYtgCLxLXlELORrwZlmeiqqMQ4kRzV-STU2_Sollas.mwlQGCZWXN7G2IoegUe1P0Vw5iGoKrkOzOaplhMSjm4"",""expires_in"":3599,""scope"":""application openid"",""token_type"":""bearer""}
```

### Severity

We rate the severity as medium because the following reasons make it hard to replay tokens without the patch:

- TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks
- The expiry time of the JWT gives only a short window of opportunity where it could be replayed

### Patches

This will be patched with v1.4.0+oryOS.17

### Workarounds

Two workarounds have been identified:

- Do not allow clients to use `private_key_jwt`
- Use short expiry times for the JWTs

### References

https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication

### Upstream

This issue will be resolved in the upstream repository https://github.com/ory/fosite",CWE-294,Authentication Bypass by Capture-replay,A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).,https://cwe.mitre.org/data/definitions/294.html,CVE-2020-5300,"func generateHMAC(data []byte, key *[32]byte) []byte { h := hmac.New(sha512.New512_256, key[:]) _, err := h.Write(data) if err != nil { panic(err) } return h.Sum(nil) }"
509,"func (h *Handler) AuthHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var ctx = r.Context() authorizeRequest, err := h.r.OAuth2Provider().NewAuthorizeRequest(ctx, r) if err != nil { x.LogError(err, h.r.Logger()) h.writeAuthorizeError(w, r, authorizeRequest, err) return } session, err := h.r.ConsentStrategy().HandleOAuth2AuthorizationRequest(w, r, authorizeRequest) if errors.Cause(err) == consent.ErrAbortOAuth2Request { return } else if err != nil { x.LogError(err, h.r.Logger()) h.writeAuthorizeError(w, r, authorizeRequest, err) return } for _, scope := range session.GrantedScope { authorizeRequest.GrantScope(scope) } for _, audience := range session.GrantedAudience { authorizeRequest.GrantAudience(audience) } openIDKeyID, err := h.r.OpenIDJWTStrategy().GetPublicKeyID(r.Context()) if err != nil { x.LogError(err, h.r.Logger()) h.writeAuthorizeError(w, r, authorizeRequest, err) return } var accessTokenKeyID string if h.c.AccessTokenStrategy() == ""jwt"" { accessTokenKeyID, err = h.r.AccessTokenJWTStrategy().GetPublicKeyID(r.Context()) if err != nil { x.LogError(err, h.r.Logger()) h.writeAuthorizeError(w, r, authorizeRequest, err) return } } authorizeRequest.SetID(session.Challenge) claims := &jwt.IDTokenClaims{ Subject: session.ConsentRequest.SubjectIdentifier, Issuer: strings.TrimRight(h.c.IssuerURL().String(), ""/"") + ""/"", IssuedAt: time.Now().UTC(), AuthTime: time.Time(session.AuthenticatedAt), RequestedAt: session.RequestedAt, Extra: session.Session.IDToken, AuthenticationContextClassReference: session.ConsentRequest.ACR, } claims.Add(""sid"", session.ConsentRequest.LoginSessionID) response, err := h.r.OAuth2Provider().NewAuthorizeResponse(ctx, authorizeRequest, &Session{ DefaultSession: &openid.DefaultSession{ Claims: claims, Headers: &jwt.Headers{Extra: map[string]interface{}{ ""kid"": openIDKeyID, }}, Subject: session.ConsentRequest.Subject, }, Extra: session.Session.AccessToken, KID: accessTokenKeyID, ClientID: authorizeRequest.GetClient().GetID(), ConsentChallenge: session.Challenge, }) if err != nil { x.LogError(err, h.r.Logger()) h.writeAuthorizeError(w, r, authorizeRequest, err) return } h.r.OAuth2Provider().WriteAuthorizeResponse(w, authorizeRequest, response) }",True,Go,AuthHandler,handler.go,https://github.com/ory/hydra,ory,GitHub,2020-04-02 11:35:32+02:00,"Merge pull request from GHSA-3p3g-vpw6-4w66

BREAKING CHANGE: This patch requires a new SQL Table which needs to be created using `hydra migrate sql`. No other breaking changes have been introduced by this patch.

This patch introduces a blacklist for JTIs which prevents a potential replay of `private_key_jwt` JWTs when performing client authorization.

## GHSA-3p3g-vpw6-4w66

### Impact

When using client authentication method ""private_key_jwt"" [1], OpenId specification says the following about assertion `jti`:

> A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties

Hydra does not seem to check the uniqueness of this `jti` value. Here is me sending the same token request twice, hence with the same `jti` assertion, and getting two access tokens:

```
$ curl --insecure --location --request POST 'https://localhost/_/oauth2/token' \
   --header 'Content-Type: application/x-www-form-urlencoded' \
   --data-urlencode 'grant_type=client_credentials' \
   --data-urlencode 'client_id=c001d00d-5ecc-beef-ca4e-b00b1e54a111' \
   --data-urlencode 'scope=application openid' \
   --data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
   --data-urlencode 'client_assertion=eyJhb [...] jTw'
{""access_token"":""zeG0NoqOtlACl8q5J6A-TIsNegQRRUzqLZaYrQtoBZQ.VR6iUcJQYp3u_j7pwvL7YtPqGhtyQe5OhnBE2KCp5pM"",""expires_in"":3599,""scope"":""application openid"",""token_type"":""bearer""}⏎            ~$ curl --insecure --location --request POST 'https://localhost/_/oauth2/token' \
   --header 'Content-Type: application/x-www-form-urlencoded' \
   --data-urlencode 'grant_type=client_credentials' \
   --data-urlencode 'client_id=c001d00d-5ecc-beef-ca4e-b00b1e54a111' \
   --data-urlencode 'scope=application openid' \
   --data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
   --data-urlencode 'client_assertion=eyJhb [...] jTw'
{""access_token"":""wOYtgCLxLXlELORrwZlmeiqqMQ4kRzV-STU2_Sollas.mwlQGCZWXN7G2IoegUe1P0Vw5iGoKrkOzOaplhMSjm4"",""expires_in"":3599,""scope"":""application openid"",""token_type"":""bearer""}
```

### Severity

We rate the severity as medium because the following reasons make it hard to replay tokens without the patch:

- TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks
- The expiry time of the JWT gives only a short window of opportunity where it could be replayed

### Patches

This will be patched with v1.4.0+oryOS.17

### Workarounds

Two workarounds have been identified:

- Do not allow clients to use `private_key_jwt`
- Use short expiry times for the JWTs

### References

https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication

### Upstream

This issue will be resolved in the upstream repository https://github.com/ory/fosite",CWE-294,Authentication Bypass by Capture-replay,A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).,https://cwe.mitre.org/data/definitions/294.html,CVE-2020-5300,"func isMatchingRedirectURI(uri string, haystack []string) bool { requested, err := url.Parse(uri) if err != nil { return false } for _, b := range haystack { if b == uri || isMatchingAsLoopback(requested, b) { return true } } return false }"
524,"func NewHandler(appLister applisters.ApplicationLister, namespace string, enabledNamespaces []string, db db.ArgoDB, enf *rbac.Enforcer, cache *servercache.Cache, appResourceTree AppResourceTreeFn, allowedShells []string) *terminalHandler { return &terminalHandler{ appLister: appLister, db: db, enf: enf, cache: cache, appResourceTreeFn: appResourceTree, allowedShells: allowedShells, namespace: namespace, enabledNamespaces: enabledNamespaces, } }",True,Go,NewHandler,terminal.go,https://github.com/argoproj/argo-cd,argoproj,GitHub,2023-08-21 16:15:09-04:00,"Merge pull request from GHSA-c8xw-vjgf-94hr

Signed-off-by: pashakostohrys <pavel@codefresh.io>",CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-40025,"func isMatchingRedirectURI(uri string, haystack []string) bool { requested, err := url.Parse(uri) if err != nil { return false } for _, b := range haystack { if b == uri || isMatchingAsLoopback(requested, b) { return true } } return false }"
525,"func newTerminalSession(w http.ResponseWriter, r *http.Request, responseHeader http.Header) (*terminalSession, error) { conn, err := upgrader.Upgrade(w, r, responseHeader) if err != nil { return nil, err } session := &terminalSession{ wsConn: conn, tty: true, sizeChan: make(chan remotecommand.TerminalSize), doneChan: make(chan struct{}), } return session, nil }",True,Go,newTerminalSession,websocket.go,https://github.com/argoproj/argo-cd,argoproj,GitHub,2023-08-21 16:15:09-04:00,"Merge pull request from GHSA-c8xw-vjgf-94hr

Signed-off-by: pashakostohrys <pavel@codefresh.io>",CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-40025,"func isMatchingRedirectURI(uri string, haystack []string) bool { requested, err := url.Parse(uri) if err != nil { return false } for _, b := range haystack { if b == uri || isMatchingAsLoopback(requested, b) { return true } } return false }"
535,"func Test_nativeHelmChart_ExtractChart(t *testing.T) { client := NewClient(""https: path, closer, err := client.ExtractChart(""argo-cd"", ""0.7.1"", false) assert.NoError(t, err) defer io.Close(closer) info, err := os.Stat(path) assert.NoError(t, err) assert.True(t, info.IsDir()) }",True,Go,Test_nativeHelmChart_ExtractChart,client_test.go,https://github.com/argoproj/argo-cd,argoproj,GitHub,2023-09-07 10:12:15-04:00,"Merge pull request from GHSA-g687-f2gx-6wm8

* feat: use untar with limiter

Signed-off-by: pashakostohrys <pavel@codefresh.io>

* feat: use untar with limiter

Signed-off-by: pashakostohrys <pavel@codefresh.io>

---------

Signed-off-by: pashakostohrys <pavel@codefresh.io>",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-40584,"func TestDoesClientWhiteListRedirect(t *testing.T) { for k, c := range []struct { client Client url string isError bool expected string }{ { client: &DefaultClient{RedirectURIs: []string{""""}}, url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: """", isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""""}}, url: """", isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: "":/invalid.uri)bar"", isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""https: isError: true, }, } { redir, err := MatchRedirectURIWithClientRedirectURIs(c.url, c.client) assert.Equal(t, c.isError, err != nil, ""%d: %+v"", k, c) if err == nil { require.NotNil(t, redir, ""%d"", k) assert.Equal(t, c.expected, redir.String(), ""%d"", k) } t.Logf(""Passed test case %d"", k) } }"
537,"func Test_nativeHelmChart_ExtractChart_insecure(t *testing.T) { client := NewClient(""https: path, closer, err := client.ExtractChart(""argo-cd"", ""0.7.1"", false) assert.NoError(t, err) defer io.Close(closer) info, err := os.Stat(path) assert.NoError(t, err) assert.True(t, info.IsDir()) }",True,Go,Test_nativeHelmChart_ExtractChart_insecure,client_test.go,https://github.com/argoproj/argo-cd,argoproj,GitHub,2023-09-07 10:12:15-04:00,"Merge pull request from GHSA-g687-f2gx-6wm8

* feat: use untar with limiter

Signed-off-by: pashakostohrys <pavel@codefresh.io>

* feat: use untar with limiter

Signed-off-by: pashakostohrys <pavel@codefresh.io>

---------

Signed-off-by: pashakostohrys <pavel@codefresh.io>",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-40584,"func TestDoesClientWhiteListRedirect(t *testing.T) { for k, c := range []struct { client Client url string isError bool expected string }{ { client: &DefaultClient{RedirectURIs: []string{""""}}, url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: """", isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""""}}, url: """", isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: "":/invalid.uri)bar"", isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""https: isError: true, }, } { redir, err := MatchRedirectURIWithClientRedirectURIs(c.url, c.client) assert.Equal(t, c.isError, err != nil, ""%d: %+v"", k, c) if err == nil { require.NotNil(t, redir, ""%d"", k) assert.Equal(t, c.expected, redir.String(), ""%d"", k) } t.Logf(""Passed test case %d"", k) } }"
542,"action := args[2].(func(child argoappv1.ResourceNode, appName string)) appName := """" if res, ok := data.namespacedResources[key]; ok { appName = res.AppName } action(argoappv1.ResourceNode{ResourceRef: argoappv1.ResourceRef{Kind: key.Kind, Group: key.Group, Namespace: key.Namespace, Name: key.Name}}, appName) }).Return(nil)",True,Go,),appcontroller_test.go,https://github.com/argoproj/argo-cd,argoproj,GitHub,2022-03-22 10:57:30-07:00,"Merge pull request from GHSA-2f5v-8r3f-8pww

* fix: application resource APIs must enforce project restrictions

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

* Fix unit tests

Signed-off-by: jannfis <jann@mistrust.net>

Co-authored-by: jannfis <jann@mistrust.net>",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-24768,"func TestDoesClientWhiteListRedirect(t *testing.T) { for k, c := range []struct { client Client url string isError bool expected string }{ { client: &DefaultClient{RedirectURIs: []string{""""}}, url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: """", isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""""}}, url: """", isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: "":/invalid.uri)bar"", isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: expected: ""http: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""https: isError: true, }, } { redir, err := MatchRedirectURIWithClientRedirectURIs(c.url, c.client) assert.Equal(t, c.isError, err != nil, ""%d: %+v"", k, c) if err == nil { require.NotNil(t, redir, ""%d"", k) assert.Equal(t, c.expected, redir.String(), ""%d"", k) } t.Logf(""Passed test case %d"", k) } }"
545,"func (c *liveStateCache) IterateHierarchy(server string, key kube.ResourceKey, action func(child appv1.ResourceNode, appName string)) error { clusterInfo, err := c.getSyncedCluster(server) if err != nil { return err } clusterInfo.IterateHierarchy(key, func(resource *clustercache.Resource, namespaceResources map[kube.ResourceKey]*clustercache.Resource) { action(asResourceNode(resource), getApp(resource, namespaceResources)) }) return nil }",True,Go,IterateHierarchy,cache.go,https://github.com/argoproj/argo-cd,argoproj,GitHub,2022-03-22 10:57:30-07:00,"Merge pull request from GHSA-2f5v-8r3f-8pww

* fix: application resource APIs must enforce project restrictions

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

* Fix unit tests

Signed-off-by: jannfis <jann@mistrust.net>

Co-authored-by: jannfis <jann@mistrust.net>",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-24768,"func TestEscapeJSONString(t *testing.T) { for _, str := range []string{"""", ""foobar"", `foo""bar`, `foo\bar`, ""foo\n\tbar""} { escaped := EscapeJSONString(str) var unmarshaled string err := json.Unmarshal([]byte(`""`+escaped+`""`), &unmarshaled) require.NoError(t, err, str) assert.Equal(t, str, unmarshaled, str) } }"
547,"if rf, ok := ret.Get(0).(func(string, kube.ResourceKey, func(v1alpha1.ResourceNode, string)) error); ok { r0 = rf(server, key, action) } else { r0 = ret.Error(0) } return r0 }",True,Go,error,LiveStateCache.go,https://github.com/argoproj/argo-cd,argoproj,GitHub,2022-03-22 10:57:30-07:00,"Merge pull request from GHSA-2f5v-8r3f-8pww

* fix: application resource APIs must enforce project restrictions

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

* Fix unit tests

Signed-off-by: jannfis <jann@mistrust.net>

Co-authored-by: jannfis <jann@mistrust.net>",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-24768,"func TestEscapeJSONString(t *testing.T) { for _, str := range []string{"""", ""foobar"", `foo""bar`, `foo\bar`, ""foo\n\tbar""} { escaped := EscapeJSONString(str) var unmarshaled string err := json.Unmarshal([]byte(`""`+escaped+`""`), &unmarshaled) require.NoError(t, err, str) assert.Equal(t, str, unmarshaled, str) } }"
548,"func (proj AppProject) IsLiveResourcePermitted(un *unstructured.Unstructured, server string, name string) bool { if !proj.IsGroupKindPermitted(un.GroupVersionKind().GroupKind(), un.GetNamespace() != """") { return false } if un.GetNamespace() != """" { return proj.IsDestinationPermitted(ApplicationDestination{Server: server, Namespace: un.GetNamespace(), Name: name}) } return true }",True,Go,IsLiveResourcePermitted,app_project_types.go,https://github.com/argoproj/argo-cd,argoproj,GitHub,2022-03-22 10:57:30-07:00,"Merge pull request from GHSA-2f5v-8r3f-8pww

* fix: application resource APIs must enforce project restrictions

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

* Fix unit tests

Signed-off-by: jannfis <jann@mistrust.net>

Co-authored-by: jannfis <jann@mistrust.net>",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-24768,"func TestEscapeJSONString(t *testing.T) { for _, str := range []string{"""", ""foobar"", `foo""bar`, `foo\bar`, ""foo\n\tbar""} { escaped := EscapeJSONString(str) var unmarshaled string err := json.Unmarshal([]byte(`""`+escaped+`""`), &unmarshaled) require.NoError(t, err, str) assert.Equal(t, str, unmarshaled, str) } }"
553,"func TestPermissions(t *testing.T) { EnsureCleanState(t) appName := Name() _, err := RunCli(""proj"", ""create"", ""test"") assert.NoError(t, err) _, err = RunCli(""app"", ""create"", appName, ""--repo"", RepoURL(RepoURLTypeFile), ""--path"", guestbookPath, ""--project"", ""test"", ""--dest-server"", KubernetesInternalAPIServerAddr, ""--dest-namespace"", DeploymentNamespace()) assert.Error(t, err) sourceError := fmt.Sprintf(""application repo %s is not permitted in project 'test'"", RepoURL(RepoURLTypeFile)) destinationError := fmt.Sprintf(""application destination {%s %s} is not permitted in project 'test'"", KubernetesInternalAPIServerAddr, DeploymentNamespace()) assert.Contains(t, err.Error(), sourceError) assert.Contains(t, err.Error(), destinationError) proj, err := AppClientset.ArgoprojV1alpha1().AppProjects(ArgoCDNamespace).Get(context.Background(), ""test"", metav1.GetOptions{}) assert.NoError(t, err) proj.Spec.Destinations = []ApplicationDestination{{Server: ""*"", Namespace: ""*""}} proj.Spec.SourceRepos = []string{""*""} proj, err = AppClientset.ArgoprojV1alpha1().AppProjects(ArgoCDNamespace).Update(context.Background(), proj, metav1.UpdateOptions{}) assert.NoError(t, err) _, err = RunCli(""app"", ""create"", appName, ""--repo"", RepoURL(RepoURLTypeFile), ""--path"", guestbookPath, ""--project"", ""test"", ""--dest-server"", KubernetesInternalAPIServerAddr, ""--dest-namespace"", DeploymentNamespace()) assert.NoError(t, err) defer func() { err = AppClientset.ArgoprojV1alpha1().Applications(ArgoCDNamespace).Delete(context.Background(), appName, metav1.DeleteOptions{}) assert.NoError(t, err) }() proj.Spec.Destinations = []ApplicationDestination{} proj.Spec.SourceRepos = []string{} _, err = AppClientset.ArgoprojV1alpha1().AppProjects(ArgoCDNamespace).Update(context.Background(), proj, metav1.UpdateOptions{}) assert.NoError(t, err) time.Sleep(1 * time.Second) closer, client, err := ArgoCDClientset.NewApplicationClient() assert.NoError(t, err) defer io.Close(closer) refresh := string(RefreshTypeNormal) app, err := client.Get(context.Background(), &applicationpkg.ApplicationQuery{Name: &appName, Refresh: &refresh}) assert.NoError(t, err) destinationErrorExist := false sourceErrorExist := false for i := range app.Status.Conditions { if strings.Contains(app.Status.Conditions[i].Message, destinationError) { destinationErrorExist = true } if strings.Contains(app.Status.Conditions[i].Message, sourceError) { sourceErrorExist = true } } assert.True(t, destinationErrorExist) assert.True(t, sourceErrorExist) }",True,Go,TestPermissions,app_management_test.go,https://github.com/argoproj/argo-cd,argoproj,GitHub,2022-03-22 10:57:30-07:00,"Merge pull request from GHSA-2f5v-8r3f-8pww

* fix: application resource APIs must enforce project restrictions

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

* Fix unit tests

Signed-off-by: jannfis <jann@mistrust.net>

Co-authored-by: jannfis <jann@mistrust.net>",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-24768,"func TestEscapeJSONString(t *testing.T) { for _, str := range []string{"""", ""foobar"", `foo""bar`, `foo\bar`, ""foo\n\tbar""} { escaped := EscapeJSONString(str) var unmarshaled string err := json.Unmarshal([]byte(`""`+escaped+`""`), &unmarshaled) require.NoError(t, err, str) assert.Equal(t, str, unmarshaled, str) } }"
569,"func TestResolveChartRef(t *testing.T) { tests := []struct { name, ref, expect, version string fail bool }{ {name: ""full URL"", ref: ""http: {name: ""full URL, HTTPS"", ref: ""https: {name: ""full URL, with authentication"", ref: ""http: {name: ""reference, testing repo"", ref: ""testing/alpine"", expect: ""http: {name: ""reference, version, testing repo"", ref: ""testing/alpine"", version: ""0.2.0"", expect: ""http: {name: ""reference, version, malformed repo"", ref: ""malformed/alpine"", version: ""1.2.3"", expect: ""http: {name: ""reference, querystring repo"", ref: ""testing-querystring/alpine"", expect: ""http: {name: ""reference, testing-relative repo"", ref: ""testing-relative/foo"", expect: ""http: {name: ""reference, testing-relative repo"", ref: ""testing-relative/bar"", expect: ""http: {name: ""reference, testing-relative-trailing-slash repo"", ref: ""testing-relative-trailing-slash/foo"", expect: ""http: {name: ""reference, testing-relative-trailing-slash repo"", ref: ""testing-relative-trailing-slash/bar"", expect: ""http: {name: ""full URL, HTTPS, irrelevant version"", ref: ""https: {name: ""full URL, file"", ref: ""file: {name: ""invalid"", ref: ""invalid-1.2.3"", fail: true}, {name: ""not found"", ref: ""nosuchthing/invalid-1.2.3"", fail: true}, } c := ChartDownloader{ Out: os.Stderr, RepositoryConfig: repoConfig, RepositoryCache: repoCache, Getters: getter.All(&cli.EnvSettings{ RepositoryConfig: repoConfig, RepositoryCache: repoCache, }), } for _, tt := range tests { u, err := c.ResolveChartVersion(tt.ref, tt.version) if err != nil { if tt.fail { continue } t.Errorf(""%s: failed with error %s"", tt.name, err) continue } if got := u.String(); got != tt.expect { t.Errorf(""%s: expected %s, got %s"", tt.name, tt.expect, got) } } }",True,Go,TestResolveChartRef,chart_downloader_test.go,https://github.com/helm/helm,helm,GitHub,2020-09-17 12:33:59-06:00,"Merge pull request from GHSA-jm56-5h66-w453

Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2020-15185,"func (mbox *Mailbox) newClient() (*client.Client, error) { var imapClient *client.Client var err error restrictedDialer := dialer.Dialer() if mbox.TLS { config := new(tls.Config) config.InsecureSkipVerify = mbox.IgnoreCertErrors imapClient, err = client.DialWithDialerTLS(restrictedDialer, mbox.Host, config) } else { imapClient, err = client.DialWithDialer(restrictedDialer, mbox.Host) } if err != nil { return imapClient, err } err = imapClient.Login(mbox.User, mbox.Pwd) if err != nil { return imapClient, err } _, err = imapClient.Select(mbox.Folder, mbox.ReadOnly) if err != nil { return imapClient, err } return imapClient, nil }"
571,"func loadIndex(data []byte) (*IndexFile, error) { i := &IndexFile{} if err := yaml.Unmarshal(data, i); err != nil { return i, err } i.SortEntries() if i.APIVersion == """" { return i, ErrNoAPIVersion } return i, nil }",True,Go,loadIndex,index.go,https://github.com/helm/helm,helm,GitHub,2020-09-17 12:33:59-06:00,"Merge pull request from GHSA-jm56-5h66-w453

Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2020-15185,"func (s *SMTP) GetDialer() (mailer.Dialer, error) { hp := strings.Split(s.Host, "":"") if len(hp) < 2 { hp = append(hp, ""25"") } host := hp[0] port, err := strconv.Atoi(hp[1]) if err != nil { log.Error(err) return nil, err } dialer := dialer.Dialer() d := gomail.NewWithDialer(dialer, host, port, s.Username, s.Password) d.TLSConfig = &tls.Config{ ServerName: host, InsecureSkipVerify: s.IgnoreCertErrors, } hostname, err := os.Hostname() if err != nil { log.Error(err) hostname = ""localhost"" } d.LocalName = hostname return &Dialer{d}, err }"
575,"func LoadAll(basedir string) ([]*Plugin, error) { plugins := []*Plugin{} scanpath := filepath.Join(basedir, ""*"", PluginFileName) matches, err := filepath.Glob(scanpath) if err != nil { return plugins, err } if matches == nil { return plugins, nil } for _, yaml := range matches { dir := filepath.Dir(yaml) p, err := LoadDir(dir) if err != nil { return plugins, err } plugins = append(plugins, p) } return plugins, nil }",True,Go,LoadAll,plugin.go,https://github.com/helm/helm,helm,GitHub,2020-09-17 12:35:10-06:00,"Merge pull request from GHSA-m54r-vrmv-hw33

Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2020-15186,"func (as *AdminServer) registerRoutes() { router := mux.NewRouter() router.HandleFunc(""/"", mid.Use(as.Base, mid.RequireLogin)) router.HandleFunc(""/login"", mid.Use(as.Login, as.limiter.Limit)) router.HandleFunc(""/logout"", mid.Use(as.Logout, mid.RequireLogin)) router.HandleFunc(""/reset_password"", mid.Use(as.ResetPassword, mid.RequireLogin)) router.HandleFunc(""/campaigns"", mid.Use(as.Campaigns, mid.RequireLogin)) router.HandleFunc(""/campaigns/{id:[0-9]+}"", mid.Use(as.CampaignID, mid.RequireLogin)) router.HandleFunc(""/templates"", mid.Use(as.Templates, mid.RequireLogin)) router.HandleFunc(""/groups"", mid.Use(as.Groups, mid.RequireLogin)) router.HandleFunc(""/landing_pages"", mid.Use(as.LandingPages, mid.RequireLogin)) router.HandleFunc(""/sending_profiles"", mid.Use(as.SendingProfiles, mid.RequireLogin)) router.HandleFunc(""/settings"", mid.Use(as.Settings, mid.RequireLogin)) router.HandleFunc(""/users"", mid.Use(as.UserManagement, mid.RequirePermission(models.PermissionModifySystem), mid.RequireLogin)) router.HandleFunc(""/webhooks"", mid.Use(as.Webhooks, mid.RequirePermission(models.PermissionModifySystem), mid.RequireLogin)) router.HandleFunc(""/impersonate"", mid.Use(as.Impersonate, mid.RequirePermission(models.PermissionModifySystem), mid.RequireLogin)) api := api.NewServer( api.WithWorker(as.worker), api.WithLimiter(as.limiter), ) router.PathPrefix(""/api/"").Handler(api) router.PathPrefix(""/"").Handler(http.FileServer(unindexed.Dir(""./static/""))) csrfKey := []byte(as.config.CSRFKey) if len(csrfKey) == 0 { csrfKey = []byte(auth.GenerateSecureKey(auth.APIKeyLength)) } csrfHandler := csrf.Protect(csrfKey, csrf.FieldName(""csrf_token""), csrf.Secure(as.config.UseTLS)) adminHandler := csrfHandler(router) adminHandler = mid.Use(adminHandler.ServeHTTP, mid.CSRFExceptions, mid.GetContext, mid.ApplySecurityHeaders) gzipWrapper, _ := gziphandler.NewGzipLevelHandler(gzip.BestCompression) adminHandler = gzipWrapper(adminHandler) adminHandler = handlers.CombinedLoggingHandler(log.Writer(), adminHandler) as.server.Handler = adminHandler }"
579,"func LoadDir(dirname string) (*Plugin, error) { data, err := ioutil.ReadFile(filepath.Join(dirname, PluginFileName)) if err != nil { return nil, err } plug := &Plugin{Dir: dirname} if err := yaml.Unmarshal(data, &plug.Metadata); err != nil { return nil, err } return plug, nil }",True,Go,LoadDir,plugin.go,https://github.com/helm/helm,helm,GitHub,2020-09-17 12:35:10-06:00,"Merge pull request from GHSA-m54r-vrmv-hw33

Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2020-15186,"func (p *Profile) writeConfWgQuick(data *WgConf) (pth string, err error) { allowedIps := []string{} if data.Routes != nil { for _, route := range data.Routes { allowedIps = append(allowedIps, route.Network) } } if data.Routes6 != nil { for _, route := range data.Routes6 { allowedIps = append(allowedIps, route.Network) } } addr := data.Address if data.Address6 != """" { addr += "","" + data.Address6 } templData := WgConfData{ Address: addr, PrivateKey: p.PrivateKeyWg, PublicKey: data.PublicKey, AllowedIps: strings.Join(allowedIps, "",""), Endpoint: fmt.Sprintf(""%s:%d"", data.Hostname, data.Port), } if data.DnsServers != nil && len(data.DnsServers) > 0 { templData.HasDns = true templData.DnsServers = strings.Join(data.DnsServers, "","") } output := &bytes.Buffer{} err = WgConfTempl.Execute(output, templData) if err != nil { err = &errortypes.ParseError{ errors.Wrap(err, ""profile: Failed to exec wg template""), } return } rootDir := """" switch runtime.GOOS { case ""linux"": rootDir = WgLinuxConfPath err = os.MkdirAll(WgLinuxConfPath, 0700) if err != nil { err = &errortypes.WriteError{ errors.Wrap( err, ""profile: Failed to create wg conf directory""), } return } case ""darwin"": rootDir = WgMacConfPath err = os.MkdirAll(WgMacConfPath, 0700) if err != nil { err = &errortypes.WriteError{ errors.Wrap( err, ""profile: Failed to create wg conf directory""), } return } default: rootDir, err = utils.GetTempDir() if err != nil { return } } pth = filepath.Join(rootDir, p.Iface+"".conf"") _ = os.Remove(pth) err = ioutil.WriteFile( pth, []byte(output.String()), os.FileMode(0600), ) if err != nil { err = &WriteError{ errors.Wrap(err, ""profile: Failed to write wg conf""), } return } return }"
584,"func(ctx etreeutils.NSContext, signedInfo *etree.Element) error { detachedSignedInfo, err := etreeutils.NSDetatch(ctx, signedInfo) if err != nil { return err } c14NMethod, err := etreeutils.NSFindOneChildCtx(ctx, detachedSignedInfo, Namespace, CanonicalizationMethodTag) if err != nil { return err } if c14NMethod == nil { return errors.New(""missing CanonicalizationMethod on Signature"") } c14NAlgorithm := c14NMethod.SelectAttrValue(AlgorithmAttr, """") var canonicalSignedInfo *etree.Element switch AlgorithmID(c14NAlgorithm) { case CanonicalXML10ExclusiveAlgorithmId: err := etreeutils.TransformExcC14n(detachedSignedInfo, """") if err != nil { return err } canonicalSignedInfo = detachedSignedInfo case CanonicalXML11AlgorithmId: canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}) case CanonicalXML10RecAlgorithmId: canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}) case CanonicalXML10CommentAlgorithmId: canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}) default: return fmt.Errorf(""invalid CanonicalizationMethod on Signature: %s"", c14NAlgorithm) } el.RemoveChild(signedInfo) el.AddChild(canonicalSignedInfo) found = true return etreeutils.ErrTraversalHalted })",True,Go,error,validate.go,https://github.com/russellhaering/goxmldsig,russellhaering,Russell Haering,2020-09-21 15:46:25-07:00,Validate the shape of a signature object prior to unmarshalling the Signature,CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2020-15216,"func (p *Profile) write() (pth string, err error) { rootDir, err := utils.GetTempDir() if err != nil { return } pth = filepath.Join(rootDir, p.Id) data := """" for _, line := range strings.Split(p.Data, ""\n"") { trimLine := strings.TrimSpace(line) trimLine = strings.Trim(trimLine, ""#"") trimLine = strings.Trim(trimLine, ""-"") trimLine = strings.Trim(trimLine, ""_"") trimLine = strings.Trim(trimLine, "":"") trimLine = strings.Trim(trimLine, "";"") trimLine = strings.Trim(trimLine, ""*"") trimLine = strings.Trim(trimLine, ""%"") trimLine = strings.Trim(trimLine, ""$"") trimLine = strings.Trim(trimLine, ""+"") trimLine = strings.Trim(trimLine, ""="") trimLine = strings.Trim(trimLine, ""~"") trimLine = strings.Trim(trimLine, ""("") trimLine = strings.Trim(trimLine, "")"") trimLine = strings.Trim(trimLine, ""["") trimLine = strings.Trim(trimLine, ""]"") trimLine = strings.Trim(trimLine, ""{"") trimLine = strings.Trim(trimLine, ""}"") if strings.Contains(trimLine, ""script-security"") || strings.HasPrefix(trimLine, ""log "") || strings.HasPrefix(trimLine, ""up "") || strings.HasPrefix(trimLine, ""down "") || strings.HasPrefix(trimLine, ""route-pre-down "") || strings.HasPrefix(trimLine, ""tls-verify "") || strings.HasPrefix(trimLine, ""ipchange "") || strings.HasPrefix(trimLine, ""route-up "") { continue } data += line + ""\n"" } _ = os.Remove(pth) err = ioutil.WriteFile(pth, []byte(data), os.FileMode(0600)) if err != nil { err = &WriteError{ errors.Wrap(err, ""profile: Failed to write profile""), } return } return }"
588,"func (f *Fosite) WriteAccessResponse(rw http.ResponseWriter, requester AccessRequester, responder AccessResponder) { rw.Header().Set(""Cache-Control"", ""no-store"") rw.Header().Set(""Pragma"", ""no-cache"") js, err := json.Marshal(responder.ToMap()) if err != nil { http.Error(rw, err.Error(), http.StatusInternalServerError) return } rw.Header().Set(""Content-Type"", ""application/json;charset=UTF-8"") rw.WriteHeader(http.StatusOK) rw.Write(js) }",True,Go,WriteAccessResponse,access_write.go,https://github.com/ory/fosite,ory,GitHub,2020-09-24 12:00:29+02:00,"Merge pull request from GHSA-7mqr-2v3q-v2wm

BREAKING CHANGE: `fosite.ErrRevocationClientMismatch` was removed because it is not part of [RFC 6749](https://tools.ietf.org/html/rfc6749#section-5.2). Instead, `fosite.ErrUnauthorizedClient` will be returned when calling `RevokeToken` with an OAuth2 Client which does not match the Access or Refresh Token to be revoked.",CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2020-15223,"func TestAuthorizeTeamPacks(t *testing.T) { t.Parallel() runTestCases(t, []authTestCase{ { user: test.UserTeamMaintainerTeam1, object: &fleet.Pack{ Type: ptr.String(""team-1""), }, action: read, allow: true, }, { user: test.UserTeamObserverTeam1TeamAdminTeam2, object: &fleet.Pack{ Type: ptr.String(""team-1""), }, action: read, allow: true, }, { user: test.UserTeamObserverTeam1TeamAdminTeam2, object: &fleet.Pack{ Type: ptr.String(""team-1""), }, action: write, allow: false, }, { user: test.UserTeamAdminTeam1, object: &fleet.Pack{ Type: ptr.String(""team-2""), }, action: read, allow: false, }, { user: test.UserTeamAdminTeam1, object: &fleet.Pack{ Type: ptr.String(""team-2""), }, action: read, allow: false, }, { user: test.UserTeamMaintainerTeam1, object: &fleet.Pack{}, action: read, allow: false, }, { user: test.UserTeamAdminTeam1, object: &fleet.Pack{}, action: read, allow: false, }, { user: test.UserTeamAdminTeam1, object: &fleet.Pack{}, action: write, allow: false, }, }) }"
590,"func (f *Fosite) WriteAuthorizeError(rw http.ResponseWriter, ar AuthorizeRequester, err error) { rw.Header().Set(""Cache-Control"", ""no-store"") rw.Header().Set(""Pragma"", ""no-cache"") rfcerr := ErrorToRFC6749Error(err) if !f.SendDebugMessagesToClients { rfcerr = rfcerr.Sanitize() } if !ar.IsRedirectURIValid() { rw.Header().Set(""Content-Type"", ""application/json;charset=UTF-8"") js, err := json.Marshal(rfcerr) if err != nil { if f.SendDebugMessagesToClients { errorMessage := EscapeJSONString(err.Error()) http.Error(rw, fmt.Sprintf(`{""error"":""server_error"",""error_description"":""%s""}`, errorMessage), http.StatusInternalServerError) } else { http.Error(rw, `{""error"":""server_error""}`, http.StatusInternalServerError) } return } rw.WriteHeader(rfcerr.Code) rw.Write(js) return } redirectURI := ar.GetRedirectURI() redirectURI.Fragment = """" query := rfcerr.ToValues() query.Add(""state"", ar.GetState()) var redirectURIString string if !(len(ar.GetResponseTypes()) == 0 || ar.GetResponseTypes().ExactOne(""code"")) && !errors.Is(err, ErrUnsupportedResponseType) { redirectURIString = redirectURI.String() + ""#"" + query.Encode() } else { for key, values := range redirectURI.Query() { for _, value := range values { query.Add(key, value) } } redirectURI.RawQuery = query.Encode() redirectURIString = redirectURI.String() } rw.Header().Add(""Location"", redirectURIString) rw.WriteHeader(http.StatusFound) }",True,Go,WriteAuthorizeError,authorize_error.go,https://github.com/ory/fosite,ory,GitHub,2020-09-24 12:00:29+02:00,"Merge pull request from GHSA-7mqr-2v3q-v2wm

BREAKING CHANGE: `fosite.ErrRevocationClientMismatch` was removed because it is not part of [RFC 6749](https://tools.ietf.org/html/rfc6749#section-5.2). Instead, `fosite.ErrUnauthorizedClient` will be returned when calling `RevokeToken` with an OAuth2 Client which does not match the Access or Refresh Token to be revoked.",CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2020-15223,"func TestListActivities(t *testing.T) { ds := new(mock.Store) svc := newTestService(t, ds, nil, nil) globalUsers := []*fleet.User{test.UserAdmin, test.UserMaintainer, test.UserObserver} teamUsers := []*fleet.User{test.UserTeamAdminTeam1, test.UserTeamMaintainerTeam1, test.UserTeamObserverTeam1} ds.ListActivitiesFunc = func(ctx context.Context, opts fleet.ListOptions) ([]*fleet.Activity, error) { return []*fleet.Activity{ {ID: 1}, {ID: 2}, }, nil } for _, u := range globalUsers { activities, err := svc.ListActivities(test.UserContext(u), fleet.ListOptions{}) require.NoError(t, err) require.Len(t, activities, 2) } for _, u := range teamUsers { _, err := svc.ListActivities(test.UserContext(u), fleet.ListOptions{}) require.Error(t, err) require.Contains(t, err.Error(), authz.ForbiddenErrorMessage) } _, err := svc.ListActivities(test.UserContext(test.UserNoRoles), fleet.ListOptions{}) require.Error(t, err) require.Contains(t, err.Error(), authz.ForbiddenErrorMessage) _, err = svc.ListActivities(context.Background(), fleet.ListOptions{}) require.Error(t, err) require.Contains(t, err.Error(), authz.ForbiddenErrorMessage) }"
592,"func TestAddDebug(t *testing.T) { err := ErrRevocationClientMismatch.WithDebug(""debug"") assert.NotEqual(t, err, ErrRevocationClientMismatch) assert.Empty(t, ErrRevocationClientMismatch.Debug) assert.NotEmpty(t, err.Debug) }",True,Go,TestAddDebug,errors_test.go,https://github.com/ory/fosite,ory,GitHub,2020-09-24 12:00:29+02:00,"Merge pull request from GHSA-7mqr-2v3q-v2wm

BREAKING CHANGE: `fosite.ErrRevocationClientMismatch` was removed because it is not part of [RFC 6749](https://tools.ietf.org/html/rfc6749#section-5.2). Instead, `fosite.ErrUnauthorizedClient` will be returned when calling `RevokeToken` with an OAuth2 Client which does not match the Access or Refresh Token to be revoked.",CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2020-15223,"func (svc *Service) DeleteGlobalScheduledQueries(ctx context.Context, id uint) error { if err := svc.authz.Authorize(ctx, &fleet.Pack{ Type: ptr.String(""global""), }, fleet.ActionWrite); err != nil { return err } globalPack, err := svc.ds.EnsureGlobalPack(ctx) if err != nil { return err } scheduledQuery, err := svc.ds.ScheduledQuery(ctx, id) if err != nil { return err } if scheduledQuery.PackID != globalPack.ID { return fmt.Errorf(""scheduled query %d is not global"", id) } return svc.DeleteScheduledQuery(ctx, id) }"
594,"func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error { discoveryFuncs := []func() (request fosite.Requester, err error){ func() (request fosite.Requester, err error) { signature := r.RefreshTokenStrategy.RefreshTokenSignature(token) return r.TokenRevocationStorage.GetRefreshTokenSession(ctx, signature, nil) }, func() (request fosite.Requester, err error) { signature := r.AccessTokenStrategy.AccessTokenSignature(token) return r.TokenRevocationStorage.GetAccessTokenSession(ctx, signature, nil) }, } if tokenType == fosite.AccessToken { discoveryFuncs[0], discoveryFuncs[1] = discoveryFuncs[1], discoveryFuncs[0] } var ar fosite.Requester var err error if ar, err = discoveryFuncs[0](); err != nil { ar, err = discoveryFuncs[1]() } if err != nil { return err } if ar.GetClient().GetID() != client.GetID() { return errors.WithStack(fosite.ErrRevocationClientMismatch) } requestID := ar.GetID() r.TokenRevocationStorage.RevokeRefreshToken(ctx, requestID) r.TokenRevocationStorage.RevokeAccessToken(ctx, requestID) return nil }",True,Go,RevokeToken,revocation.go,https://github.com/ory/fosite,ory,GitHub,2020-09-24 12:00:29+02:00,"Merge pull request from GHSA-7mqr-2v3q-v2wm

BREAKING CHANGE: `fosite.ErrRevocationClientMismatch` was removed because it is not part of [RFC 6749](https://tools.ietf.org/html/rfc6749#section-5.2). Instead, `fosite.ErrUnauthorizedClient` will be returned when calling `RevokeToken` with an OAuth2 Client which does not match the Access or Refresh Token to be revoked.",CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2020-15223,"func (svc *Service) ModifyGlobalScheduledQueries(ctx context.Context, id uint, query fleet.ScheduledQueryPayload) (*fleet.ScheduledQuery, error) { if err := svc.authz.Authorize(ctx, &fleet.Pack{ Type: ptr.String(""global""), }, fleet.ActionWrite); err != nil { return nil, err } gp, err := svc.ds.EnsureGlobalPack(ctx) if err != nil { return nil, err } query.PackID = ptr.Uint(gp.ID) return svc.ModifyScheduledQuery(ctx, id, query) }"
596,"mock func() expectErr error client fosite.Client }{ { description: ""should fail - token was issued to another client"", expectErr: fosite.ErrRevocationClientMismatch, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.RefreshToken rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil) ar.EXPECT().GetClient().Return(&fosite.DefaultClient{ID: ""foo""}) }, }, { description: ""should pass - refresh token discovery first; refresh token found"", expectErr: nil, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.RefreshToken rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil) ar.EXPECT().GetID() ar.EXPECT().GetClient().Return(&fosite.DefaultClient{ID: ""bar""}) store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any()) store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any()) }, }, { description: ""should pass - access token discovery first; access token found"", expectErr: nil, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.AccessToken atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil) ar.EXPECT().GetID() ar.EXPECT().GetClient().Return(&fosite.DefaultClient{ID: ""bar""}) store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any()) store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any()) }, }, { description: ""should pass - refresh token discovery first; refresh token not found"", expectErr: nil, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.AccessToken atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil) ar.EXPECT().GetID() ar.EXPECT().GetClient().Return(&fosite.DefaultClient{ID: ""bar""}) store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any()) store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any()) }, }, { description: ""should pass - access token discovery first; access token not found"", expectErr: nil, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.RefreshToken rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil) ar.EXPECT().GetID() ar.EXPECT().GetClient().Return(&fosite.DefaultClient{ID: ""bar""}) store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any()) store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any()) }, }, { description: ""should fail - refresh token discovery first; both tokens not found"", expectErr: fosite.ErrNotFound, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.RefreshToken rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) }, }, { description: ""should fail - access token discovery first; both tokens not found"", expectErr: fosite.ErrNotFound, client: &fosite.DefaultClient{ID: ""bar""}, mock: func() { token = ""foo"" tokenType = fosite.AccessToken atStrat.EXPECT().AccessTokenSignature(token) store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) rtStrat.EXPECT().RefreshTokenSignature(token) store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound) }, }, } { t.Run(fmt.Sprintf(""case=%d"", k), func(t *testing.T) { c.mock() err := h.RevokeToken(nil, token, tokenType, c.client) if c.expectErr != nil { require.EqualError(t, err, c.expectErr.Error()) } else { require.NoError(t, err) } }) } }",True,Go,expectErr,revocation_test.go,https://github.com/ory/fosite,ory,GitHub,2020-09-24 12:00:29+02:00,"Merge pull request from GHSA-7mqr-2v3q-v2wm

BREAKING CHANGE: `fosite.ErrRevocationClientMismatch` was removed because it is not part of [RFC 6749](https://tools.ietf.org/html/rfc6749#section-5.2). Instead, `fosite.ErrUnauthorizedClient` will be returned when calling `RevokeToken` with an OAuth2 Client which does not match the Access or Refresh Token to be revoked.",CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2020-15223,"func (svc *Service) GlobalScheduleQuery(ctx context.Context, sq *fleet.ScheduledQuery) (*fleet.ScheduledQuery, error) { if err := svc.authz.Authorize(ctx, &fleet.Pack{ Type: ptr.String(""global""), }, fleet.ActionRead); err != nil { return nil, err } gp, err := svc.ds.EnsureGlobalPack(ctx) if err != nil { return nil, err } sq.PackID = gp.ID return svc.ScheduleQuery(ctx, sq) }"
599,"func (i *IDTokenHandleHelper) GetAccessTokenHash(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) string { token := responder.GetAccessToken() buffer := bytes.NewBufferString(token) hash := sha256.New() hash.Write(buffer.Bytes()) hashBuf := bytes.NewBuffer(hash.Sum([]byte{})) len := hashBuf.Len() return base64.RawURLEncoding.EncodeToString(hashBuf.Bytes()[:len/2]) }",True,Go,GetAccessTokenHash,helper.go,https://github.com/ory/fosite,ory,GitHub,2020-09-24 12:00:29+02:00,"Merge pull request from GHSA-7mqr-2v3q-v2wm

BREAKING CHANGE: `fosite.ErrRevocationClientMismatch` was removed because it is not part of [RFC 6749](https://tools.ietf.org/html/rfc6749#section-5.2). Instead, `fosite.ErrUnauthorizedClient` will be returned when calling `RevokeToken` with an OAuth2 Client which does not match the Access or Refresh Token to be revoked.",CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2020-15223,"func (svc *Service) GetGlobalScheduledQueries(ctx context.Context, opts fleet.ListOptions) ([]*fleet.ScheduledQuery, error) { if err := svc.authz.Authorize(ctx, &fleet.Pack{ Type: ptr.String(""global""), }, fleet.ActionRead); err != nil { return nil, err } gp, err := svc.ds.EnsureGlobalPack(ctx) if err != nil { return nil, err } return svc.ds.ListScheduledQueriesInPackWithStats(ctx, gp.ID, opts) }"
600,"func (f *Fosite) WriteRevocationResponse(rw http.ResponseWriter, err error) { rw.Header().Set(""Cache-Control"", ""no-store"") rw.Header().Set(""Pragma"", ""no-cache"") if err == nil { rw.WriteHeader(http.StatusOK) return } if errors.Is(err, ErrInvalidRequest) { rw.Header().Set(""Content-Type"", ""application/json;charset=UTF-8"") js, err := json.Marshal(ErrInvalidRequest) if err != nil { http.Error(rw, fmt.Sprintf(`{""error"": ""%s""}`, err.Error()), http.StatusInternalServerError) return } rw.WriteHeader(ErrInvalidRequest.Code) rw.Write(js) } else if errors.Is(err, ErrInvalidClient) { rw.Header().Set(""Content-Type"", ""application/json;charset=UTF-8"") js, err := json.Marshal(ErrInvalidClient) if err != nil { http.Error(rw, fmt.Sprintf(`{""error"": ""%s""}`, err.Error()), http.StatusInternalServerError) return } rw.WriteHeader(ErrInvalidClient.Code) rw.Write(js) } else { rw.WriteHeader(http.StatusOK) } }",True,Go,WriteRevocationResponse,revoke_handler.go,https://github.com/ory/fosite,ory,GitHub,2020-09-24 12:00:29+02:00,"Merge pull request from GHSA-7mqr-2v3q-v2wm

BREAKING CHANGE: `fosite.ErrRevocationClientMismatch` was removed because it is not part of [RFC 6749](https://tools.ietf.org/html/rfc6749#section-5.2). Instead, `fosite.ErrUnauthorizedClient` will be returned when calling `RevokeToken` with an OAuth2 Client which does not match the Access or Refresh Token to be revoked.",CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2020-15223,"func (svc *Service) RefetchHost(ctx context.Context, id uint) error { if !svc.authz.IsAuthenticatedWith(ctx, authz.AuthnDeviceToken) { if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil { return err } host, err := svc.ds.HostLite(ctx, id) if err != nil { return ctxerr.Wrap(ctx, err, ""find host for refetch"") } if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil { return err } } if err := svc.ds.UpdateHostRefetchRequested(ctx, id, true); err != nil { return ctxerr.Wrap(ctx, err, ""save host"") } return nil }"
602,"func generateHMAC(data []byte, key *[32]byte) []byte { h := hmac.New(sha512.New512_256, key[:]) h.Write(data) return h.Sum(nil) }",True,Go,generateHMAC,hmacsha.go,https://github.com/ory/fosite,ory,GitHub,2020-09-24 12:00:29+02:00,"Merge pull request from GHSA-7mqr-2v3q-v2wm

BREAKING CHANGE: `fosite.ErrRevocationClientMismatch` was removed because it is not part of [RFC 6749](https://tools.ietf.org/html/rfc6749#section-5.2). Instead, `fosite.ErrUnauthorizedClient` will be returned when calling `RevokeToken` with an OAuth2 Client which does not match the Access or Refresh Token to be revoked.",CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2020-15223,"func (svc *Service) GetHost(ctx context.Context, id uint) (*fleet.HostDetail, error) { alreadyAuthd := svc.authz.IsAuthenticatedWith(ctx, authz.AuthnDeviceToken) if !alreadyAuthd { if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil { return nil, err } } host, err := svc.ds.Host(ctx, id, false) if err != nil { return nil, ctxerr.Wrap(ctx, err, ""get host"") } if !alreadyAuthd { if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil { return nil, err } } return svc.getHostDetails(ctx, host) }"
606,"func isLoopbackURI(requested *url.URL, registeredURI string) bool { registered, err := url.Parse(registeredURI) if err != nil { return false } if registered.Scheme != ""http"" || !isLoopbackAddress(registered.Host) { return false } if requested.Scheme == ""http"" && isLoopbackAddress(requested.Host) && registered.Path == requested.Path { return true } return false }",True,Go,isLoopbackURI,authorize_helper.go,https://github.com/ory/fosite,ory,hackerman,2020-10-02 15:15:49+02:00,"fix: make redirect URL checking more strict

The OAuth 2.0 Client's Redirect URL and the Redirect URL used in the OAuth 2.0 flow do not check if the query string is equal:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/callback?bar=foo`
3. Instead of an error, the browser is redirected to `https://example.com/callback?bar=foo` with a potentially successful OAuth2 response.

Additionally, matching Redirect URLs used `strings.ToLower` normalization:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/CALLBACK`
3. Instead of an error, the browser is redirected to `https://example.com/CALLBACK ` with a potentially successful OAuth2 response.

This patch addresses all of these issues and adds regression tests to keep the implementation secure in future releases.",CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2020-15233,"func (svc *Service) ListHostDeviceMapping(ctx context.Context, id uint) ([]*fleet.HostDeviceMapping, error) { if !svc.authz.IsAuthenticatedWith(ctx, authz.AuthnDeviceToken) { if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil { return nil, err } host, err := svc.ds.HostLite(ctx, id) if err != nil { return nil, ctxerr.Wrap(ctx, err, ""get host"") } if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil { return nil, err } } return svc.ds.ListHostDeviceMapping(ctx, id) }"
607,"func isLoopbackURI(requested *url.URL, registeredURI string) bool { registered, err := url.Parse(registeredURI) if err != nil { return false } if registered.Scheme != ""http"" || !isLoopbackAddress(registered.Host) { return false } if requested.Scheme == ""http"" && isLoopbackAddress(requested.Host) && registered.Path == requested.Path { return true } return false }",True,Go,isLoopbackURI,authorize_helper.go,https://github.com/ory/fosite,ory,hackerman,2020-10-02 15:15:49+02:00,"fix: make redirect URL checking more strict

The OAuth 2.0 Client's Redirect URL and the Redirect URL used in the OAuth 2.0 flow do not check if the query string is equal:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/callback?bar=foo`
3. Instead of an error, the browser is redirected to `https://example.com/callback?bar=foo` with a potentially successful OAuth2 response.

Additionally, matching Redirect URLs used `strings.ToLower` normalization:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/CALLBACK`
3. Instead of an error, the browser is redirected to `https://example.com/CALLBACK ` with a potentially successful OAuth2 response.

This patch addresses all of these issues and adds regression tests to keep the implementation secure in future releases.",CWE-178,Improper Handling of Case Sensitivity,"The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.",https://cwe.mitre.org/data/definitions/178.html,CVE-2020-15234,"func (svc *Service) MacadminsData(ctx context.Context, id uint) (*fleet.MacadminsData, error) { if !svc.authz.IsAuthenticatedWith(ctx, authz.AuthnDeviceToken) { if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil { return nil, err } host, err := svc.ds.HostLite(ctx, id) if err != nil { return nil, ctxerr.Wrap(ctx, err, ""find host for macadmins"") } if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil { return nil, err } } var munkiInfo *fleet.HostMunkiInfo switch version, err := svc.ds.GetMunkiVersion(ctx, id); { case err != nil && !fleet.IsNotFound(err): return nil, err case err == nil: munkiInfo = &fleet.HostMunkiInfo{Version: version} } var mdm *fleet.HostMDM switch enrolled, serverURL, installedFromDep, err := svc.ds.GetMDM(ctx, id); { case err != nil && !fleet.IsNotFound(err): return nil, err case err == nil: enrollmentStatus := ""Unenrolled"" if enrolled && !installedFromDep { enrollmentStatus = ""Enrolled (manual)"" } else if enrolled && installedFromDep { enrollmentStatus = ""Enrolled (automated)"" } mdm = &fleet.HostMDM{ EnrollmentStatus: enrollmentStatus, ServerURL: serverURL, } } if munkiInfo == nil && mdm == nil { return nil, nil } data := &fleet.MacadminsData{ Munki: munkiInfo, MDM: mdm, } return data, nil }"
608,"func isMatchingRedirectURI(uri string, haystack []string) bool { requested, err := url.Parse(uri) if err != nil { return false } for _, b := range haystack { if strings.ToLower(b) == strings.ToLower(uri) || isLoopbackURI(requested, b) { return true } } return false }",True,Go,isMatchingRedirectURI,authorize_helper.go,https://github.com/ory/fosite,ory,hackerman,2020-10-02 15:15:49+02:00,"fix: make redirect URL checking more strict

The OAuth 2.0 Client's Redirect URL and the Redirect URL used in the OAuth 2.0 flow do not check if the query string is equal:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/callback?bar=foo`
3. Instead of an error, the browser is redirected to `https://example.com/callback?bar=foo` with a potentially successful OAuth2 response.

Additionally, matching Redirect URLs used `strings.ToLower` normalization:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/CALLBACK`
3. Instead of an error, the browser is redirected to `https://example.com/CALLBACK ` with a potentially successful OAuth2 response.

This patch addresses all of these issues and adds regression tests to keep the implementation secure in future releases.",CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2020-15233,"func (svc Service) CountSoftware(ctx context.Context, opt fleet.SoftwareListOptions) (int, error) { if err := svc.authz.Authorize(ctx, &fleet.AuthzSoftwareInventory{ TeamID: opt.TeamID, }, fleet.ActionRead); err != nil { return 0, err } return svc.ds.CountSoftware(ctx, opt) }"
609,"func isMatchingRedirectURI(uri string, haystack []string) bool { requested, err := url.Parse(uri) if err != nil { return false } for _, b := range haystack { if strings.ToLower(b) == strings.ToLower(uri) || isLoopbackURI(requested, b) { return true } } return false }",True,Go,isMatchingRedirectURI,authorize_helper.go,https://github.com/ory/fosite,ory,hackerman,2020-10-02 15:15:49+02:00,"fix: make redirect URL checking more strict

The OAuth 2.0 Client's Redirect URL and the Redirect URL used in the OAuth 2.0 flow do not check if the query string is equal:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/callback?bar=foo`
3. Instead of an error, the browser is redirected to `https://example.com/callback?bar=foo` with a potentially successful OAuth2 response.

Additionally, matching Redirect URLs used `strings.ToLower` normalization:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/CALLBACK`
3. Instead of an error, the browser is redirected to `https://example.com/CALLBACK ` with a potentially successful OAuth2 response.

This patch addresses all of these issues and adds regression tests to keep the implementation secure in future releases.",CWE-178,Improper Handling of Case Sensitivity,"The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.",https://cwe.mitre.org/data/definitions/178.html,CVE-2020-15234,"func (svc Service) ListSoftware(ctx context.Context, opt fleet.SoftwareListOptions) ([]fleet.Software, error) { if err := svc.authz.Authorize(ctx, &fleet.AuthzSoftwareInventory{ TeamID: opt.TeamID, }, fleet.ActionRead); err != nil { return nil, err } if opt.OrderKey == """" { opt.OrderKey = ""hosts_count"" opt.OrderDirection = fleet.OrderDescending } opt.WithHostCounts = true return svc.ds.ListSoftware(ctx, opt) }"
614,"func TestDoesClientWhiteListRedirect(t *testing.T) { for k, c := range []struct { client Client url string isError bool expected string }{ { client: &DefaultClient{RedirectURIs: []string{""""}}, url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: """", isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""""}}, url: """", isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: false, expected: ""http: }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: false, expected: ""http: }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: false, expected: ""http: }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: false, expected: ""http: }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: false, expected: ""http: }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: false, expected: ""http: }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: "":/invalid.uri)bar"", isError: true, }, } { redir, err := MatchRedirectURIWithClientRedirectURIs(c.url, c.client) assert.Equal(t, c.isError, err != nil, ""%d: %s"", k, err) if err == nil { require.NotNil(t, redir, ""%d"", k) assert.Equal(t, c.expected, redir.String(), ""%d"", k) } t.Logf(""Passed test case %d"", k) } }",True,Go,TestDoesClientWhiteListRedirect,authorize_helper_test.go,https://github.com/ory/fosite,ory,hackerman,2020-10-02 15:15:49+02:00,"fix: make redirect URL checking more strict

The OAuth 2.0 Client's Redirect URL and the Redirect URL used in the OAuth 2.0 flow do not check if the query string is equal:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/callback?bar=foo`
3. Instead of an error, the browser is redirected to `https://example.com/callback?bar=foo` with a potentially successful OAuth2 response.

Additionally, matching Redirect URLs used `strings.ToLower` normalization:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/CALLBACK`
3. Instead of an error, the browser is redirected to `https://example.com/CALLBACK ` with a potentially successful OAuth2 response.

This patch addresses all of these issues and adds regression tests to keep the implementation secure in future releases.",CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2020-15233,"func TestService_ListSoftware(t *testing.T) { ds := new(mock.Store) var calledWithTeamID *uint var calledWithOpt fleet.SoftwareListOptions ds.ListSoftwareFunc = func(ctx context.Context, opt fleet.SoftwareListOptions) ([]fleet.Software, error) { calledWithTeamID = opt.TeamID calledWithOpt = opt return []fleet.Software{}, nil } user := &fleet.User{ ID: 3, Email: ""foo@bar.com"", GlobalRole: ptr.String(fleet.RoleAdmin), } svc := newTestService(t, ds, nil, nil) ctx := context.Background() ctx = viewer.NewContext(ctx, viewer.Viewer{User: user}) _, err := svc.ListSoftware(ctx, fleet.SoftwareListOptions{TeamID: ptr.Uint(42), ListOptions: fleet.ListOptions{PerPage: 77, Page: 4}}) require.NoError(t, err) assert.True(t, ds.ListSoftwareFuncInvoked) assert.Equal(t, ptr.Uint(42), calledWithTeamID) assert.Equal(t, fleet.ListOptions{PerPage: 77, Page: 4, OrderKey: ""hosts_count"", OrderDirection: fleet.OrderDescending}, calledWithOpt.ListOptions) assert.True(t, calledWithOpt.WithHostCounts) ds.ListSoftwareFuncInvoked = false _, err = svc.ListSoftware(ctx, fleet.SoftwareListOptions{TeamID: nil, ListOptions: fleet.ListOptions{PerPage: 11, Page: 2, OrderKey: ""id"", OrderDirection: fleet.OrderAscending}}) require.NoError(t, err) assert.True(t, ds.ListSoftwareFuncInvoked) assert.Nil(t, calledWithTeamID) assert.Equal(t, fleet.ListOptions{PerPage: 11, Page: 2, OrderKey: ""id"", OrderDirection: fleet.OrderAscending}, calledWithOpt.ListOptions) assert.True(t, calledWithOpt.WithHostCounts) }"
615,"func TestDoesClientWhiteListRedirect(t *testing.T) { for k, c := range []struct { client Client url string isError bool expected string }{ { client: &DefaultClient{RedirectURIs: []string{""""}}, url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""wta: url: ""wta: expected: ""wta: isError: false, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: """", isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""""}}, url: """", isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: false, expected: ""https: }, { client: &DefaultClient{RedirectURIs: []string{""https: url: ""https: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: false, expected: ""http: }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: false, expected: ""http: }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: false, expected: ""http: }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: false, expected: ""http: }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: false, expected: ""http: }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: false, expected: ""http: }, { client: &DefaultClient{RedirectURIs: []string{""http: url: ""http: isError: true, }, { client: &DefaultClient{RedirectURIs: []string{""http: url: "":/invalid.uri)bar"", isError: true, }, } { redir, err := MatchRedirectURIWithClientRedirectURIs(c.url, c.client) assert.Equal(t, c.isError, err != nil, ""%d: %s"", k, err) if err == nil { require.NotNil(t, redir, ""%d"", k) assert.Equal(t, c.expected, redir.String(), ""%d"", k) } t.Logf(""Passed test case %d"", k) } }",True,Go,TestDoesClientWhiteListRedirect,authorize_helper_test.go,https://github.com/ory/fosite,ory,hackerman,2020-10-02 15:15:49+02:00,"fix: make redirect URL checking more strict

The OAuth 2.0 Client's Redirect URL and the Redirect URL used in the OAuth 2.0 flow do not check if the query string is equal:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/callback?bar=foo`
3. Instead of an error, the browser is redirected to `https://example.com/callback?bar=foo` with a potentially successful OAuth2 response.

Additionally, matching Redirect URLs used `strings.ToLower` normalization:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/CALLBACK`
3. Instead of an error, the browser is redirected to `https://example.com/CALLBACK ` with a potentially successful OAuth2 response.

This patch addresses all of these issues and adds regression tests to keep the implementation secure in future releases.",CWE-178,Improper Handling of Case Sensitivity,"The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.",https://cwe.mitre.org/data/definitions/178.html,CVE-2020-15234,"func (svc Service) TeamScheduleQuery(ctx context.Context, teamID uint, q *fleet.ScheduledQuery) (*fleet.ScheduledQuery, error) { if err := svc.authz.Authorize(ctx, &fleet.Pack{ Type: ptr.String(fmt.Sprintf(""team-%d"", teamID)), }, fleet.ActionWrite); err != nil { return nil, err } gp, err := svc.ds.EnsureTeamPack(ctx, teamID) if err != nil { return nil, err } q.PackID = gp.ID return svc.unauthorizedScheduleQuery(ctx, q) }"
616,"func TestEscapeJSONString(t *testing.T) { for _, str := range []string{"""", ""foobar"", `foo""bar`, `foo\bar`, ""foo\n\tbar""} { escaped := EscapeJSONString(str) var unmarshaled string err := json.Unmarshal([]byte(`""` + escaped + `""`), &unmarshaled) require.NoError(t, err, str) assert.Equal(t, str, unmarshaled, str) } }",True,Go,TestEscapeJSONString,helper_test.go,https://github.com/ory/fosite,ory,hackerman,2020-10-02 15:15:49+02:00,"fix: make redirect URL checking more strict

The OAuth 2.0 Client's Redirect URL and the Redirect URL used in the OAuth 2.0 flow do not check if the query string is equal:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/callback?bar=foo`
3. Instead of an error, the browser is redirected to `https://example.com/callback?bar=foo` with a potentially successful OAuth2 response.

Additionally, matching Redirect URLs used `strings.ToLower` normalization:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/CALLBACK`
3. Instead of an error, the browser is redirected to `https://example.com/CALLBACK ` with a potentially successful OAuth2 response.

This patch addresses all of these issues and adds regression tests to keep the implementation secure in future releases.",CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2020-15233,"func (svc Service) GetTeamScheduledQueries(ctx context.Context, teamID uint, opts fleet.ListOptions) ([]*fleet.ScheduledQuery, error) { if err := svc.authz.Authorize(ctx, &fleet.Pack{ Type: ptr.String(fmt.Sprintf(""team-%d"", teamID)), }, fleet.ActionRead); err != nil { return nil, err } gp, err := svc.ds.EnsureTeamPack(ctx, teamID) if err != nil { return nil, err } return svc.ds.ListScheduledQueriesInPackWithStats(ctx, gp.ID, opts) }"
617,"func TestEscapeJSONString(t *testing.T) { for _, str := range []string{"""", ""foobar"", `foo""bar`, `foo\bar`, ""foo\n\tbar""} { escaped := EscapeJSONString(str) var unmarshaled string err := json.Unmarshal([]byte(`""` + escaped + `""`), &unmarshaled) require.NoError(t, err, str) assert.Equal(t, str, unmarshaled, str) } }",True,Go,TestEscapeJSONString,helper_test.go,https://github.com/ory/fosite,ory,hackerman,2020-10-02 15:15:49+02:00,"fix: make redirect URL checking more strict

The OAuth 2.0 Client's Redirect URL and the Redirect URL used in the OAuth 2.0 flow do not check if the query string is equal:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/callback?bar=foo`
3. Instead of an error, the browser is redirected to `https://example.com/callback?bar=foo` with a potentially successful OAuth2 response.

Additionally, matching Redirect URLs used `strings.ToLower` normalization:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/CALLBACK`
3. Instead of an error, the browser is redirected to `https://example.com/CALLBACK ` with a potentially successful OAuth2 response.

This patch addresses all of these issues and adds regression tests to keep the implementation secure in future releases.",CWE-178,Improper Handling of Case Sensitivity,"The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.",https://cwe.mitre.org/data/definitions/178.html,CVE-2020-15234,"func (svc Service) ModifyTeamScheduledQueries(ctx context.Context, teamID uint, scheduledQueryID uint, query fleet.ScheduledQueryPayload) (*fleet.ScheduledQuery, error) { if err := svc.authz.Authorize(ctx, &fleet.Pack{ Type: ptr.String(fmt.Sprintf(""team-%d"", teamID)), }, fleet.ActionWrite); err != nil { return nil, err } gp, err := svc.ds.EnsureTeamPack(ctx, teamID) if err != nil { return nil, err } query.PackID = ptr.Uint(gp.ID) return svc.unauthorizedModifyScheduledQuery(ctx, scheduledQueryID, query) }"
959,"func (mbox *Mailbox) newClient() (*client.Client, error) { var imapClient *client.Client var err error if mbox.TLS { config := new(tls.Config) config.InsecureSkipVerify = mbox.IgnoreCertErrors imapClient, err = client.DialTLS(mbox.Host, config) } else { imapClient, err = client.Dial(mbox.Host) } if err != nil { return imapClient, err } err = imapClient.Login(mbox.User, mbox.Pwd) if err != nil { return imapClient, err } _, err = imapClient.Select(mbox.Folder, mbox.ReadOnly) if err != nil { return imapClient, err } return imapClient, nil }",True,Go,newClient,imap.go,https://github.com/gophish/gophish,gophish,GitHub,2020-08-20 09:36:18-05:00,"Implement SSRF Mitigations (#1940)

Initial commit of SSRF mitigations.

This fixes #1908 by creating a *net.Dialer which restricts outbound connections to only allowed IP ranges. This implementation is based on the blog post at https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang

To keep things backwards compatible, by default we'll only block connections to 169.254.169.254, the link-local IP address commonly used in cloud environments to retrieve metadata about the running instance. For other internal addresses (e.g. localhost or RFC 1918 addresses), it's assumed that those are available to Gophish.

To support more secure environments, we introduce the `allowed_internal_hosts` configuration option where an admin can set one or more IP ranges in CIDR format. If addresses are specified here, then all internal connections will be blocked except to these hosts.

There are various bits about this approach I don't really like. For example, since various packages all need this functionality, I had to make the RestrictedDialer a global singleton rather than a dependency off of, say, the admin server. Additionally, since webhooks are implemented via a singleton, I had to introduce a new function, `SetTransport`.

Finally, I had to make an update in the gomail package to support a custom net.Dialer.",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2020-24710,"func (svc *Service) ListUsers(ctx context.Context, opt fleet.UserListOptions) ([]*fleet.User, error) { user := &fleet.User{} if opt.TeamID != 0 { user.Teams = []fleet.UserTeam{{Team: fleet.Team{ID: opt.TeamID}}} } if err := svc.authz.Authorize(ctx, user, fleet.ActionRead); err != nil { return nil, err } return svc.ds.ListUsers(ctx, opt) }"
962,"func (s *SMTP) GetDialer() (mailer.Dialer, error) { hp := strings.Split(s.Host, "":"") if len(hp) < 2 { hp = append(hp, ""25"") } host := hp[0] port, err := strconv.Atoi(hp[1]) if err != nil { log.Error(err) return nil, err } d := gomail.NewDialer(host, port, s.Username, s.Password) d.TLSConfig = &tls.Config{ ServerName: host, InsecureSkipVerify: s.IgnoreCertErrors, } hostname, err := os.Hostname() if err != nil { log.Error(err) hostname = ""localhost"" } d.LocalName = hostname return &Dialer{d}, err }",True,Go,GetDialer,smtp.go,https://github.com/gophish/gophish,gophish,GitHub,2020-08-20 09:36:18-05:00,"Implement SSRF Mitigations (#1940)

Initial commit of SSRF mitigations.

This fixes #1908 by creating a *net.Dialer which restricts outbound connections to only allowed IP ranges. This implementation is based on the blog post at https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang

To keep things backwards compatible, by default we'll only block connections to 169.254.169.254, the link-local IP address commonly used in cloud environments to retrieve metadata about the running instance. For other internal addresses (e.g. localhost or RFC 1918 addresses), it's assumed that those are available to Gophish.

To support more secure environments, we introduce the `allowed_internal_hosts` configuration option where an admin can set one or more IP ranges in CIDR format. If addresses are specified here, then all internal connections will be blocked except to these hosts.

There are various bits about this approach I don't really like. For example, since various packages all need this functionality, I had to make the RestrictedDialer a global singleton rather than a dependency off of, say, the admin server. Additionally, since webhooks are implemented via a singleton, I had to introduce a new function, `SetTransport`.

Finally, I had to make an update in the gomail package to support a custom net.Dialer.",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2020-24710,"func (svc *Service) ModifyUser(ctx context.Context, userID uint, p fleet.UserPayload) (*fleet.User, error) { user, err := svc.User(ctx, userID) if err != nil { setAuthCheckedOnPreAuthErr(ctx) return nil, err } if err := svc.authz.Authorize(ctx, user, fleet.ActionWrite); err != nil { return nil, err } vc, ok := viewer.FromContext(ctx) if !ok { return nil, ctxerr.New(ctx, ""viewer not present"") } ownUser := vc.UserID() == userID if err := p.VerifyModify(ownUser); err != nil { return nil, ctxerr.Wrap(ctx, err, ""verify user payload"") } if p.GlobalRole != nil || p.Teams != nil { if err := svc.authz.Authorize(ctx, user, fleet.ActionWriteRole); err != nil { return nil, err } } if p.NewPassword != nil { if err := svc.authz.Authorize(ctx, user, fleet.ActionChangePassword); err != nil { return nil, err } if err := fleet.ValidatePasswordRequirements(*p.NewPassword); err != nil { return nil, ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError(""new_password"", err.Error())) } if ownUser { if err := vc.User.ValidatePassword(*p.NewPassword); err == nil { return nil, ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError(""new_password"", ""cannot reuse old password"")) } if err := vc.User.ValidatePassword(*p.Password); err != nil { return nil, ctxerr.Wrap(ctx, fleet.NewPermissionError(""incorrect password"")) } } } if p.Name != nil { user.Name = *p.Name } if p.Email != nil && *p.Email != user.Email { err = svc.modifyEmailAddress(ctx, user, *p.Email, p.Password) if err != nil { return nil, err } } if p.Position != nil { user.Position = *p.Position } if p.GravatarURL != nil { user.GravatarURL = *p.GravatarURL } if p.SSOEnabled != nil { user.SSOEnabled = *p.SSOEnabled } currentUser := authz.UserFromContext(ctx) if p.GlobalRole != nil && *p.GlobalRole != """" { if currentUser.GlobalRole == nil { return nil, authz.ForbiddenWithInternal( ""cannot edit global role as a team member"", currentUser, user, fleet.ActionWriteRole, ) } if p.Teams != nil && len(*p.Teams) > 0 { return nil, fleet.NewInvalidArgumentError(""teams"", ""may not be specified with global_role"") } user.GlobalRole = p.GlobalRole user.Teams = []fleet.UserTeam{} } else if p.Teams != nil { if !isAdminOfTheModifiedTeams(currentUser, user.Teams, *p.Teams) { return nil, authz.ForbiddenWithInternal( ""cannot modify teams in that way"", currentUser, user, fleet.ActionWriteRole, ) } user.Teams = *p.Teams user.GlobalRole = nil } if p.NewPassword != nil { err = svc.setNewPassword(ctx, user, *p.NewPassword) } else { err = svc.saveUser(ctx, user) } if err != nil { return nil, err } return user, nil }"
965,"func (as *AdminServer) registerRoutes() { router := mux.NewRouter() router.HandleFunc(""/"", mid.Use(as.Base, mid.RequireLogin)) router.HandleFunc(""/login"", mid.Use(as.Login, as.limiter.Limit)) router.HandleFunc(""/logout"", mid.Use(as.Logout, mid.RequireLogin)) router.HandleFunc(""/reset_password"", mid.Use(as.ResetPassword, mid.RequireLogin)) router.HandleFunc(""/campaigns"", mid.Use(as.Campaigns, mid.RequireLogin)) router.HandleFunc(""/campaigns/{id:[0-9]+}"", mid.Use(as.CampaignID, mid.RequireLogin)) router.HandleFunc(""/templates"", mid.Use(as.Templates, mid.RequireLogin)) router.HandleFunc(""/groups"", mid.Use(as.Groups, mid.RequireLogin)) router.HandleFunc(""/landing_pages"", mid.Use(as.LandingPages, mid.RequireLogin)) router.HandleFunc(""/sending_profiles"", mid.Use(as.SendingProfiles, mid.RequireLogin)) router.HandleFunc(""/settings"", mid.Use(as.Settings, mid.RequireLogin)) router.HandleFunc(""/users"", mid.Use(as.UserManagement, mid.RequirePermission(models.PermissionModifySystem), mid.RequireLogin)) router.HandleFunc(""/webhooks"", mid.Use(as.Webhooks, mid.RequirePermission(models.PermissionModifySystem), mid.RequireLogin)) router.HandleFunc(""/impersonate"", mid.Use(as.Impersonate, mid.RequirePermission(models.PermissionModifySystem), mid.RequireLogin)) api := api.NewServer( api.WithWorker(as.worker), api.WithLimiter(as.limiter), ) router.PathPrefix(""/api/"").Handler(api) router.PathPrefix(""/"").Handler(http.FileServer(unindexed.Dir(""./static/""))) csrfKey := []byte(as.config.CSRFKey) if len(csrfKey) == 0 { csrfKey = []byte(auth.GenerateSecureKey(auth.APIKeyLength)) } csrfHandler := csrf.Protect(csrfKey, csrf.FieldName(""csrf_token""), csrf.Secure(as.config.UseTLS)) adminHandler := csrfHandler(router) adminHandler = mid.Use(adminHandler.ServeHTTP, mid.CSRFExceptions, mid.GetContext) gzipWrapper, _ := gziphandler.NewGzipLevelHandler(gzip.BestCompression) adminHandler = gzipWrapper(adminHandler) adminHandler = handlers.CombinedLoggingHandler(log.Writer(), adminHandler) as.server.Handler = adminHandler }",True,Go,registerRoutes,route.go,https://github.com/gophish/gophish,gophish,Jordan Wright,2020-08-20 10:39:23-05:00,Added a simple Content-Security-Policy to mitigate clickjacking attempts.,CWE-1021,Improper Restriction of Rendered UI Layers or Frames,"The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.",https://cwe.mitre.org/data/definitions/1021.html,CVE-2020-24711,"func isAdminOfTheModifiedTeams(currentUser *fleet.User, originalUserTeams, newUserTeams []fleet.UserTeam) bool { if currentUser.GlobalRole != nil && *currentUser.GlobalRole == fleet.RoleAdmin { return true } newTeams := make(map[uint]string) for _, team := range newUserTeams { newTeams[team.ID] = team.Role } originalTeams := make(map[uint]struct{}) for _, team := range originalUserTeams { originalTeams[team.ID] = struct{}{} } teamsAffected := make(map[uint]struct{}) for _, team := range originalUserTeams { if newTeams[team.ID] != team.Role { teamsAffected[team.ID] = struct{}{} } } for _, team := range newUserTeams { if _, ok := originalTeams[team.ID]; !ok { teamsAffected[team.ID] = struct{}{} } } currentUserTeamAdmin := make(map[uint]struct{}) for _, team := range currentUser.Teams { if team.Role == fleet.RoleAdmin { currentUserTeamAdmin[team.ID] = struct{}{} } } for teamID := range teamsAffected { if _, ok := currentUserTeamAdmin[teamID]; !ok { return false } } return true }"
976,"func (p *Profile) writeConfWgQuick(data *WgConf) (pth string, err error) { allowedIps := []string{} if data.Routes != nil { for _, route := range data.Routes { allowedIps = append(allowedIps, route.Network) } } if data.Routes6 != nil { for _, route := range data.Routes6 { allowedIps = append(allowedIps, route.Network) } } addr := data.Address if data.Address6 != """" { addr += "","" + data.Address6 } templData := WgConfData{ Address: addr, PrivateKey: p.PrivateKeyWg, PublicKey: data.PublicKey, AllowedIps: strings.Join(allowedIps, "",""), Endpoint: fmt.Sprintf(""%s:%d"", data.Hostname, data.Port), } if data.DnsServers != nil && len(data.DnsServers) > 0 { templData.HasDns = true templData.DnsServers = strings.Join(data.DnsServers, "","") } output := &bytes.Buffer{} err = WgConfTempl.Execute(output, templData) if err != nil { err = &errortypes.ParseError{ errors.Wrap(err, ""profile: Failed to exec wg template""), } return } rootDir := """" switch runtime.GOOS { case ""linux"": rootDir = WgLinuxConfPath err = os.MkdirAll(WgLinuxConfPath, 0700) if err != nil { err = &errortypes.WriteError{ errors.Wrap( err, ""profile: Failed to create wg conf directory""), } return } case ""darwin"": rootDir = WgMacConfPath err = os.MkdirAll(WgMacConfPath, 0700) if err != nil { err = &errortypes.WriteError{ errors.Wrap( err, ""profile: Failed to create wg conf directory""), } return } default: rootDir, err = utils.GetTempDir() if err != nil { return } } pth = filepath.Join(rootDir, p.Iface+"".conf"") os.Remove(pth) err = ioutil.WriteFile( pth, []byte(output.String()), os.FileMode(0600), ) if err != nil { err = &WriteError{ errors.Wrap(err, ""profile: Failed to write wg conf""), } return } return }",True,Go,writeConfWgQuick,profile.go,https://github.com/pritunl/pritunl-client-electron,pritunl,Zachary Huff,2020-08-31 05:55:29-04:00,Remove file before io write file,CWE-59,Improper Link Resolution Before File Access ('Link Following'),"The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.",https://cwe.mitre.org/data/definitions/59.html,CVE-2020-25989,"func (v *validator) ValidateSignature(auth kolide.Auth) (kolide.Auth, error) { info := auth.(*resp) status, err := info.status() if err != nil { return nil, errors.New(""missing or malformed response"") } if status != Success { return nil, errors.Errorf(""response status %s"", info.statusDescription()) } decoded, err := base64.StdEncoding.DecodeString(info.rawResponse()) if err != nil { return nil, errors.Wrap(err, ""base64 decode response"") } err = rtvalidator.Validate(bytes.NewReader(decoded)) if err != nil { return nil, errors.Wrap(err, ""response XML failed validation"") } doc := etree.NewDocument() err = doc.ReadFromBytes(decoded) if err != nil || doc.Root() == nil { return nil, errors.Wrap(err, ""parsing xml response"") } elt := doc.Root() signed, err := v.validateSignature(elt) if err != nil { return nil, errors.Wrap(err, ""signing verification failed"") } signedDoc := etree.NewDocument() signedDoc.SetRoot(signed) buffer, err := signedDoc.WriteToBytes() if err != nil { return nil, errors.Wrap(err, ""creating signed doc buffer"") } var response Response err = xml.Unmarshal(buffer, &response) if err != nil { return nil, errors.Wrap(err, ""unmarshalling signed doc"") } info.setResponse(&response) return info, nil }"
979,"func (p *Profile) write() (pth string, err error) { rootDir, err := utils.GetTempDir() if err != nil { return } pth = filepath.Join(rootDir, p.Id) _ = os.Remove(pth) err = ioutil.WriteFile(pth, []byte(p.Data), os.FileMode(0600)) if err != nil { err = &WriteError{ errors.Wrap(err, ""profile: Failed to write profile""), } return } return }",True,Go,write,profile.go,https://github.com/pritunl/pritunl-client-electron,pritunl,Zachary Huff,2020-09-02 18:51:02-04:00,Filter openvpn configuration data,CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2020-27519,"func makeStreamDistributedQueryCampaignResultsHandler(svc kolide.Service, jwtKey string, logger kitlog.Logger) http.Handler { opt := sockjs.DefaultOptions opt.Websocket = true opt.RawWebsocket = true return sockjs.NewHandler(""/api/v1/kolide/results"", opt, func(session sockjs.Session) { conn := &websocket.Conn{Session: session} defer func() { if p := recover(); p != nil { logger.Log(""err"", p, ""msg"", ""panic in result handler"") conn.WriteJSONError(""panic in result handler"") } session.Close(0, ""none"") }() token, err := conn.ReadAuthToken() if err != nil { logger.Log(""err"", err, ""msg"", ""failed to read auth token"") return } vc, err := authViewer(context.Background(), jwtKey, token, svc) if err != nil || !vc.CanPerformActions() { logger.Log(""err"", err, ""msg"", ""unauthorized viewer"") conn.WriteJSONError(""unauthorized"") return } ctx := viewer.NewContext(context.Background(), *vc) msg, err := conn.ReadJSONMessage() if err != nil { logger.Log(""err"", err, ""msg"", ""reading select_campaign JSON"") conn.WriteJSONError(""error reading select_campaign"") return } if msg.Type != ""select_campaign"" { logger.Log(""err"", ""unexpected msg type, expected select_campaign"", ""msg-type"", msg.Type) conn.WriteJSONError(""expected select_campaign"") return } var info struct { CampaignID uint `json:""campaign_id""` } err = json.Unmarshal(*(msg.Data.(*json.RawMessage)), &info) if err != nil { logger.Log(""err"", err, ""msg"", ""unmarshaling select_campaign data"") conn.WriteJSONError(""error unmarshaling select_campaign data"") return } if info.CampaignID == 0 { logger.Log(""err"", ""campaign ID not set"") conn.WriteJSONError(""0 is not a valid campaign ID"") return } svc.StreamCampaignResults(ctx, conn, info.CampaignID) }) }"
981,"func MkdirSecure(pth string) (err error) { err = os.MkdirAll(pth, 0755) if err != nil { err = &errortypes.WriteError{ errors.Wrap(err, ""utils: Failed to create directory""), } return } err = acl.Apply( pth, true, false, acl.GrantName(windows.GENERIC_ALL, ""CREATOR OWNER""), acl.GrantName(windows.GENERIC_ALL, ""SYSTEM""), acl.GrantName(windows.GENERIC_ALL, ""Administrators""), ) if err != nil { err = &errortypes.WriteError{ errors.Wrap(err, ""utils: Failed to acl directory""), } return } return }",True,Go,MkdirSecure,platform_windows.go,https://github.com/pritunl/pritunl-client-electron,pritunl,Zachary Huff,2022-02-17 18:47:14-05:00,Update acl in service platform windows,CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2022-25372,"func unpackTarFiles(reader *tar.Reader, extractDir string) error { const errLinkedDirectoryOutside = ""linked directory '%s' is outside the extraction directory"" extractAbsDir, err := filepath.Abs(extractDir) if err != nil { return fmt.Errorf(""error defining the absolute path of '%s': %s"", extractDir, err) } var header *tar.Header var count int = 0 var reSlash = regexp.MustCompile(`/.*`) innerDir := """" for { if header, err = reader.Next(); err != nil { if err == io.EOF { condPrint(""Files "", false, CHATTY) condPrint(strconv.Itoa(count), true, 1) return nil } return err } filemode := os.FileMode(header.Mode) filename := sanitizedName(header.Name) fileDir := path.Dir(filename) upperDir := reSlash.ReplaceAllString(fileDir, """") if innerDir != """" { if upperDir != innerDir { return fmt.Errorf(""found more than one directory inside the tarball\n""+ ""<%s> and <%s>"", upperDir, innerDir) } } else { innerDir = upperDir } if _, err = os.Stat(fileDir); os.IsNotExist(err) { if err = os.MkdirAll(fileDir, globals.PublicDirectoryAttr); err != nil { return err } condPrint("" + ""+fileDir+"" "", true, CHATTY) } if header.Typeflag == 0 { header.Typeflag = tar.TypeReg } switch header.Typeflag { case tar.TypeDir: if err = os.MkdirAll(filename, globals.PublicDirectoryAttr); err != nil { return err } case tar.TypeReg: if err = unpackTarFile(filename, reader); err != nil { return err } err = os.Chmod(filename, filemode) if err != nil { return err } count++ condPrint(filename, true, CHATTY) if count%10 == 0 { mark := ""."" if count%100 == 0 { mark = strconv.Itoa(count) } if Verbose < CHATTY { condPrint(mark, false, 1) } } case tar.TypeSymlink: if header.Linkname != """" { linkDepth := pathDepth(header.Linkname) nameDepth := pathDepth(header.Name) if linkDepth > nameDepth { fmt.Println() return fmt.Errorf(errLinkedDirectoryOutside, header.Linkname) } if common.FileExists(header.Linkname) { absFile, err := filepath.Abs(header.Linkname) if err != nil { return fmt.Errorf(""error retrieving absolute path of %s: %s"", header.Linkname, err) } if !common.BeginsWith(absFile, extractAbsDir) { return fmt.Errorf(errLinkedDirectoryOutside, header.Linkname) } } else { if common.BeginsWith(header.Linkname, ""/"") { if !common.BeginsWith(header.Linkname, extractAbsDir) { return fmt.Errorf(errLinkedDirectoryOutside, header.Linkname) } } } condPrint(fmt.Sprintf(""%s -> %s"", filename, header.Linkname), true, CHATTY) err = os.Symlink(header.Linkname, filename) if err != nil { return fmt.Errorf(""%#v\n#ERROR: %s"", header, err) } } else { return fmt.Errorf(""file %s is a symlink, but no link information was provided"", filename) } } } }"
984,"func TestAuthorizeTeamPacks(t *testing.T) { t.Parallel() runTestCases(t, []authTestCase{ { user: test.UserTeamMaintainerTeam1, object: &fleet.Pack{ TeamIDs: []uint{1}, }, action: read, allow: true, }, { user: test.UserTeamObserverTeam1TeamAdminTeam2, object: &fleet.Pack{ TeamIDs: []uint{1}, }, action: read, allow: false, }, { user: test.UserTeamObserverTeam1TeamAdminTeam2, object: &fleet.Pack{ TeamIDs: []uint{1}, }, action: write, allow: false, }, { user: test.UserTeamAdminTeam1, object: &fleet.Pack{ TeamIDs: []uint{2}, }, action: read, allow: false, }, { user: test.UserTeamAdminTeam1, object: &fleet.Pack{ TeamIDs: []uint{2}, }, action: read, allow: false, }, { user: test.UserTeamMaintainerTeam1, object: &fleet.Pack{}, action: read, allow: true, }, { user: test.UserTeamAdminTeam1, object: &fleet.Pack{}, action: read, allow: true, }, { user: test.UserTeamAdminTeam1, object: &fleet.Pack{}, action: write, allow: false, }, }) }",True,Go,TestAuthorizeTeamPacks,policy_test.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func UnpackTar(filename string, destination string, verbosityLevel int) (err error) { Verbose = verbosityLevel f, err := os.Stat(destination) if os.IsNotExist(err) { return fmt.Errorf(""destination directory '%s' does not exist"", destination) } filemode := f.Mode() if !filemode.IsDir() { return fmt.Errorf(""destination '%s' is not a directory"", destination) } if !validSuffix(filename) { return fmt.Errorf(""unrecognized archive suffix"") } var file *os.File if file, err = os.Open(filename); err != nil { return err } defer file.Close() err = os.Chdir(destination) if err != nil { return errors.Wrapf(err, ""error changing directory to %s"", destination) } var fileReader io.Reader = file var decompressor *gzip.Reader if strings.HasSuffix(filename, globals.GzExt) { if decompressor, err = gzip.NewReader(file); err != nil { return err } defer decompressor.Close() } var reader *tar.Reader if decompressor != nil { reader = tar.NewReader(decompressor) } else { reader = tar.NewReader(fileReader) } return unpackTarFiles(reader, destination) }"
993,"func TestListActivities(t *testing.T) { ds := new(mock.Store) svc := newTestService(t, ds, nil, nil) ds.ListActivitiesFunc = func(ctx context.Context, opts fleet.ListOptions) ([]*fleet.Activity, error) { return []*fleet.Activity{ {ID: 1}, {ID: 2}, }, nil } activities, err := svc.ListActivities(test.UserContext(test.UserAdmin), fleet.ListOptions{}) require.NoError(t, err) require.Len(t, activities, 2) activities, err = svc.ListActivities(test.UserContext(test.UserNoRoles), fleet.ListOptions{}) require.NoError(t, err) require.Len(t, activities, 2) _, err = svc.ListActivities(context.Background(), fleet.ListOptions{}) require.Error(t, err) require.Contains(t, err.Error(), authz.ForbiddenErrorMessage) }",True,Go,TestListActivities,activities_test.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func Render(tmpl string, s *types.Step) (types.StepSlice, error) { buffer := new(bytes.Buffer) config := new(types.Build) velaFuncs := funcHandler{envs: convertPlatformVars(s.Environment)} templateFuncMap := map[string]interface{}{ ""vela"": velaFuncs.returnPlatformVar, } sf := sprig.TxtFuncMap() delete(sf, ""env"") delete(sf, ""expandenv"") t, err := template.New(s.Name).Funcs(sf).Funcs(templateFuncMap).Parse(tmpl) if err != nil { return types.StepSlice{}, fmt.Errorf(""unable to parse template %s: %v"", s.Template.Name, err) } err = t.Execute(buffer, s.Template.Variables) if err != nil { return types.StepSlice{}, fmt.Errorf(""unable to execute template %s: %v"", s.Template.Name, err) } err = yaml.Unmarshal(buffer.Bytes(), config) if err != nil { return types.StepSlice{}, fmt.Errorf(""unable to unmarshal yaml: %v"", err) } for index, newStep := range config.Steps { config.Steps[index].Name = fmt.Sprintf(""%s_%s"", s.Name, newStep.Name) } return config.Steps, nil }"
996,"func (svc *Service) DeleteGlobalScheduledQueries(ctx context.Context, id uint) error { if err := svc.authz.Authorize(ctx, &fleet.Pack{}, fleet.ActionWrite); err != nil { return err } return svc.DeleteScheduledQuery(ctx, id) }",True,Go,DeleteGlobalScheduledQueries,global_schedule.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func UpdateMetaDataInRxInfoSet(ctx context.Context, db sqlx.Queryer, rxInfoSet []*gw.UplinkRXInfo) []*gw.UplinkRXInfo { var out []*gw.UplinkRXInfo for i := range rxInfoSet { rxInfo := rxInfoSet[i] id := helpers.GetGatewayID(rxInfo) g, err := storage.GetAndCacheGateway(ctx, db, id) if err != nil { if errors.Cause(err) == storage.ErrDoesNotExist { log.WithFields(log.Fields{ ""ctx_id"": ctx.Value(logging.ContextIDKey), ""gateway_id"": id, }).Warning(""uplink received by unknown gateway"") } else { log.WithFields(log.Fields{ ""ctx_id"": ctx.Value(logging.ContextIDKey), ""gateway_id"": id, }).WithError(err).Error(""get gateway error"") } continue } rxInfo.Location = &common.Location{ Latitude: g.Location.Latitude, Longitude: g.Location.Longitude, Altitude: g.Altitude, } var board storage.GatewayBoard if int(rxInfo.Board) < len(g.Boards) { board = g.Boards[int(rxInfo.Board)] } if tsInfo := rxInfo.GetEncryptedFineTimestamp(); tsInfo != nil && board.FPGAID != nil { if len(tsInfo.FpgaId) == 0 { tsInfo.FpgaId = board.FPGAID[:] } } if tsInfo := rxInfo.GetEncryptedFineTimestamp(); tsInfo != nil && board.FineTimestampKey != nil { rxTime, err := ptypes.Timestamp(rxInfo.GetTime()) if err != nil { log.WithFields(log.Fields{ ""ctx_id"": ctx.Value(logging.ContextIDKey), ""gateway_id"": id, }).WithError(err).Error(""get timestamp error"") } plainTS, err := decryptFineTimestamp(*board.FineTimestampKey, rxTime, *tsInfo) if err != nil { log.WithFields(log.Fields{ ""ctx_id"": ctx.Value(logging.ContextIDKey), ""gateway_id"": id, }).WithError(err).Error(""decrypt fine-timestamp error"") continue } rxInfo.FineTimestampType = gw.FineTimestampType_PLAIN rxInfo.FineTimestamp = &gw.UplinkRXInfo_PlainFineTimestamp{ PlainFineTimestamp: &plainTS, } } out = append(out, rxInfo) } return out }"
997,"func (svc *Service) ModifyGlobalScheduledQueries(ctx context.Context, id uint, query fleet.ScheduledQueryPayload) (*fleet.ScheduledQuery, error) { if err := svc.authz.Authorize(ctx, &fleet.Pack{}, fleet.ActionWrite); err != nil { return nil, err } gp, err := svc.ds.EnsureGlobalPack(ctx) if err != nil { return nil, err } query.PackID = ptr.Uint(gp.ID) return svc.ModifyScheduledQuery(ctx, id, query) }",True,Go,ModifyGlobalScheduledQueries,global_schedule.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func getGateway(ctx *statsContext) error { gatewayID := helpers.GetGatewayID(&ctx.gatewayStats) gw, err := storage.GetAndCacheGateway(ctx.ctx, storage.DB(), gatewayID) if err != nil { if errors.Cause(err) == storage.ErrDoesNotExist { log.WithFields(log.Fields{ ""ctx_id"": ctx.ctx.Value(logging.ContextIDKey), ""gateway_id"": gatewayID, }).Warning(""gateway/stats: stats received by unknown gateway"") return ErrAbort } else { return errors.Wrap(err, ""get gateway error"") } } ctx.gateway = gw return nil }"
998,"func (svc *Service) GlobalScheduleQuery(ctx context.Context, sq *fleet.ScheduledQuery) (*fleet.ScheduledQuery, error) { if err := svc.authz.Authorize(ctx, &fleet.Pack{}, fleet.ActionRead); err != nil { return nil, err } gp, err := svc.ds.EnsureGlobalPack(ctx) if err != nil { return nil, err } sq.PackID = gp.ID return svc.ScheduleQuery(ctx, sq) }",True,Go,GlobalScheduleQuery,global_schedule.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func handleCollectedUplink(ctx context.Context, uplinkFrame gw.UplinkFrame, rxPacket models.RXPacket) error { rxPacket.RXInfoSet = gateway.UpdateMetaDataInRxInfoSet(ctx, storage.DB(), rxPacket.RXInfoSet) if len(rxPacket.RXInfoSet) == 0 { return nil } var uplinkIDs []uuid.UUID for _, p := range rxPacket.RXInfoSet { uplinkIDs = append(uplinkIDs, helpers.GetUplinkID(p)) } log.WithFields(log.Fields{ ""uplink_ids"": uplinkIDs, ""mtype"": rxPacket.PHYPayload.MHDR.MType, ""ctx_id"": ctx.Value(logging.ContextIDKey), }).Info(""uplink: frame(s) collected"") if err := framelog.LogUplinkFrameForGateways(ctx, ns.UplinkFrameLog{ PhyPayload: uplinkFrame.PhyPayload, TxInfo: rxPacket.TXInfo, RxInfo: rxPacket.RXInfoSet, }); err != nil { log.WithFields(log.Fields{ ""ctx_id"": ctx.Value(logging.ContextIDKey), }).WithError(err).Error(""uplink: log uplink frames for gateways error"") } switch rxPacket.PHYPayload.MHDR.MType { case lorawan.JoinRequest: return join.Handle(ctx, rxPacket) case lorawan.RejoinRequest: return rejoin.Handle(ctx, rxPacket) case lorawan.UnconfirmedDataUp, lorawan.ConfirmedDataUp: return data.Handle(ctx, rxPacket) case lorawan.Proprietary: return proprietary.Handle(ctx, rxPacket) default: return nil } }"
1001,"func (svc *Service) GetGlobalScheduledQueries(ctx context.Context, opts fleet.ListOptions) ([]*fleet.ScheduledQuery, error) { if err := svc.authz.Authorize(ctx, &fleet.Pack{}, fleet.ActionRead); err != nil { return nil, err } gp, err := svc.ds.EnsureGlobalPack(ctx) if err != nil { return nil, err } return svc.ds.ListScheduledQueriesInPackWithStats(ctx, gp.ID, opts) }",True,Go,GetGlobalScheduledQueries,global_schedule.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func collectAndCallOnce(rxPacket gw.UplinkFrame, callback func(packet models.RXPacket) error) error { phyKey := hex.EncodeToString(rxPacket.PhyPayload) txInfoB, err := proto.Marshal(rxPacket.TxInfo) if err != nil { return errors.Wrap(err, ""marshal protobuf error"") } txInfoHEX := hex.EncodeToString(txInfoB) key := fmt.Sprintf(CollectKeyTempl, txInfoHEX, phyKey) lockKey := fmt.Sprintf(CollectLockKeyTempl, txInfoHEX, phyKey) deduplicationTTL := deduplicationDelay * 2 if deduplicationTTL < time.Millisecond*200 { deduplicationTTL = time.Millisecond * 200 } if err := collectAndCallOncePut(key, deduplicationTTL, rxPacket); err != nil { return err } if locked, err := collectAndCallOnceLocked(lockKey, deduplicationTTL); err != nil || locked { return err } time.Sleep(deduplicationDelay) payloads, err := collectAndCallOnceCollect(key) if err != nil { return errors.Wrap(err, ""get deduplication set members error"") } if len(payloads) == 0 { return errors.New(""zero items in collect set"") } var out models.RXPacket for i, b := range payloads { var uplinkFrame gw.UplinkFrame if err := proto.Unmarshal(b, &uplinkFrame); err != nil { return errors.Wrap(err, ""unmarshal uplink frame error"") } if uplinkFrame.TxInfo == nil { log.Warning(""tx-info of uplink frame is empty, skipping"") continue } if uplinkFrame.RxInfo == nil { log.Warning(""rx-info of uplink frame is empty, skipping"") continue } if i == 0 { var phy lorawan.PHYPayload if err := phy.UnmarshalBinary(uplinkFrame.PhyPayload); err != nil { return errors.Wrap(err, ""unmarshal phypayload error"") } out.PHYPayload = phy dr, err := helpers.GetDataRateIndex(true, uplinkFrame.TxInfo, band.Band()) if err != nil { return errors.Wrap(err, ""get data-rate index error"") } out.DR = dr } out.TXInfo = uplinkFrame.TxInfo out.RXInfoSet = append(out.RXInfoSet, uplinkFrame.RxInfo) } return callback(out) }"
1005,"func (svc *Service) RefetchHost(ctx context.Context, id uint) error { if !svc.authz.IsAuthenticatedWith(ctx, authz_ctx.AuthnDeviceToken) { if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil { return err } host, err := svc.ds.HostLite(ctx, id) if err != nil { return ctxerr.Wrap(ctx, err, ""find host for refetch"") } if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil { return err } } if err := svc.ds.UpdateHostRefetchRequested(ctx, id, true); err != nil { return ctxerr.Wrap(ctx, err, ""save host"") } return nil }",True,Go,RefetchHost,hosts.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func TestStaticFilesDelivery(t *testing.T) { importPath := filepath.Join(testdataBaseDir(), ""webapp1"") ts := newTestServer(t, importPath) defer ts.Close() t.Logf(""Test Server URL [Static Files Delivery]: %s"", ts.URL) httpClient := new(http.Client) t.Log(""Static File - /robots.txt"") resp, err := httpClient.Get(ts.URL + ""/robots.txt"") assert.Nil(t, err) assert.Equal(t, 200, resp.StatusCode) assert.True(t, strings.Contains(responseBody(resp), ""User-agent: *"")) assert.Equal(t, ""no-cache, no-store, must-revalidate"", resp.Header.Get(ahttp.HeaderCacheControl)) t.Log(""Static File - /assets/css/aah.css"") resp, err = httpClient.Get(ts.URL + ""/assets/css/aah.css"") assert.Nil(t, err) assert.Equal(t, 200, resp.StatusCode) assert.True(t, strings.Contains(responseBody(resp), ""Minimal aah framework application template CSS."")) assert.Equal(t, ""no-cache, no-store, must-revalidate"", resp.Header.Get(ahttp.HeaderCacheControl)) t.Log(""Static File - /assets/img/aah-framework-logo.png"") resp, err = httpClient.Get(ts.URL + ""/assets/img/aah-framework-logo.png"") assert.Nil(t, err) assert.Equal(t, 200, resp.StatusCode) assert.Equal(t, ""image/png"", resp.Header.Get(ahttp.HeaderContentType)) assert.Equal(t, ""6990"", resp.Header.Get(ahttp.HeaderContentLength)) assert.Equal(t, ""no-cache, no-store, must-revalidate"", resp.Header.Get(ahttp.HeaderCacheControl)) t.Log(""Static File - /assets/img/notfound/file.txt"") resp, err = httpClient.Get(ts.URL + ""/assets/img/notfound/file.txt"") assert.Nil(t, err) assert.Equal(t, 200, resp.StatusCode) assert.Equal(t, ""0"", resp.Header.Get(ahttp.HeaderContentLength)) }"
1006,"func (svc *Service) GetHost(ctx context.Context, id uint) (*fleet.HostDetail, error) { alreadyAuthd := svc.authz.IsAuthenticatedWith(ctx, authz_ctx.AuthnDeviceToken) if !alreadyAuthd { if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil { return nil, err } } host, err := svc.ds.Host(ctx, id, false) if err != nil { return nil, ctxerr.Wrap(ctx, err, ""get host"") } if !alreadyAuthd { if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil { return nil, err } } return svc.getHostDetails(ctx, host) }",True,Go,GetHost,hosts.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"router.Use(LoggerWithFormatter(func(param LogFormatterParams) string { return fmt.Sprintf(""[FORMATTER TEST] %v | %3d | %13v | %15s | %-7s %#v\n%s"", param.TimeStamp.Format(""2006/01/02 - 15:04:05""), param.StatusCode, param.Latency, param.ClientIP, param.Method, param.Path, param.ErrorMessage, ) }))"
1007,"func (svc *Service) OSVersions(ctx context.Context, teamID *uint, platform *string) (*fleet.OSVersions, error) { if err := svc.authz.Authorize(ctx, &fleet.Host{TeamID: teamID}, fleet.ActionList); err != nil { return nil, err } osVersions, err := svc.ds.OSVersions(ctx, teamID, platform) if err != nil { return nil, err } return osVersions, nil }",True,Go,OSVersions,hosts.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func initLocales(opt Options) language.Matcher { tags := make([]language.Tag, len(opt.Langs)) for i, lang := range opt.Langs { tags[i] = language.Raw.Make(lang) fname := fmt.Sprintf(opt.Format, lang) custom := []interface{}{} customPath := path.Join(opt.CustomDirectory, fname) if isFile(customPath) { custom = append(custom, customPath) } var locale interface{} if data, ok := opt.Files[fname]; ok { locale = data } else { locale = path.Join(opt.Directory, fname) } err := i18n.SetMessageWithDesc(lang, opt.Names[i], locale, custom...) if err != nil && err != i18n.ErrLangAlreadyExist { panic(fmt.Errorf(""fail to set message file(%s): %v"", lang, err)) } } return language.NewMatcher(tags) }"
1008,"func (svc *Service) ListHostDeviceMapping(ctx context.Context, id uint) ([]*fleet.HostDeviceMapping, error) { if !svc.authz.IsAuthenticatedWith(ctx, authz_ctx.AuthnDeviceToken) { if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil { return nil, err } host, err := svc.ds.HostLite(ctx, id) if err != nil { return nil, ctxerr.Wrap(ctx, err, ""get host"") } if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil { return nil, err } } return svc.ds.ListHostDeviceMapping(ctx, id) }",True,Go,ListHostDeviceMapping,hosts.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func I18n(options ...Options) macaron.Handler { opt := prepareOptions(options) m := initLocales(opt) return func(ctx *macaron.Context) { isNeedRedir := false hasCookie := false lang := ctx.Query(opt.Parameter) if len(lang) == 0 { lang = ctx.GetCookie(""lang"") hasCookie = true } else { isNeedRedir = true } if !i18n.IsExist(lang) { lang = """" isNeedRedir = false hasCookie = false } if len(lang) == 0 { tags, _, _ := language.ParseAcceptLanguage(ctx.Req.Header.Get(""Accept-Language"")) tag, _, _ := m.Match(tags...) lang = tag.String() isNeedRedir = false } curLang := LangType{ Lang: lang, } if !hasCookie { ctx.SetCookie(""lang"", curLang.Lang, 1<<31-1, ""/""+strings.TrimPrefix(opt.SubURL, ""/""), opt.CookieDomain) } restLangs := make([]LangType, 0, i18n.Count()-1) langs := i18n.ListLangs() names := i18n.ListLangDescs() for i, v := range langs { if lang != v { restLangs = append(restLangs, LangType{v, names[i]}) } else { curLang.Name = names[i] } } locale := Locale{i18n.Locale{lang}} ctx.Map(locale) ctx.Locale = locale ctx.Data[opt.TmplName] = locale ctx.Data[""Tr""] = i18n.Tr ctx.Data[""Lang""] = locale.Lang ctx.Data[""LangName""] = curLang.Name ctx.Data[""AllLangs""] = append([]LangType{curLang}, restLangs...) ctx.Data[""RestLangs""] = restLangs if opt.Redirect && isNeedRedir { ctx.Redirect(opt.SubURL + path.Clean(ctx.Req.RequestURI[:strings.Index(ctx.Req.RequestURI, ""?"")])) } } }"
1010,"func (svc *Service) MacadminsData(ctx context.Context, id uint) (*fleet.MacadminsData, error) { if !svc.authz.IsAuthenticatedWith(ctx, authz_ctx.AuthnDeviceToken) { if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil { return nil, err } host, err := svc.ds.HostLite(ctx, id) if err != nil { return nil, ctxerr.Wrap(ctx, err, ""find host for macadmins"") } if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil { return nil, err } } var munkiInfo *fleet.HostMunkiInfo switch version, err := svc.ds.GetMunkiVersion(ctx, id); { case err != nil && !fleet.IsNotFound(err): return nil, err case err == nil: munkiInfo = &fleet.HostMunkiInfo{Version: version} } var mdm *fleet.HostMDM switch enrolled, serverURL, installedFromDep, err := svc.ds.GetMDM(ctx, id); { case err != nil && !fleet.IsNotFound(err): return nil, err case err == nil: enrollmentStatus := ""Unenrolled"" if enrolled && !installedFromDep { enrollmentStatus = ""Enrolled (manual)"" } else if enrolled && installedFromDep { enrollmentStatus = ""Enrolled (automated)"" } mdm = &fleet.HostMDM{ EnrollmentStatus: enrollmentStatus, ServerURL: serverURL, } } if munkiInfo == nil && mdm == nil { return nil, nil } data := &fleet.MacadminsData{ Munki: munkiInfo, MDM: mdm, } return data, nil }",True,Go,MacadminsData,hosts.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func (p *GitLabProvider) EnrichSession(ctx context.Context, s *sessions.SessionState) error { userInfo, err := p.getUserInfo(ctx, s) if err != nil { return fmt.Errorf(""failed to retrieve user info: %v"", err) } if !p.AllowUnverifiedEmail && !userInfo.EmailVerified { return fmt.Errorf(""user email is not verified"") } s.User = userInfo.Username s.Email = userInfo.Email for _, group := range userInfo.Groups { s.Groups = append(s.Groups, fmt.Sprintf(""group:%s"", group)) } p.addProjectsToSession(ctx, s) return nil }"
1011,"func (svc Service) CountSoftware(ctx context.Context, opt fleet.SoftwareListOptions) (int, error) { if err := svc.authz.Authorize(ctx, &fleet.Software{}, fleet.ActionRead); err != nil { return 0, err } return svc.ds.CountSoftware(ctx, opt) }",True,Go,CountSoftware,software.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func (p *GitLabProvider) addProjectsToSession(ctx context.Context, s *sessions.SessionState) { for _, project := range p.Projects { projectInfo, err := p.getProjectInfo(ctx, s, project.Name) if err != nil { logger.Errorf(""Warning: project info request failed: %v"", err) continue } if !projectInfo.Archived { perms := projectInfo.Permissions.ProjectAccess if perms == nil { perms = projectInfo.Permissions.GroupAccess if perms == nil { logger.Errorf(""Warning: user %q has no project level access to %s"", s.Email, project.Name) continue } } if perms != nil && perms.AccessLevel >= project.AccessLevel { s.Groups = append(s.Groups, fmt.Sprintf(""project:%s"", project.Name)) } else { logger.Errorf(""Warning: user %q does not have the minimum required access level for project %q"", s.Email, project.Name) } continue } logger.Errorf(""Warning: project %s is archived"", project.Name) } }"
1012,"func (svc Service) ListSoftware(ctx context.Context, opt fleet.SoftwareListOptions) ([]fleet.Software, error) { if err := svc.authz.Authorize(ctx, &fleet.Software{}, fleet.ActionRead); err != nil { return nil, err } if opt.OrderKey == """" { opt.OrderKey = ""hosts_count"" opt.OrderDirection = fleet.OrderDescending } opt.WithHostCounts = true return svc.ds.ListSoftware(ctx, opt) }",True,Go,ListSoftware,software.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func (p *OAuthProxy) IsValidRedirect(redirect string) bool { switch { case redirect == """": return false case strings.HasPrefix(redirect, ""/"") && !strings.HasPrefix(redirect, ""//"") && !invalidRedirectRegex.MatchString(redirect): return true case strings.HasPrefix(redirect, ""http: redirectURL, err := url.Parse(redirect) if err != nil { logger.Printf(""Rejecting invalid redirect %q: scheme unsupported or missing"", redirect) return false } redirectHostname := redirectURL.Hostname() for _, allowedDomain := range p.whitelistDomains { allowedHost, allowedPort := splitHostPort(allowedDomain) if allowedHost == """" { continue } if redirectHostname == strings.TrimPrefix(allowedHost, ""."") || (strings.HasPrefix(allowedHost, ""."") && strings.HasSuffix(redirectHostname, allowedHost)) { redirectPort := redirectURL.Port() if allowedPort == ""*"" || allowedPort == redirectPort || (allowedPort == """" && redirectPort == """") { return true } } } logger.Printf(""Rejecting invalid redirect %q: domain / port not in whitelist"", redirect) return false default: logger.Printf(""Rejecting invalid redirect %q: not an absolute or relative URL"", redirect) return false } }"
1015,"func TestService_ListSoftware(t *testing.T) { ds := new(mock.Store) var calledWithTeamID *uint var calledWithOpt fleet.SoftwareListOptions ds.ListSoftwareFunc = func(ctx context.Context, opt fleet.SoftwareListOptions) ([]fleet.Software, error) { calledWithTeamID = opt.TeamID calledWithOpt = opt return []fleet.Software{}, nil } user := &fleet.User{ID: 3, Email: ""foo@bar.com"", GlobalRole: ptr.String(fleet.RoleObserver)} svc := newTestService(t, ds, nil, nil) ctx := context.Background() ctx = viewer.NewContext(ctx, viewer.Viewer{User: user}) _, err := svc.ListSoftware(ctx, fleet.SoftwareListOptions{TeamID: ptr.Uint(42), ListOptions: fleet.ListOptions{PerPage: 77, Page: 4}}) require.NoError(t, err) assert.True(t, ds.ListSoftwareFuncInvoked) assert.Equal(t, ptr.Uint(42), calledWithTeamID) assert.Equal(t, fleet.ListOptions{PerPage: 77, Page: 4, OrderKey: ""hosts_count"", OrderDirection: fleet.OrderDescending}, calledWithOpt.ListOptions) assert.True(t, calledWithOpt.WithHostCounts) ds.ListSoftwareFuncInvoked = false _, err = svc.ListSoftware(ctx, fleet.SoftwareListOptions{TeamID: nil, ListOptions: fleet.ListOptions{PerPage: 11, Page: 2, OrderKey: ""id"", OrderDirection: fleet.OrderAscending}}) require.NoError(t, err) assert.True(t, ds.ListSoftwareFuncInvoked) assert.Nil(t, calledWithTeamID) assert.Equal(t, fleet.ListOptions{PerPage: 11, Page: 2, OrderKey: ""id"", OrderDirection: fleet.OrderAscending}, calledWithOpt.ListOptions) assert.True(t, calledWithOpt.WithHostCounts) }",True,Go,TestService_ListSoftware,software_test.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func Extract(rs io.Reader, dest string) error { dest = filepath.Clean(filepath.FromSlash(dest)) linkMap := make(map[int][]string) stream := NewCpioStream(rs) for { entry, err := stream.ReadNextEntry() if err != nil { return err } if entry.Header.filename == TRAILER { break } target := path.Clean(entry.Header.filename) for strings.HasPrefix(target, ""../"") { target = target[3:] } target = filepath.Join(dest, filepath.FromSlash(target)) if !strings.HasPrefix(target, dest+string(filepath.Separator)) && dest != target { return fmt.Errorf(""invalid cpio path %q"", entry.Header.filename) } parent := filepath.Dir(target) if err := os.MkdirAll(parent, 0755); err != nil { return err } switch entry.Header.Mode() &^ 07777 { case S_ISCHR: logger.Debug(""unpacking char device"") continue case S_ISBLK: logger.Debug(""unpacking block device"") continue case S_ISDIR: logger.Debug(""unpacking dir"") m := os.FileMode(entry.Header.Mode()).Perm() if err := os.Mkdir(target, m); err != nil && !os.IsExist(err) { return err } case S_ISFIFO: logger.Debug(""unpacking named pipe"") if err := fileutil.Mkfifo(target, uint32(entry.Header.Mode())); err != nil { return err } case S_ISLNK: logger.Debug(""unpacking symlink"") buf := make([]byte, entry.Header.c_filesize) if _, err := entry.payload.Read(buf); err != nil { return err } if err := os.Symlink(string(buf), target); err != nil { return err } case S_ISREG: logger.Debug(""unpacking regular file"") if entry.Header.c_nlink > 1 && entry.Header.c_filesize == 0 { logger.Debug(""regular file is a hard link"") l, ok := linkMap[entry.Header.c_ino] if !ok { l = make([]string, 0) } l = append(l, target) linkMap[entry.Header.c_ino] = l continue } f, err := os.Create(target) if err != nil { return err } written, err := io.Copy(f, entry.payload) if err != nil { return err } if written != int64(entry.Header.c_filesize) { logger.Debugf(""written: %d, filesize: %d"", written, entry.Header.c_filesize) return fmt.Errorf(""short write"") } if err := f.Close(); err != nil { return err } if entry.Header.c_nlink > 1 && entry.Header.c_filesize > 0 { l, ok := linkMap[entry.Header.c_ino] if !ok { return fmt.Errorf(""hardlinks missing"") } for _, t := range l { if err := os.Link(target, t); err != nil { return err } } } default: return fmt.Errorf(""unknown file mode 0%o for %s"", entry.Header.c_mode, entry.Header.filename) } } return nil }"
1018,"func (svc Service) TeamScheduleQuery(ctx context.Context, teamID uint, q *fleet.ScheduledQuery) (*fleet.ScheduledQuery, error) { if err := svc.authz.Authorize(ctx, &fleet.Pack{TeamIDs: []uint{teamID}}, fleet.ActionWrite); err != nil { return nil, err } gp, err := svc.ds.EnsureTeamPack(ctx, teamID) if err != nil { return nil, err } q.PackID = gp.ID return svc.unauthorizedScheduleQuery(ctx, q) }",True,Go,TeamScheduleQuery,team_schedule.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func (s *DiscoveryServer) authenticate(ctx context.Context) ([]string, error) { if !features.XDSAuth { return nil, nil } peerInfo, ok := peer.FromContext(ctx) if !ok { return nil, errors.New(""invalid context"") } if _, ok := peerInfo.AuthInfo.(credentials.TLSInfo); !ok && !AuthPlaintext { return nil, nil } am := security.AuthenticationManager{ Authenticators: s.Authenticators, } if u := am.Authenticate(ctx); u != nil { return u.Identities, nil } log.Errorf(""Failed to authenticate client from %s: %s"", peerInfo.Addr.String(), am.FailedMessages()) return nil, errors.New(""authentication failure"") }"
1019,"func (svc Service) GetTeamScheduledQueries(ctx context.Context, teamID uint, opts fleet.ListOptions) ([]*fleet.ScheduledQuery, error) { if err := svc.authz.Authorize(ctx, &fleet.Pack{TeamIDs: []uint{teamID}}, fleet.ActionRead); err != nil { return nil, err } gp, err := svc.ds.EnsureTeamPack(ctx, teamID) if err != nil { return nil, err } return svc.ds.ListScheduledQueriesInPackWithStats(ctx, gp.ID, opts) }",True,Go,GetTeamScheduledQueries,team_schedule.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func (ca *mockCAServer) CreateCertificate(ctx context.Context, in *pb.IstioCertificateRequest) (*pb.IstioCertificateResponse, error) { if ca.Authenticator != nil { am := security.AuthenticationManager{Authenticators: []security.Authenticator{ca.Authenticator}} caller := am.Authenticate(ctx) if caller == nil { return nil, status.Error(codes.Unauthenticated, ""request authenticate failure"") } } if ca.Err == nil { return &pb.IstioCertificateResponse{CertChain: ca.Certs}, nil } return nil, ca.Err }"
1022,"func (svc Service) ModifyTeamScheduledQueries(ctx context.Context, teamID uint, scheduledQueryID uint, query fleet.ScheduledQueryPayload) (*fleet.ScheduledQuery, error) { if err := svc.authz.Authorize(ctx, &fleet.Pack{TeamIDs: []uint{teamID}}, fleet.ActionWrite); err != nil { return nil, err } gp, err := svc.ds.EnsureTeamPack(ctx, teamID) if err != nil { return nil, err } query.PackID = ptr.Uint(gp.ID) return svc.unauthorizedModifyScheduledQuery(ctx, scheduledQueryID, query) }",True,Go,ModifyTeamScheduledQueries,team_schedule.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func (s *CAServer) CreateCertificate(ctx context.Context, request *pb.IstioCertificateRequest) ( *pb.IstioCertificateResponse, error, ) { caServerLog.Infof(""received CSR request"") if s.shouldReject() { caServerLog.Info(""force rejecting CSR request"") return nil, status.Error(codes.Unavailable, ""CA server is not available"") } if s.sendEmpty() { caServerLog.Info(""force sending empty cert chain in CSR response"") response := &pb.IstioCertificateResponse{ CertChain: []string{}, } return response, nil } id := []string{""client-identity""} if len(s.Authenticators) > 0 { am := security.AuthenticationManager{Authenticators: s.Authenticators} caller := am.Authenticate(ctx) if caller == nil { caServerLog.Errorf(""Failed to authenticate client from %s: %s"", security.GetConnectionAddress(ctx), am.FailedMessages()) return nil, status.Error(codes.Unauthenticated, ""request authenticate failure"") } id = caller.Identities } cert, err := s.sign([]byte(request.Csr), id, time.Duration(request.ValidityDuration)*time.Second, false) if err != nil { caServerLog.Errorf(""failed to sign CSR: %+v"", err) return nil, status.Errorf(err.(*caerror.Error).HTTPErrorCode(), ""CSR signing error: %+v"", err.(*caerror.Error)) } respCertChain := []string{string(cert)} respCertChain = append(respCertChain, string(s.certPem)) response := &pb.IstioCertificateResponse{ CertChain: respCertChain, } caServerLog.Info(""send back CSR success response"") return response, nil }"
1024,"func (svc Service) DeleteTeamScheduledQueries(ctx context.Context, teamID uint, scheduledQueryID uint) error { if err := svc.authz.Authorize(ctx, &fleet.Pack{TeamIDs: []uint{teamID}}, fleet.ActionWrite); err != nil { return err } return svc.ds.DeleteScheduledQuery(ctx, scheduledQueryID) }",True,Go,DeleteTeamScheduledQueries,team_schedule.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func (s *Server) CreateCertificate(ctx context.Context, request *pb.IstioCertificateRequest) ( *pb.IstioCertificateResponse, error, ) { s.monitoring.CSR.Increment() am := security.AuthenticationManager{Authenticators: s.Authenticators} caller := am.Authenticate(ctx) if caller == nil { s.monitoring.AuthnError.Increment() return nil, status.Error(codes.Unauthenticated, ""request authenticate failure"") } crMetadata := request.Metadata.GetFields() certSigner := crMetadata[security.CertSigner].GetStringValue() log.Debugf(""cert signer from workload %s"", certSigner) _, _, certChainBytes, rootCertBytes := s.ca.GetCAKeyCertBundle().GetAll() certOpts := ca.CertOpts{ SubjectIDs: caller.Identities, TTL: time.Duration(request.ValidityDuration) * time.Second, ForCA: false, CertSigner: certSigner, } var signErr error var cert []byte var respCertChain []string if certSigner == """" { cert, signErr = s.ca.Sign([]byte(request.Csr), certOpts) } else { respCertChain, signErr = s.ca.SignWithCertChain([]byte(request.Csr), certOpts) } if signErr != nil { serverCaLog.Errorf(""CSR signing error (%v)"", signErr.Error()) s.monitoring.GetCertSignError(signErr.(*caerror.Error).ErrorType()).Increment() return nil, status.Errorf(signErr.(*caerror.Error).HTTPErrorCode(), ""CSR signing error (%v)"", signErr.(*caerror.Error)) } if certSigner == """" { respCertChain = []string{string(cert)} if len(certChainBytes) != 0 { respCertChain = append(respCertChain, string(certChainBytes)) } } if len(rootCertBytes) != 0 { respCertChain = append(respCertChain, string(rootCertBytes)) } response := &pb.IstioCertificateResponse{ CertChain: respCertChain, } s.monitoring.Success.Increment() serverCaLog.Debug(""CSR successfully signed."") return response, nil }"
1027,"func (svc *Service) User(ctx context.Context, id uint) (*fleet.User, error) { if err := svc.authz.Authorize(ctx, &fleet.User{ID: id}, fleet.ActionRead); err != nil { return nil, err } return svc.ds.UserByID(ctx, id) }",True,Go,User,users.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func TestCreateCertificate(t *testing.T) { testCases := map[string]struct { authenticators []security.Authenticator ca CertificateAuthority certChain []string code codes.Code }{ ""No authenticator"": { authenticators: nil, code: codes.Unauthenticated, ca: &mockca.FakeCA{}, }, ""Unauthenticated request"": { authenticators: []security.Authenticator{&mockAuthenticator{ errMsg: ""Not authorized"", }}, code: codes.Unauthenticated, ca: &mockca.FakeCA{}, }, ""CA not ready"": { authenticators: []security.Authenticator{&mockAuthenticator{identities: []string{""test-identity""}}}, ca: &mockca.FakeCA{SignErr: caerror.NewError(caerror.CANotReady, fmt.Errorf(""cannot sign""))}, code: codes.Internal, }, ""Invalid CSR"": { authenticators: []security.Authenticator{&mockAuthenticator{identities: []string{""test-identity""}}}, ca: &mockca.FakeCA{SignErr: caerror.NewError(caerror.CSRError, fmt.Errorf(""cannot sign""))}, code: codes.InvalidArgument, }, ""Invalid TTL"": { authenticators: []security.Authenticator{&mockAuthenticator{identities: []string{""test-identity""}}}, ca: &mockca.FakeCA{SignErr: caerror.NewError(caerror.TTLError, fmt.Errorf(""cannot sign""))}, code: codes.InvalidArgument, }, ""Failed to sign"": { authenticators: []security.Authenticator{&mockAuthenticator{identities: []string{""test-identity""}}}, ca: &mockca.FakeCA{SignErr: caerror.NewError(caerror.CertGenError, fmt.Errorf(""cannot sign""))}, code: codes.Internal, }, ""Successful signing"": { authenticators: []security.Authenticator{&mockAuthenticator{identities: []string{""test-identity""}}}, ca: &mockca.FakeCA{ SignedCert: []byte(""cert""), KeyCertBundle: util.NewKeyCertBundleFromPem(nil, nil, []byte(""cert_chain""), []byte(""root_cert"")), }, certChain: []string{""cert"", ""cert_chain"", ""root_cert""}, code: codes.OK, }, } for id, c := range testCases { server := &Server{ ca: c.ca, Authenticators: c.authenticators, monitoring: newMonitoringMetrics(), } request := &pb.IstioCertificateRequest{Csr: ""dumb CSR""} response, err := server.CreateCertificate(context.Background(), request) s, _ := status.FromError(err) code := s.Code() if c.code != code { t.Errorf(""Case %s: expecting code to be (%d) but got (%d): %s"", id, c.code, code, s.Message()) } else if c.code == codes.OK { if len(response.CertChain) != len(c.certChain) { t.Errorf(""Case %s: expecting cert chain length to be (%d) but got (%d)"", id, len(c.certChain), len(response.CertChain)) } for i, v := range response.CertChain { if v != c.certChain[i] { t.Errorf(""Case %s: expecting cert to be (%s) but got (%s) at position [%d] of cert chain."", id, c.certChain, v, i) } } } } }"
1028,"func (svc *Service) DeleteUser(ctx context.Context, id uint) error { if err := svc.authz.Authorize(ctx, &fleet.User{ID: id}, fleet.ActionWrite); err != nil { return err } return svc.ds.DeleteUser(ctx, id) }",True,Go,DeleteUser,users.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func extractTarDirectory(root, prefix string, r io.Reader) error { tr := tar.NewReader(r) for { header, err := tr.Next() if err != nil { if err == io.EOF { return nil } return err } name := header.Name path, err := ensureBasePath(root, prefix, name) if err != nil { return err } path = filepath.Join(root, path) switch header.Typeflag { case tar.TypeLink, tar.TypeSymlink: link := header.Linkname if !filepath.IsAbs(link) { link = filepath.Join(filepath.Dir(name), link) } if _, err := ensureBasePath(root, prefix, link); err != nil { return err } } switch header.Typeflag { case tar.TypeReg: err = writeFile(path, tr, header.FileInfo().Mode()) case tar.TypeDir: err = os.MkdirAll(path, header.FileInfo().Mode()) case tar.TypeLink: err = os.Link(header.Linkname, path) case tar.TypeSymlink: err = os.Symlink(header.Linkname, path) default: continue } if err != nil { return err } os.Chtimes(path, header.AccessTime, header.ModTime) } }"
1029,"func (svc *Service) ListUsers(ctx context.Context, opt fleet.UserListOptions) ([]*fleet.User, error) { if err := svc.authz.Authorize(ctx, &fleet.User{}, fleet.ActionRead); err != nil { return nil, err } return svc.ds.ListUsers(ctx, opt) }",True,Go,ListUsers,users.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func (a *APIs) PostLogin(v *PostLoginReq) *kongchuanhujiao.Response { if account.VerifyCode(v.ID, v.Code) || v.Code == """" { return kongchuanhujiao.GenerateErrResp(1, ""验证码有误"") } now := time.Now() t, err := jwt.NewTokenWithClaims(jwt.SigningMethodES256, jwt.MapClaims{ ""iss"": config.GetJWTConf().Iss, ""sub"": v.ID, ""exp"": now.AddDate(0, 1, 0).Unix(), ""nbf"": now.Unix(), ""iat"": now.Unix(), }).SignedString(config.GetJWTConf().Key) if err != nil { logger.Error(""生成 JWT Token 失败"", zap.Error(err)) return kongchuanhujiao.DefaultErrResp } return &kongchuanhujiao.Response{Message: t} }"
1030,"func (svc *Service) ModifyUser(ctx context.Context, userID uint, p fleet.UserPayload) (*fleet.User, error) { if err := svc.authz.Authorize(ctx, &fleet.User{}, fleet.ActionRead); err != nil { return nil, err } user, err := svc.User(ctx, userID) if err != nil { return nil, err } if err := svc.authz.Authorize(ctx, user, fleet.ActionWrite); err != nil { return nil, err } vc, ok := viewer.FromContext(ctx) if !ok { return nil, ctxerr.New(ctx, ""viewer not present"") } ownUser := vc.UserID() == userID if err := p.VerifyModify(ownUser); err != nil { return nil, ctxerr.Wrap(ctx, err, ""verify user payload"") } if p.GlobalRole != nil || p.Teams != nil { if err := svc.authz.Authorize(ctx, user, fleet.ActionWriteRole); err != nil { return nil, err } } if p.NewPassword != nil { if err := svc.authz.Authorize(ctx, user, fleet.ActionChangePassword); err != nil { return nil, err } if err := fleet.ValidatePasswordRequirements(*p.NewPassword); err != nil { return nil, ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError(""new_password"", err.Error())) } if ownUser { if err := vc.User.ValidatePassword(*p.NewPassword); err == nil { return nil, ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError(""new_password"", ""cannot reuse old password"")) } if err := vc.User.ValidatePassword(*p.Password); err != nil { return nil, ctxerr.Wrap(ctx, fleet.NewPermissionError(""incorrect password"")) } } } if p.Name != nil { user.Name = *p.Name } if p.Email != nil && *p.Email != user.Email { err = svc.modifyEmailAddress(ctx, user, *p.Email, p.Password) if err != nil { return nil, err } } if p.Position != nil { user.Position = *p.Position } if p.GravatarURL != nil { user.GravatarURL = *p.GravatarURL } if p.SSOEnabled != nil { user.SSOEnabled = *p.SSOEnabled } currentUser := authz.UserFromContext(ctx) if p.GlobalRole != nil && *p.GlobalRole != """" { if currentUser.GlobalRole == nil { return nil, ctxerr.New(ctx, ""Cannot edit global role as a team member"") } if p.Teams != nil && len(*p.Teams) > 0 { return nil, fleet.NewInvalidArgumentError(""teams"", ""may not be specified with global_role"") } user.GlobalRole = p.GlobalRole user.Teams = []fleet.UserTeam{} } else if p.Teams != nil { if !isAdminOfTheModifiedTeams(currentUser, user.Teams, *p.Teams) { return nil, ctxerr.New(ctx, ""Cannot modify teams in that way"") } user.Teams = *p.Teams user.GlobalRole = nil } if p.NewPassword != nil { err = svc.setNewPassword(ctx, user, *p.NewPassword) } else { err = svc.saveUser(ctx, user) } if err != nil { return nil, err } return user, nil }",True,Go,ModifyUser,users.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2022-04-18 10:27:30-07:00,"Merge pull request from GHSA-pr2g-j78h-84cr

* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated ""Why do we use a wireframe-first approach?"" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under ""empathy"" and to fix the spelling of ""help text.""
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-24841,"func sendCode(id string) (err error) { a, err := account.SelectAccount(id, 0) if err != nil { logger.Error(""发送验证码失败"", zap.Error(err)) return } if len(a) == 0 { return errors.New(""账号不存在"") } client.GetClient().SendMessage( message.NewTextMessage(""您的验证码是："" + account.GenerateCode(id) + ""，请勿泄露给他人。有效期5分钟""). SetTarget(&message.Target{ID: a[0].QQ}), ) return }"
1038,"func (v *validator) ValidateSignature(auth kolide.Auth) (kolide.Auth, error) { info := auth.(*resp) status, err := info.status() if err != nil { return nil, errors.New(""missing or malformed response"") } if status != Success { return nil, errors.Errorf(""response status %s"", info.statusDescription()) } decoded, err := base64.StdEncoding.DecodeString(info.rawResponse()) if err != nil { return nil, errors.Wrap(err, ""based64 decoding response"") } doc := etree.NewDocument() err = doc.ReadFromBytes(decoded) if err != nil || doc.Root() == nil { return nil, errors.Wrap(err, ""parsing xml response"") } elt := doc.Root() signed, err := v.validateSignature(elt) if err != nil { return nil, errors.Wrap(err, ""signing verification failed"") } signedDoc := etree.NewDocument() signedDoc.SetRoot(signed) buffer, err := signedDoc.WriteToBytes() if err != nil { return nil, errors.Wrap(err, ""creating signed doc buffer"") } var response Response err = xml.Unmarshal(buffer, &response) if err != nil { return nil, errors.Wrap(err, ""unmarshalling signed doc"") } info.setResponse(&response) return info, nil }",True,Go,ValidateSignature,validate.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2020-12-14 18:14:14-08:00,"Merge pull request from GHSA-w3wf-cfx3-6gcx

* Update github.com/russellhaering/goxmldsig

* Update signature validation to include Mattermost XML validator",CWE-290,Authentication Bypass by Spoofing,This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.,https://cwe.mitre.org/data/definitions/290.html,CVE-2020-26276,"func checkAllowlist(r *library.Repo, allowlist []string) bool { if len(allowlist) == 1 && allowlist[0] == ""*"" { return true } for _, repo := range allowlist { if strings.Contains(repo, ""/*"") { if strings.HasPrefix(repo, r.GetOrg()) { return true } } if repo == r.GetFullName() { return true } } return false }"
1041,"func makeStreamDistributedQueryCampaignResultsHandler(svc kolide.Service, jwtKey string, logger kitlog.Logger) http.Handler { opt := sockjs.DefaultOptions opt.Websocket = true opt.RawWebsocket = true return sockjs.NewHandler(""/api/v1/kolide/results"", opt, func(session sockjs.Session) { defer session.Close(0, ""none"") conn := &websocket.Conn{Session: session} token, err := conn.ReadAuthToken() if err != nil { logger.Log(""err"", err, ""msg"", ""failed to read auth token"") return } vc, err := authViewer(context.Background(), jwtKey, token, svc) if err != nil || !vc.CanPerformActions() { logger.Log(""err"", err, ""msg"", ""unauthorized viewer"") conn.WriteJSONError(""unauthorized"") return } ctx := viewer.NewContext(context.Background(), *vc) msg, err := conn.ReadJSONMessage() if err != nil { logger.Log(""err"", err, ""msg"", ""reading select_campaign JSON"") conn.WriteJSONError(""error reading select_campaign"") return } if msg.Type != ""select_campaign"" { logger.Log(""err"", ""unexpected msg type, expected select_campaign"", ""msg-type"", msg.Type) conn.WriteJSONError(""expected select_campaign"") return } var info struct { CampaignID uint `json:""campaign_id""` } err = json.Unmarshal(*(msg.Data.(*json.RawMessage)), &info) if err != nil { logger.Log(""err"", err, ""msg"", ""unmarshaling select_campaign data"") conn.WriteJSONError(""error unmarshaling select_campaign data"") return } if info.CampaignID == 0 { logger.Log(""err"", ""campaign ID not set"") conn.WriteJSONError(""0 is not a valid campaign ID"") return } svc.StreamCampaignResults(ctx, conn, info.CampaignID) }) }",True,Go,makeStreamDistributedQueryCampaignResultsHandler,endpoint_campaigns.go,https://github.com/fleetdm/fleet,fleetdm,GitHub,2021-02-03 08:47:43-08:00,"Merge pull request from GHSA-xwh8-9p3f-3x45

- Fix the specific case that caused panic.
- Add panic handler around entire live query results handler. This will
  prevent similar issues from causing crashes in the future.

Note that other endpoints already have panic handling but this one is
special due to the use of websockets.",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2021-21296,"patches.forEach(patch => { const {path, op} = patch let base: any = draft for (let i = 0; i < path.length - 1; i++) { const parentType = getArchtype(base) const p = """" + path[i] if ( (parentType === Archtype.Object || parentType === Archtype.Array) && (p === ""__proto__"" || p === ""constructor"") ) die(24) if (typeof base === ""function"" && p === ""prototype"") die(24) base = get(base, p) if (typeof base !== ""object"") die(15, path.join(""/"")) }"
1042,"func unpackTarFiles(reader *tar.Reader) (err error) { var header *tar.Header var count int = 0 var reSlash = regexp.MustCompile(`/.*`) innerDir := """" for { if header, err = reader.Next(); err != nil { if err == io.EOF { condPrint(""Files "", false, CHATTY) condPrint(strconv.Itoa(count), true, 1) return nil } return err } filemode := os.FileMode(header.Mode) filename := sanitizedName(header.Name) fileDir := path.Dir(filename) upperDir := reSlash.ReplaceAllString(fileDir, """") if innerDir != """" { if upperDir != innerDir { return fmt.Errorf(""found more than one directory inside the tarball\n""+ ""<%s> and <%s>"", upperDir, innerDir) } } else { innerDir = upperDir } if _, err = os.Stat(fileDir); os.IsNotExist(err) { if err = os.MkdirAll(fileDir, globals.PublicDirectoryAttr); err != nil { return err } condPrint("" + ""+fileDir+"" "", true, CHATTY) } if header.Typeflag == 0 { header.Typeflag = tar.TypeReg } switch header.Typeflag { case tar.TypeDir: if err = os.MkdirAll(filename, globals.PublicDirectoryAttr); err != nil { return err } case tar.TypeReg: if err = unpackTarFile(filename, reader); err != nil { return err } err = os.Chmod(filename, filemode) if err != nil { return err } count++ condPrint(filename, true, CHATTY) if count%10 == 0 { mark := ""."" if count%100 == 0 { mark = strconv.Itoa(count) } if Verbose < CHATTY { condPrint(mark, false, 1) } } case tar.TypeSymlink: if header.Linkname != """" { condPrint(fmt.Sprintf(""%s -> %s"", filename, header.Linkname), true, CHATTY) err = os.Symlink(header.Linkname, filename) if err != nil { return fmt.Errorf(""%#v\n#ERROR: %s"", header, err) } } else { return fmt.Errorf(""file %s is a symlink, but no link information was provided"", filename) } } } }",True,Go,unpackTarFiles,unpack.go,https://github.com/datacharmer/dbdeployer,datacharmer,Giuseppe Maxia,2020-12-16 19:42:30+01:00,"Prevent arbitrary symlinks from tarballs

If a tarball had a symlink pointing outside the extract directory,
it would be extracted without complain. Now, such a symlink will
generate an error.",CWE-59,Improper Link Resolution Before File Access ('Link Following'),"The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.",https://cwe.mitre.org/data/definitions/59.html,CVE-2020-26277,"patches.forEach(patch => { const {path, op} = patch let base: any = draft for (let i = 0; i < path.length - 1; i++) { const parentType = getArchtype(base) const p = """" + path[i] if ( (parentType === Archtype.Object || parentType === Archtype.Array) && (p === ""__proto__"" || p === ""constructor"") ) die(24) if (typeof base === ""function"" && p === ""prototype"") die(24) base = get(base, p) if (typeof base !== ""object"") die(15, path.join(""/"")) }"
1046,"func UnpackXzTar(filename string, destination string, verbosityLevel int) (err error) { Verbose = verbosityLevel if !common.FileExists(filename) { return fmt.Errorf(""file %s not found"", filename) } if !common.DirExists(destination) { return fmt.Errorf(""directory %s not found"", destination) } filename, err = common.AbsolutePath(filename) if err != nil { return err } err = os.Chdir(destination) if err != nil { return errors.Wrapf(err, ""error changing directory to %s"", destination) } f, err := os.Open(filename) if err != nil { return err } defer f.Close() r, err := xz.NewReader(f, 0) if err != nil { return err } tr := tar.NewReader(r) return unpackTarFiles(tr) }",True,Go,UnpackXzTar,unpack.go,https://github.com/datacharmer/dbdeployer,datacharmer,Giuseppe Maxia,2020-12-16 19:42:30+01:00,"Prevent arbitrary symlinks from tarballs

If a tarball had a symlink pointing outside the extract directory,
it would be extracted without complain. Now, such a symlink will
generate an error.",CWE-59,Improper Link Resolution Before File Access ('Link Following'),"The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.",https://cwe.mitre.org/data/definitions/59.html,CVE-2020-26277,"patches.forEach(patch => { const {path, op} = patch let base: any = draft for (let i = 0; i < path.length - 1; i++) { const parentType = getArchtype(base) const p = """" + path[i] if ( (parentType === Archtype.Object || parentType === Archtype.Array) && (p === ""__proto__"" || p === ""constructor"") ) die(24) if (typeof base === ""function"" && p === ""prototype"") die(24) base = get(base, p) if (typeof base !== ""object"") die(15, path.join(""/"")) }"
1048,"func UnpackTar(filename string, destination string, verbosityLevel int) (err error) { Verbose = verbosityLevel f, err := os.Stat(destination) if os.IsNotExist(err) { return fmt.Errorf(""destination directory '%s' does not exist"", destination) } filemode := f.Mode() if !filemode.IsDir() { return fmt.Errorf(""destination '%s' is not a directory"", destination) } if !validSuffix(filename) { return fmt.Errorf(""unrecognized archive suffix"") } var file *os.File if file, err = os.Open(filename); err != nil { return err } defer file.Close() err = os.Chdir(destination) if err != nil { return errors.Wrapf(err, ""error changing directory to %s"", destination) } var fileReader io.Reader = file var decompressor *gzip.Reader if strings.HasSuffix(filename, globals.GzExt) { if decompressor, err = gzip.NewReader(file); err != nil { return err } defer decompressor.Close() } var reader *tar.Reader if decompressor != nil { reader = tar.NewReader(decompressor) } else { reader = tar.NewReader(fileReader) } return unpackTarFiles(reader) }",True,Go,UnpackTar,unpack.go,https://github.com/datacharmer/dbdeployer,datacharmer,Giuseppe Maxia,2020-12-16 19:42:30+01:00,"Prevent arbitrary symlinks from tarballs

If a tarball had a symlink pointing outside the extract directory,
it would be extracted without complain. Now, such a symlink will
generate an error.",CWE-59,Improper Link Resolution Before File Access ('Link Following'),"The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.",https://cwe.mitre.org/data/definitions/59.html,CVE-2020-26277,"patches.forEach(patch => { const {path, op} = patch let base: any = draft for (let i = 0; i < path.length - 1; i++) { const parentType = getArchtype(base) const p = """" + path[i] if ( (parentType === Archtype.Object || parentType === Archtype.Array) && (p === ""__proto__"" || p === ""constructor"") ) die(24) if (typeof base === ""function"" && p === ""prototype"") die(24) base = get(base, p) if (typeof base !== ""object"") die(15, path.join(""/"")) }"
1049,"func Render(tmpl string, s *types.Step) (types.StepSlice, error) { buffer := new(bytes.Buffer) config := new(types.Build) velaFuncs := funcHandler{envs: convertPlatformVars(s.Environment)} templateFuncMap := map[string]interface{}{ ""vela"": velaFuncs.returnPlatformVar, } t, err := template.New(s.Name).Funcs(sprig.TxtFuncMap()).Funcs(templateFuncMap).Parse(tmpl) if err != nil { return types.StepSlice{}, fmt.Errorf(""unable to parse template %s: %v"", s.Template.Name, err) } err = t.Execute(buffer, s.Template.Variables) if err != nil { return types.StepSlice{}, fmt.Errorf(""unable to execute template %s: %v"", s.Template.Name, err) } err = yaml.Unmarshal(buffer.Bytes(), config) if err != nil { return types.StepSlice{}, fmt.Errorf(""unable to unmarshal yaml: %v"", err) } for index, newStep := range config.Steps { config.Steps[index].Name = fmt.Sprintf(""%s_%s"", s.Name, newStep.Name) } return config.Steps, nil }",True,Go,Render,render.go,https://github.com/go-vela/compiler,go-vela,GitHub,2020-12-29 14:50:15-06:00,fix: disallow functions (#93),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2020-26294,"func readUvarint(r io.ByteReader) (x uint64, n int, err error) { const maxUvarintLen = 10 var s uint i := 0 for { b, err := r.ReadByte() if err != nil { return x, i, err } i++ if i > maxUvarintLen { return x, i, errOverflowU64 } if b < 0x80 { if i == maxUvarintLen && b > 1 { return x, i, errOverflowU64 } return x | uint64(b)<<s, i, nil } x |= uint64(b&0x7f) << s s += 7 } }"
1054,"func UpdateMetaDataInRxInfoSet(ctx context.Context, db sqlx.Queryer, rxInfo []*gw.UplinkRXInfo) error { for i := range rxInfo { id := helpers.GetGatewayID(rxInfo[i]) g, err := storage.GetAndCacheGateway(ctx, db, id) if err != nil { log.WithFields(log.Fields{ ""ctx_id"": ctx.Value(logging.ContextIDKey), ""gateway_id"": id, }).WithError(err).Error(""get gateway error"") continue } rxInfo[i].Location = &common.Location{ Latitude: g.Location.Latitude, Longitude: g.Location.Longitude, Altitude: g.Altitude, } var board storage.GatewayBoard if int(rxInfo[i].Board) < len(g.Boards) { board = g.Boards[int(rxInfo[i].Board)] } if rxInfo[i].FineTimestampType == gw.FineTimestampType_ENCRYPTED && board.FPGAID != nil { tsInfo := rxInfo[i].GetEncryptedFineTimestamp() if tsInfo == nil { log.WithFields(log.Fields{ ""ctx_id"": ctx.Value(logging.ContextIDKey), ""gateway_id"": id, }).Error(""encrypted_fine_timestamp must not be nil"") continue } if len(tsInfo.FpgaId) == 0 { tsInfo.FpgaId = board.FPGAID[:] } } if rxInfo[i].FineTimestampType == gw.FineTimestampType_ENCRYPTED && board.FineTimestampKey != nil { tsInfo := rxInfo[i].GetEncryptedFineTimestamp() if tsInfo == nil { log.WithFields(log.Fields{ ""ctx_id"": ctx.Value(logging.ContextIDKey), ""gateway_id"": id, }).Error(""encrypted_fine_timestamp must not be nil"") continue } if rxInfo[i].Time == nil { log.WithFields(log.Fields{ ""ctx_id"": ctx.Value(logging.ContextIDKey), ""gateway_id"": id, }).Error(""time must not be nil"") continue } rxTime, err := ptypes.Timestamp(rxInfo[i].Time) if err != nil { log.WithFields(log.Fields{ ""ctx_id"": ctx.Value(logging.ContextIDKey), ""gateway_id"": id, }).WithError(err).Error(""get timestamp error"") } plainTS, err := decryptFineTimestamp(*board.FineTimestampKey, rxTime, *tsInfo) if err != nil { log.WithFields(log.Fields{ ""ctx_id"": ctx.Value(logging.ContextIDKey), ""gateway_id"": id, }).WithError(err).Error(""decrypt fine-timestamp error"") continue } rxInfo[i].FineTimestampType = gw.FineTimestampType_PLAIN rxInfo[i].FineTimestamp = &gw.UplinkRXInfo_PlainFineTimestamp{ PlainFineTimestamp: &plainTS, } } } return nil }",True,Go,UpdateMetaDataInRxInfoSet,rx_info.go,https://github.com/brocaar/chirpstack-network-server,brocaar,Orne Brocaar,2020-07-09 08:45:02+02:00,Improve error handling of unknown gateways.,CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2020-28349,"func TestTreeRouters(t *testing.T) { for _, r := range routers { shouldMatch := r.shouldMatchOrNot tr := NewTree() tr.AddRouter(r.pattern, ""astaxie"") ctx := context.NewContext() obj := tr.Match(r.requestUrl, ctx) if !shouldMatch { if obj != nil { t.Fatal(""pattern:"", r.pattern, "", should not match"", r.requestUrl) } else { continue } } if obj == nil || obj.(string) != ""astaxie"" { t.Fatal(""pattern:"", r.pattern+"", can't match obj, Expect "", r.requestUrl) } if r.params != nil { for k, v := range r.params { if vv := ctx.Input.Param(k); vv != v { t.Fatal(""The Rule: "" + r.pattern + ""\nThe RequestURL:"" + r.requestUrl + ""\nThe Key is "" + k + "", The Value should be: "" + v + "", but get: "" + vv) } else if vv == """" && v != """" { t.Fatal(r.pattern + "" "" + r.requestUrl + "" get param empty:"" + k) } } } } time.Sleep(time.Second) }"
1060,"func (b *Backend) rxPacketHandler(c paho.Client, msg paho.Message) { b.wg.Add(1) defer b.wg.Done() var uplinkFrame gw.UplinkFrame t, err := marshaler.UnmarshalUplinkFrame(msg.Payload(), &uplinkFrame) if err != nil { log.WithFields(log.Fields{ ""data_base64"": base64.StdEncoding.EncodeToString(msg.Payload()), }).WithError(err).Error(""gateway/mqtt: unmarshal uplink frame error"") return } if uplinkFrame.TxInfo == nil { log.WithFields(log.Fields{ ""data_base64"": base64.StdEncoding.EncodeToString(msg.Payload()), }).Error(""gateway/mqtt: tx_info must not be nil"") return } if uplinkFrame.RxInfo == nil { log.WithFields(log.Fields{ ""data_base64"": base64.StdEncoding.EncodeToString(msg.Payload()), }).Error(""gateway/mqtt: rx_info must not be nil"") return } gatewayID := helpers.GetGatewayID(uplinkFrame.RxInfo) b.setGatewayMarshaler(gatewayID, t) uplinkID := helpers.GetUplinkID(uplinkFrame.RxInfo) log.WithFields(log.Fields{ ""uplink_id"": uplinkID, ""gateway_id"": gatewayID, }).Info(""gateway/mqtt: uplink frame received"") key := fmt.Sprintf(""lora:ns:uplink:lock:%s:%d:%d:%d:%s"", gatewayID, uplinkFrame.TxInfo.Frequency, uplinkFrame.RxInfo.Board, uplinkFrame.RxInfo.Antenna, hex.EncodeToString(uplinkFrame.PhyPayload)) if locked, err := b.isLocked(key); err != nil || locked { if err != nil { log.WithError(err).WithFields(log.Fields{ ""uplink_id"": uplinkID, ""key"": key, }).Error(""gateway/mqtt: acquire lock error"") } return } b.rxPacketChan <- uplinkFrame }",True,Go,rxPacketHandler,backend.go,https://github.com/brocaar/chirpstack-network-server,brocaar,Orne Brocaar,2020-08-31 15:28:32+01:00,"Improve uplink de-duplication.

This removes the de-duplication at the MQTT backend. Some MQTT brokers
provide shared subscription options in which case this additional
de-duplication is not needed.

For MQTT brokers that do not support shared subscriptions, the
collectAndCallOnce function will still filter out duplicated uplinks.

By adding the TXInfo object (hex encoded) to the de-duplication key,
uplink messages received on multiple channels will be handled
separately as they will result in different de-duplication keys.",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2020-28349,"func (m *M) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAsym } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: M: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: M: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Arr"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAsym } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthAsym } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAsym } if postIndex > l { return io.ErrUnexpectedEOF } var v MyType m.Arr = append(m.Arr, v) if err := m.Arr[len(m.Arr)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAsym(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAsym } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1062,"func collectAndCallOnce(rxPacket gw.UplinkFrame, callback func(packet models.RXPacket) error) error { phyKey := hex.EncodeToString(rxPacket.PhyPayload) key := fmt.Sprintf(CollectKeyTempl, phyKey) lockKey := fmt.Sprintf(CollectLockKeyTempl, phyKey) deduplicationTTL := deduplicationDelay * 2 if deduplicationTTL < time.Millisecond*200 { deduplicationTTL = time.Millisecond * 200 } if err := collectAndCallOncePut(key, deduplicationTTL, rxPacket); err != nil { return err } if locked, err := collectAndCallOnceLocked(lockKey, deduplicationTTL); err != nil || locked { return err } time.Sleep(deduplicationDelay) payloads, err := collectAndCallOnceCollect(key) if err != nil { return errors.Wrap(err, ""get deduplication set members error"") } if len(payloads) == 0 { return errors.New(""zero items in collect set"") } var out models.RXPacket for i, b := range payloads { var uplinkFrame gw.UplinkFrame if err := proto.Unmarshal(b, &uplinkFrame); err != nil { return errors.Wrap(err, ""unmarshal uplink frame error"") } if uplinkFrame.TxInfo == nil { log.Warning(""tx-info of uplink frame is empty, skipping"") continue } if uplinkFrame.RxInfo == nil { log.Warning(""rx-info of uplink frame is empty, skipping"") continue } if i == 0 { var phy lorawan.PHYPayload if err := phy.UnmarshalBinary(uplinkFrame.PhyPayload); err != nil { return errors.Wrap(err, ""unmarshal phypayload error"") } out.PHYPayload = phy dr, err := helpers.GetDataRateIndex(true, uplinkFrame.TxInfo, band.Band()) if err != nil { return errors.Wrap(err, ""get data-rate index error"") } out.DR = dr } out.TXInfo = uplinkFrame.TxInfo out.RXInfoSet = append(out.RXInfoSet, uplinkFrame.RxInfo) } return callback(out) }",True,Go,collectAndCallOnce,collect.go,https://github.com/brocaar/chirpstack-network-server,brocaar,Orne Brocaar,2020-08-31 15:28:32+01:00,"Improve uplink de-duplication.

This removes the de-duplication at the MQTT backend. Some MQTT brokers
provide shared subscription options in which case this additional
de-duplication is not needed.

For MQTT brokers that do not support shared subscriptions, the
collectAndCallOnce function will still filter out duplicated uplinks.

By adding the TXInfo object (hex encoded) to the de-duplication key,
uplink messages received on multiple channels will be handled
separately as they will result in different de-duplication keys.",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2020-28349,"func (m *MyType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAsym } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipAsym(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAsym } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1065,"func TestStaticFilesDelivery(t *testing.T) { importPath := filepath.Join(testdataBaseDir(), ""webapp1"") ts := newTestServer(t, importPath) defer ts.Close() t.Logf(""Test Server URL [Static Files Delivery]: %s"", ts.URL) httpClient := new(http.Client) t.Log(""Static File - /robots.txt"") resp, err := httpClient.Get(ts.URL + ""/robots.txt"") assert.Nil(t, err) assert.Equal(t, 200, resp.StatusCode) assert.True(t, strings.Contains(responseBody(resp), ""User-agent: *"")) assert.Equal(t, ""no-cache, no-store, must-revalidate"", resp.Header.Get(ahttp.HeaderCacheControl)) t.Log(""Static File - /assets/css/aah.css"") resp, err = httpClient.Get(ts.URL + ""/assets/css/aah.css"") assert.Nil(t, err) assert.Equal(t, 200, resp.StatusCode) assert.True(t, strings.Contains(responseBody(resp), ""Minimal aah framework application template CSS."")) assert.Equal(t, ""no-cache, no-store, must-revalidate"", resp.Header.Get(ahttp.HeaderCacheControl)) t.Log(""Directory Listing - /assets"") resp, err = httpClient.Get(ts.URL + ""/assets"") assert.Nil(t, err) assert.Equal(t, 200, resp.StatusCode) body := responseBody(resp) assert.True(t, strings.Contains(body, ""<title>Listing of /assets/</title>"")) assert.True(t, strings.Contains(body, ""<h1>Listing of /assets/</h1><hr>"")) assert.True(t, strings.Contains(body, `<a href=""robots.txt"">robots.txt</a>`)) assert.Equal(t, """", resp.Header.Get(ahttp.HeaderCacheControl)) t.Log(""Static File - /assets/img/aah-framework-logo.png"") resp, err = httpClient.Get(ts.URL + ""/assets/img/aah-framework-logo.png"") assert.Nil(t, err) assert.Equal(t, 200, resp.StatusCode) assert.Equal(t, ""image/png"", resp.Header.Get(ahttp.HeaderContentType)) assert.Equal(t, ""6990"", resp.Header.Get(ahttp.HeaderContentLength)) assert.Equal(t, ""no-cache, no-store, must-revalidate"", resp.Header.Get(ahttp.HeaderCacheControl)) t.Log(""Static File - /assets/img/notfound/file.txt"") resp, err = httpClient.Get(ts.URL + ""/assets/img/notfound/file.txt"") assert.Nil(t, err) assert.Equal(t, 200, resp.StatusCode) assert.Equal(t, ""0"", resp.Header.Get(ahttp.HeaderContentLength)) }",True,Go,TestStaticFilesDelivery,static_test.go,https://github.com/go-aah/aah,go-aah,GitHub,2020-03-03 01:27:03-08:00,#266 addressing path traversal issue on static file delivery (#267),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-36559,"func (m *M) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAsym } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: M: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: M: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Arr"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAsym } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthAsym } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAsym } if postIndex > l { return io.ErrUnexpectedEOF } var v MyType m.Arr = append(m.Arr, v) if err := m.Arr[len(m.Arr)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAsym(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAsym } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1067,"router.Use(LoggerWithFormatter(func(param LogFormatterParams) string { return fmt.Sprintf(""[FORMATTER TEST] %v | %3d | %13v | %15s | %-7s %s\n%s"", param.TimeStamp.Format(""2006/01/02 - 15:04:05""), param.StatusCode, param.Latency, param.ClientIP, param.Method, param.Path, param.ErrorMessage, ) }))",True,Go,string,logger_test.go,https://github.com/gin-gonic/gin,gin-gonic,GitHub,2020-03-07 21:51:33+08:00,"removing log injection (#2277)

Co-authored-by: thinkerou <thinkerou@gmail.com>",CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2020-36567,"func (m *MyType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAsym } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipAsym(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAsym } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1072,"func initLocales(opt Options) language.Matcher { tags := make([]language.Tag, len(opt.Langs)) for i, lang := range opt.Langs { tags[i] = language.Raw.Make(lang) fname := fmt.Sprintf(opt.Format, lang) custom := []interface{}{} customPath := path.Join(opt.CustomDirectory, fname) if com.IsFile(customPath) { custom = append(custom, customPath) } var locale interface{} if data, ok := opt.Files[fname]; ok { locale = data } else { locale = path.Join(opt.Directory, fname) } err := i18n.SetMessageWithDesc(lang, opt.Names[i], locale, custom...) if err != nil && err != i18n.ErrLangAlreadyExist { panic(fmt.Errorf(""fail to set message file(%s): %v"", lang, err)) } } return language.NewMatcher(tags) }",True,Go,initLocales,i18n.go,https://github.com/go-macaron/i18n,go-macaron,ᴜɴᴋɴᴡᴏɴ,2020-02-17 00:13:52+08:00,security: fix Open Redirection vulnerability,CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2020-36627,"func (m *Wilson) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCasttype } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Wilson: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Wilson: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCasttype } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int64 = &v default: iNdEx = preIndex skippy, err := skipCasttype(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthCasttype } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1075,"func I18n(options ...Options) macaron.Handler { opt := prepareOptions(options) m := initLocales(opt) return func(ctx *macaron.Context) { isNeedRedir := false hasCookie := false lang := ctx.Query(opt.Parameter) if len(lang) == 0 { lang = ctx.GetCookie(""lang"") hasCookie = true } else { isNeedRedir = true } if !i18n.IsExist(lang) { lang = """" isNeedRedir = false hasCookie = false } if len(lang) == 0 { tags, _, _ := language.ParseAcceptLanguage(ctx.Req.Header.Get(""Accept-Language"")) tag, _, _ := m.Match(tags...) lang = tag.String() isNeedRedir = false } curLang := LangType{ Lang: lang, } if !hasCookie { ctx.SetCookie(""lang"", curLang.Lang, 1<<31-1, ""/""+strings.TrimPrefix(opt.SubURL, ""/""), opt.CookieDomain) } restLangs := make([]LangType, 0, i18n.Count()-1) langs := i18n.ListLangs() names := i18n.ListLangDescs() for i, v := range langs { if lang != v { restLangs = append(restLangs, LangType{v, names[i]}) } else { curLang.Name = names[i] } } locale := Locale{i18n.Locale{lang}} ctx.Map(locale) ctx.Locale = locale ctx.Data[opt.TmplName] = locale ctx.Data[""Tr""] = i18n.Tr ctx.Data[""Lang""] = locale.Lang ctx.Data[""LangName""] = curLang.Name ctx.Data[""AllLangs""] = append([]LangType{curLang}, restLangs...) ctx.Data[""RestLangs""] = restLangs if opt.Redirect && isNeedRedir { ctx.Redirect(opt.SubURL + ctx.Req.RequestURI[:strings.Index(ctx.Req.RequestURI, ""?"")]) } } }",True,Go,I18n,i18n.go,https://github.com/go-macaron/i18n,go-macaron,ᴜɴᴋɴᴡᴏɴ,2020-02-17 00:13:52+08:00,security: fix Open Redirection vulnerability,CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2020-36627,"func (m *Wilson) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCasttype } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Wilson: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Wilson: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCasttype } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int64 = &v default: iNdEx = preIndex skippy, err := skipCasttype(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthCasttype } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1081,"func (p *GitLabProvider) EnrichSession(ctx context.Context, s *sessions.SessionState) error { userInfo, err := p.getUserInfo(ctx, s) if err != nil { return fmt.Errorf(""failed to retrieve user info: %v"", err) } if !p.AllowUnverifiedEmail && !userInfo.EmailVerified { return fmt.Errorf(""user email is not verified"") } s.User = userInfo.Username s.Email = userInfo.Email p.addGroupsToSession(ctx, s) p.addProjectsToSession(ctx, s) return nil }",True,Go,EnrichSession,gitlab.go,https://github.com/oauth2-proxy/oauth2-proxy,oauth2-proxy,GitHub,2021-03-25 17:20:45+00:00,"Merge pull request from GHSA-652x-m2gr-hppm

* Populate session Groups from userinfo response

* Fix: gitlab tests

Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-21411,"func (m *Wilson) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCasttype } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Wilson: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Wilson: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCasttype } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int64 = &v default: iNdEx = preIndex skippy, err := skipCasttype(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthCasttype } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1083,"func (p *GitLabProvider) addGroupsToSession(ctx context.Context, s *sessions.SessionState) { for _, group := range p.Groups { s.Groups = append(s.Groups, fmt.Sprintf(""group:%s"", group)) } }",True,Go,addGroupsToSession,gitlab.go,https://github.com/oauth2-proxy/oauth2-proxy,oauth2-proxy,GitHub,2021-03-25 17:20:45+00:00,"Merge pull request from GHSA-652x-m2gr-hppm

* Populate session Groups from userinfo response

* Fix: gitlab tests

Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-21411,"func (m *Wilson) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCasttype } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Wilson: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Wilson: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCasttype } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int64 = &v default: iNdEx = preIndex skippy, err := skipCasttype(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthCasttype } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1086,"func (p *GitLabProvider) PrefixAllowedGroups() (groups []string) { for _, val := range p.Groups { groups = append(groups, fmt.Sprintf(""group:%s"", val)) } for _, val := range p.Projects { groups = append(groups, fmt.Sprintf(""project:%s"", val.Name)) } return groups }",True,Go,PrefixAllowedGroups,gitlab.go,https://github.com/oauth2-proxy/oauth2-proxy,oauth2-proxy,GitHub,2021-03-25 17:20:45+00:00,"Merge pull request from GHSA-652x-m2gr-hppm

* Populate session Groups from userinfo response

* Fix: gitlab tests

Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-21411,"func (m *Wilson) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCastvalue } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Wilson: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Wilson: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCastvalue } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int64 = &v default: iNdEx = preIndex skippy, err := skipCastvalue(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthCastvalue } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1091,"func Extract(rs io.Reader, dest string) error { linkMap := make(map[int][]string) stream := NewCpioStream(rs) for { entry, err := stream.ReadNextEntry() if err != nil { return err } if entry.Header.filename == TRAILER { break } target := path.Join(dest, path.Clean(entry.Header.filename)) parent := path.Dir(target) if _, err := os.Stat(parent); os.IsNotExist(err) { if err := os.MkdirAll(parent, 0755); err != nil { return err } } switch entry.Header.Mode() &^ 07777 { case S_ISCHR: logger.Debug(""unpacking char device"") continue case S_ISBLK: logger.Debug(""unpacking block device"") continue case S_ISDIR: logger.Debug(""unpacking dir"") m := os.FileMode(entry.Header.Mode()).Perm() if err := os.Mkdir(target, m); err != nil && !os.IsExist(err) { return err } case S_ISFIFO: logger.Debug(""unpacking named pipe"") if err := fileutil.Mkfifo(target, uint32(entry.Header.Mode())); err != nil { return err } case S_ISLNK: logger.Debug(""unpacking symlink"") buf := make([]byte, entry.Header.c_filesize) if _, err := entry.payload.Read(buf); err != nil { return err } if err := os.Symlink(string(buf), target); err != nil { return err } case S_ISREG: logger.Debug(""unpacking regular file"") if entry.Header.c_nlink > 1 && entry.Header.c_filesize == 0 { logger.Debug(""regular file is a hard link"") l, ok := linkMap[entry.Header.c_ino] if !ok { l = make([]string, 0) } l = append(l, target) linkMap[entry.Header.c_ino] = l continue } f, err := os.Create(target) if err != nil { return err } written, err := io.Copy(f, entry.payload) if err != nil { return err } if written != int64(entry.Header.c_filesize) { logger.Debugf(""written: %d, filesize: %d"", written, entry.Header.c_filesize) return fmt.Errorf(""short write"") } if err := f.Close(); err != nil { return err } if entry.Header.c_nlink > 1 && entry.Header.c_filesize > 0 { l, ok := linkMap[entry.Header.c_ino] if !ok { return fmt.Errorf(""hardlinks missing"") } for _, t := range l { if err := os.Link(target, t); err != nil { return err } } } default: return fmt.Errorf(""unknown file mode 0%o for %s"", entry.Header.c_mode, entry.Header.filename) } } return nil }",True,Go,Extract,extract.go,https://github.com/sassoftware/go-rpmutils,sassoftware,Michael Tharp,2020-06-12 11:22:45-04:00,Prevent cpio.Extract from writing into parent directories,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-7667,"func (m *Wilson) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCastvalue } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Wilson: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Wilson: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCastvalue } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int64 = &v default: iNdEx = preIndex skippy, err := skipCastvalue(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthCastvalue } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1103,"func (s *CAServer) CreateCertificate(ctx context.Context, request *pb.IstioCertificateRequest) ( *pb.IstioCertificateResponse, error, ) { caServerLog.Infof(""received CSR request"") if s.shouldReject() { caServerLog.Info(""force rejecting CSR request"") return nil, status.Error(codes.Unavailable, ""CA server is not available"") } if s.sendEmpty() { caServerLog.Info(""force sending empty cert chain in CSR response"") response := &pb.IstioCertificateResponse{ CertChain: []string{}, } return response, nil } id := []string{""client-identity""} if len(s.Authenticators) > 0 { caller := ca.Authenticate(ctx, s.Authenticators) if caller == nil { return nil, status.Error(codes.Unauthenticated, ""request authenticate failure"") } id = caller.Identities } cert, err := s.sign([]byte(request.Csr), id, time.Duration(request.ValidityDuration)*time.Second, false) if err != nil { caServerLog.Errorf(""failed to sign CSR: %+v"", err) return nil, status.Errorf(err.(*caerror.Error).HTTPErrorCode(), ""CSR signing error: %+v"", err.(*caerror.Error)) } respCertChain := []string{string(cert)} respCertChain = append(respCertChain, string(s.certPem)) response := &pb.IstioCertificateResponse{ CertChain: respCertChain, } caServerLog.Info(""send back CSR success response"") return response, nil }",True,Go,CreateCertificate,caserver.go,https://github.com/istio/istio,istio,GitHub,2022-07-14 09:30:33-07:00,"add xfcc authenticator (#39405)

* add xfcc authenticator

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* go mod

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* lint

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add license

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix folder

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add copying file

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* remove COPYING

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address review comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add cidr authenticator

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* lint

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* minor changes

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add more comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* update based on review comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix test

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* review comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add authentication manager

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add test

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix test

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix test

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-39388,"func (m *Wilson) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCastvalue } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Wilson: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Wilson: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCastvalue } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int64 = &v default: iNdEx = preIndex skippy, err := skipCastvalue(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthCastvalue } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1115,"func Authenticate(ctx context.Context, auth []security.Authenticator) *security.Caller { var errMsg string for id, authn := range auth { u, err := authn.Authenticate(ctx) if err != nil { errMsg += fmt.Sprintf(""Authenticator %s at index %d got error: %v. "", authn.AuthenticatorType(), id, err) } if u != nil && err == nil { serverCaLog.Debugf(""Authentication successful through auth source %v"", u.AuthSource) return u } } serverCaLog.Warnf(""Authentication failed for %v: %s"", getConnectionAddress(ctx), errMsg) return nil }",True,Go,Authenticate,server.go,https://github.com/istio/istio,istio,GitHub,2022-07-14 09:30:33-07:00,"add xfcc authenticator (#39405)

* add xfcc authenticator

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* go mod

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* lint

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add license

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix folder

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add copying file

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* remove COPYING

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address review comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add cidr authenticator

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* lint

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* minor changes

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add more comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* update based on review comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix test

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* review comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add authentication manager

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add test

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix test

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix test

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-39388,"func (m *Wilson) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCastvalue } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Wilson: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Wilson: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCastvalue } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int64 = &v default: iNdEx = preIndex skippy, err := skipCastvalue(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthCastvalue } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1116,"func getConnectionAddress(ctx context.Context) string { peerInfo, ok := peer.FromContext(ctx) peerAddr := ""unknown"" if ok { peerAddr = peerInfo.Addr.String() } return peerAddr }",True,Go,getConnectionAddress,server.go,https://github.com/istio/istio,istio,GitHub,2022-07-14 09:30:33-07:00,"add xfcc authenticator (#39405)

* add xfcc authenticator

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* go mod

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* lint

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add license

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix folder

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add copying file

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* remove COPYING

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address review comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add cidr authenticator

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* lint

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* minor changes

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add more comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* update based on review comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix test

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* review comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add authentication manager

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add test

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix test

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix test

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* address comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-39388,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1123,func GetCode(id string) string { return memory.Code[id] },True,Go,GetCode,memory.go,https://github.com/kongchuanhujiao/server,kongchuanhujiao,千橘 雫霞,2021-03-16 19:18:48+08:00,重构：优化验证码生成逻辑，最小化权责,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2021-21403,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1125,"func DeleteCode(id string) { delete(memory.Code, id) }",True,Go,DeleteCode,memory.go,https://github.com/kongchuanhujiao/server,kongchuanhujiao,千橘 雫霞,2021-03-16 19:18:48+08:00,重构：优化验证码生成逻辑，最小化权责,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2021-21403,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1128,"func (a *APIs) PostLogin(v *PostLoginReq) *kongchuanhujiao.Response { if v.Code != account.GetCode(v.ID) || v.Code == """" { return kongchuanhujiao.GenerateErrResp(1, ""验证码有误"") } now := time.Now() t, err := jwt.NewTokenWithClaims(jwt.SigningMethodES256, jwt.MapClaims{ ""iss"": config.GetJWTConf().Iss, ""sub"": v.ID, ""exp"": now.AddDate(0, 1, 0).Unix(), ""nbf"": now.Unix(), ""iat"": now.Unix(), }).SignedString(config.GetJWTConf().Key) if err != nil { logger.Error(""生成 JWT Token 失败"", zap.Error(err)) return kongchuanhujiao.DefaultErrResp } return &kongchuanhujiao.Response{Message: t} }",True,Go,PostLogin,apis.go,https://github.com/kongchuanhujiao/server,kongchuanhujiao,千橘 雫霞,2021-03-16 19:18:48+08:00,重构：优化验证码生成逻辑，最小化权责,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2021-21403,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1131,"func sendCode(id string) (err error) { a, err := account.SelectAccount(id, 0) if err != nil { logger.Error(""发送验证码失败"", zap.Error(err)) return } if len(a) == 0 { return errors.New(""账号不存在"") } rand.Seed(time.Now().UnixNano()) c := strconv.FormatFloat(rand.Float64(), 'f', -1, 64)[2:6] client.GetClient().SendMessage( message.NewTextMessage(""您的验证码是："" + c + ""，请勿泄露给他人。有效期5分钟""). SetTarget(&message.Target{ID: a[0].QQ}), ) account.WriteCode(id, c) go func() { timer := time.NewTimer(5 * time.Minute) defer timer.Stop() <-timer.C account.DeleteCode(id) }() return }",True,Go,sendCode,utils.go,https://github.com/kongchuanhujiao/server,kongchuanhujiao,千橘 雫霞,2021-03-16 19:18:48+08:00,重构：优化验证码生成逻辑，最小化权责,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2021-21403,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1134,"func checkAllowlist(r *library.Repo, allowlist []string) bool { if len(allowlist) == 0 { return true } for _, repo := range allowlist { if strings.Contains(repo, ""/*"") { if strings.HasPrefix(repo, r.GetOrg()) { return true } } if repo == r.GetFullName() { return true } } return false }",True,Go,checkAllowlist,repo.go,https://github.com/go-vela/server,go-vela,GitHub,2022-11-09 09:50:11-06:00,"Merge pull request from GHSA-5m7g-pj8w-7593

* fix(allowlist)!: modify repo allowlist behavior

* setting allow pull to false on create repo endpoint by default

Co-authored-by: ecrupper <easton.crupper12@gmail.com>",CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2022-39395,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1140,"patches.forEach(patch => { const {path, op} = patch let base: any = draft for (let i = 0; i < path.length - 1; i++) { const parentType = getArchtype(base) const p = path[i] if ( (parentType === Archtype.Object || parentType === Archtype.Array) && (p === ""__proto__"" || p === ""constructor"") ) die(24) if (typeof base === ""function"" && p === ""prototype"") die(24) base = get(base, p) if (typeof base !== ""object"") die(15, path.join(""/"")) }",True,Go,patches.forEach,patches.ts,https://github.com/immerjs/immer,immerjs,Michel Weststrate,2021-08-31 19:59:35+01:00,"fix(security): Follow up on CVE-2020-28477 where `path: [[""__proto__""], ""x""]` could still pollute the prototype",CWE-843,Access of Resource Using Incompatible Type ('Type Confusion'),"The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.",https://cwe.mitre.org/data/definitions/843.html,CVE-2021-23436,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1141,"patches.forEach(patch => { const {path, op} = patch let base: any = draft for (let i = 0; i < path.length - 1; i++) { const parentType = getArchtype(base) const p = path[i] if ( (parentType === Archtype.Object || parentType === Archtype.Array) && (p === ""__proto__"" || p === ""constructor"") ) die(24) if (typeof base === ""function"" && p === ""prototype"") die(24) base = get(base, p) if (typeof base !== ""object"") die(15, path.join(""/"")) }",True,Go,patches.forEach,patches.ts,https://github.com/immerjs/immer,immerjs,Michel Weststrate,2021-08-31 19:59:35+01:00,"fix(security): Follow up on CVE-2020-28477 where `path: [[""__proto__""], ""x""]` could still pollute the prototype",CWE-1321,Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'),"The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.",https://cwe.mitre.org/data/definitions/1321.html,CVE-2021-3757,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1147,"func init() { routers = make([]testInfo, 0) routers = append(routers, matchTestInfo(""/topic/?:auth:int"", ""/topic"", nil)) routers = append(routers, matchTestInfo(""/topic/?:auth:int"", ""/topic/123"", map[string]string{"":auth"": ""123""})) routers = append(routers, matchTestInfo(""/topic/:id/?:auth"", ""/topic/1"", map[string]string{"":id"": ""1""})) routers = append(routers, matchTestInfo(""/topic/:id/?:auth"", ""/topic/1/2"", map[string]string{"":id"": ""1"", "":auth"": ""2""})) routers = append(routers, matchTestInfo(""/topic/:id/?:auth:int"", ""/topic/1"", map[string]string{"":id"": ""1""})) routers = append(routers, matchTestInfo(""/topic/:id/?:auth:int"", ""/topic/1/123"", map[string]string{"":id"": ""1"", "":auth"": ""123""})) routers = append(routers, matchTestInfo(""/:id"", ""/123"", map[string]string{"":id"": ""123""})) routers = append(routers, matchTestInfo(""/hello/?:id"", ""/hello"", map[string]string{"":id"": """"})) routers = append(routers, matchTestInfo(""/"", ""/"", nil)) routers = append(routers, matchTestInfo(""/customer/login"", ""/customer/login"", nil)) routers = append(routers, matchTestInfo(""/customer/login"", ""/customer/login.json"", map[string]string{"":ext"": ""json""})) routers = append(routers, matchTestInfo(""bb"", ""/aa/2009/bb"", map[string]string{"":splat"": ""2009""})) routers = append(routers, matchTestInfo(""/ccff"", ""/ee/2009/11/ff"", map[string]string{"":year"": ""2009"", "":splat"": ""11""})) routers = append(routers, matchTestInfo(""/thumbnail/:size/uploads/*"", ""/thumbnail/100x100/uploads/items/2014/04/20/dPRCdChkUd651t1Hvs18.jpg"", map[string]string{"":size"": ""100x100"", "":splat"": ""items/2014/04/20/dPRCdChkUd651t1Hvs18.jpg""})) routers = append(routers, matchTestInfo(""/*.*"", ""/nice/api.json"", map[string]string{"":path"": ""nice/api"", "":ext"": ""json""})) routers = append(routers, matchTestInfo(""/:name/*.*"", ""/nice/api.json"", map[string]string{"":name"": ""nice"", "":path"": ""api"", "":ext"": ""json""})) routers = append(routers, matchTestInfo(""/:name/test/*.*"", ""/nice/test/api.json"", map[string]string{"":name"": ""nice"", "":path"": ""api"", "":ext"": ""json""})) routers = append(routers, matchTestInfo(""/dl/:width:int/:height:int/*.*"", ""/dl/48/48/05ac66d9bda00a3acf948c43e306fc9a.jpg"", map[string]string{"":width"": ""48"", "":height"": ""48"", "":ext"": ""jpg"", "":path"": ""05ac66d9bda00a3acf948c43e306fc9a""})) routers = append(routers, matchTestInfo(""/v1/shop/:id:int"", ""/v1/shop/123"", map[string]string{"":id"": ""123""})) routers = append(routers, matchTestInfo(""/v1/shop/:id\\((a|b|c)\\)"", ""/v1/shop/123(a)"", map[string]string{"":id"": ""123""})) routers = append(routers, matchTestInfo(""/v1/shop/:id\\((a|b|c)\\)"", ""/v1/shop/123(b)"", map[string]string{"":id"": ""123""})) routers = append(routers, matchTestInfo(""/v1/shop/:id\\((a|b|c)\\)"", ""/v1/shop/123(c)"", map[string]string{"":id"": ""123""})) routers = append(routers, matchTestInfo(""/:year:int/:month:int/:id/:endid"", ""/1111/111/aaa/aaa"", map[string]string{"":year"": ""1111"", "":month"": ""111"", "":id"": ""aaa"", "":endid"": ""aaa""})) routers = append(routers, matchTestInfo(""/v1/shop/:id/:name"", ""/v1/shop/123/nike"", map[string]string{"":id"": ""123"", "":name"": ""nike""})) routers = append(routers, matchTestInfo(""/v1/shop/:id/account"", ""/v1/shop/123/account"", map[string]string{"":id"": ""123""})) routers = append(routers, matchTestInfo(""/v1/shop/:name:string"", ""/v1/shop/nike"", map[string]string{"":name"": ""nike""})) routers = append(routers, matchTestInfo(""/v1/shop/:id([0-9]+)"", ""/v1/shop routers = append(routers, matchTestInfo(""/v1/shop/:id([0-9]+)_:name"", ""/v1/shop/123_nike"", map[string]string{"":id"": ""123"", "":name"": ""nike""})) routers = append(routers, matchTestInfo(""/v1/shop/:id(.+)_cms.html"", ""/v1/shop/123_cms.html"", map[string]string{"":id"": ""123""})) routers = append(routers, matchTestInfo(""/v1/shop/cms_:id(.+)_:page(.+).html"", ""/v1/shop/cms_123_1.html"", map[string]string{"":id"": ""123"", "":page"": ""1""})) routers = append(routers, matchTestInfo(""/v1/:v/cms/aaa_:id(.+)_:page(.+).html"", ""/v1/2/cms/aaa_123_1.html"", map[string]string{"":v"": ""2"", "":id"": ""123"", "":page"": ""1""})) routers = append(routers, matchTestInfo(""/v1/:v/cms_:id(.+)_:page(.+).html"", ""/v1/2/cms_123_1.html"", map[string]string{"":v"": ""2"", "":id"": ""123"", "":page"": ""1""})) routers = append(routers, matchTestInfo(""/v1/:v(.+)_cms/ttt_:id(.+)_:page(.+).html"", ""/v1/2_cms/ttt_123_1.html"", map[string]string{"":v"": ""2"", "":id"": ""123"", "":page"": ""1""})) routers = append(routers, matchTestInfo(""/api/projects/:pid/members/?:mid"", ""/api/projects/1/members"", map[string]string{"":pid"": ""1""})) routers = append(routers, matchTestInfo(""/api/projects/:pid/members/?:mid"", ""/api/projects/1/members/2"", map[string]string{"":pid"": ""1"", "":mid"": ""2""})) routers = append(routers, matchTestInfo(""/?:year/?:month/?:day"", ""/2020/11/10"", map[string]string{"":year"": ""2020"", "":month"": ""11"", "":day"": ""10""})) routers = append(routers, matchTestInfo(""/?:year/?:month/?:day"", ""/2020/11"", map[string]string{"":year"": ""2020"", "":month"": ""11""})) routers = append(routers, matchTestInfo(""/?:year"", ""/2020"", map[string]string{"":year"": ""2020""})) routers = append(routers, matchTestInfo(""/?:year([0-9]+)/?:month([0-9]+)/mid/?:day([0-9]+)/?:hour([0-9]+)"", ""/2020/11/mid/10/24"", map[string]string{"":year"": ""2020"", "":month"": ""11"", "":day"": ""10"", "":hour"": ""24""})) routers = append(routers, matchTestInfo(""/?:year/?:month/mid/?:day/?:hour"", ""/2020/mid/10"", map[string]string{"":year"": ""2020"", "":day"": ""10""})) routers = append(routers, matchTestInfo(""/?:year/?:month/mid/?:day/?:hour"", ""/2020/11/mid"", map[string]string{"":year"": ""2020"", "":month"": ""11""})) routers = append(routers, matchTestInfo(""/?:year/?:month/mid/?:day/?:hour"", ""/mid/10/24"", map[string]string{"":day"": ""10"", "":hour"": ""24""})) routers = append(routers, matchTestInfo(""/?:year([0-9]+)/:month([0-9]+)/mid/:day([0-9]+)/?:hour([0-9]+)"", ""/2020/11/mid/10/24"", map[string]string{"":year"": ""2020"", "":month"": ""11"", "":day"": ""10"", "":hour"": ""24""})) routers = append(routers, matchTestInfo(""/?:year/:month/mid/:day/?:hour"", ""/11/mid/10/24"", map[string]string{"":month"": ""11"", "":day"": ""10""})) routers = append(routers, matchTestInfo(""/?:year/:month/mid/:day/?:hour"", ""/2020/11/mid/10"", map[string]string{"":year"": ""2020"", "":month"": ""11"", "":day"": ""10""})) routers = append(routers, matchTestInfo(""/?:year/:month/mid/:day/?:hour"", ""/11/mid/10"", map[string]string{"":month"": ""11"", "":day"": ""10""})) routers = append(routers, notMatchTestInfo(""/read_:id:int\\.htm"", ""/read_222htm"")) routers = append(routers, notMatchTestInfo(""/read_:id:int\\.htm"", ""/read_222_htm"")) routers = append(routers, notMatchTestInfo(""/read_:id:int\\.htm"", "" /read_262shtm"")) }",True,Go,init,tree_test.go,https://github.com/beego/beego,beego,Ming Deng,2021-01-26 00:18:41+08:00,Fix BUG: /abc.html/aaa match /abc/aaa,NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2021-30080,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1151,"func (m *MyType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAsym } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipAsym(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthAsym } if (iNdEx + skippy) < 0 { return ErrInvalidLengthAsym } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,asym.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1163,"func (m *Wilson) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCastvalue } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Wilson: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Wilson: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCastvalue } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int64 = &v default: iNdEx = preIndex skippy, err := skipCastvalue(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthCastvalue } if (iNdEx + skippy) < 0 { return ErrInvalidLengthCastvalue } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,castvalue.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1167,"func (m *Wilson) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCastvalue } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Wilson: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Wilson: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowCastvalue } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int64 = &v default: iNdEx = preIndex skippy, err := skipCastvalue(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthCastvalue } if (iNdEx + skippy) < 0 { return ErrInvalidLengthCastvalue } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,castvalue.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1172,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1173,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1175,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1179,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1182,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1186,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1209,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1210,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1212,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1214,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1216,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1219,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1223,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1226,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1230,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1237,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1241,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1248,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1260,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1262,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1264,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1272,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1281,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1283,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1284,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1286,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1290,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1293,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1297,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1300,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1303,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1305,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1308,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1311,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1313,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1315,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1319,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1327,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1337,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1339,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1342,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1343,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1346,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1347,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1352,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1356,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1357,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1363,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1372,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1374,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1378,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1383,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1389,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1391,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1406,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1412,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1413,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1420,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1432,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,thetest.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1443,"func (m *Object) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProto } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Object: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Object: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomField1"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProto } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthProto } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthProto } if postIndex > l { return io.ErrUnexpectedEOF } var v CustomType m.CustomField1 = &v if err := m.CustomField1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomField2"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProto } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthProto } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthProto } if postIndex > l { return io.ErrUnexpectedEOF } var v CustomType m.CustomField2 = append(m.CustomField2, v) if err := m.CustomField2[len(m.CustomField2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipProto(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthProto } if (iNdEx + skippy) < 0 { return ErrInvalidLengthProto } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,proto.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1446,"func (m *MyMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowData } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field MyData"", wireType) } m.MyData = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowData } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.MyData |= uint32(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipData(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthData } if (iNdEx + skippy) < 0 { return ErrInvalidLengthData } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,data.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1448,"func (m *TestRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEmpty } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: TestRequest: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: TestRequest: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipEmpty(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthEmpty } if (iNdEx + skippy) < 0 { return ErrInvalidLengthEmpty } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,empty.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1449,"func (m *Message) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEnumdecl } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Message: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Message: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field EnumeratedField"", wireType) } m.EnumeratedField = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEnumdecl } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.EnumeratedField |= MyEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipEnumdecl(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthEnumdecl } if (iNdEx + skippy) < 0 { return ErrInvalidLengthEnumdecl } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,enumdecl.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1451,"func (m *Message) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEnumdeclall } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Message: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Message: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field EnumeratedField"", wireType) } m.EnumeratedField = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEnumdeclall } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.EnumeratedField |= MyEnum(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field OtherenumeratedField"", wireType) } m.OtherenumeratedField = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEnumdeclall } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.OtherenumeratedField |= MyOtherEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipEnumdeclall(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthEnumdeclall } if (iNdEx + skippy) < 0 { return ErrInvalidLengthEnumdeclall } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,enumdeclall.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1453,"func (m *CastType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowExample } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CastType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CastType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int32"", wireType) } var v int32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowExample } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int32(b&0x7F) << shift if b < 0x80 { break } } m.Int32 = &v default: iNdEx = preIndex skippy, err := skipExample(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthExample } if (iNdEx + skippy) < 0 { return ErrInvalidLengthExample } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,example.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1456,"func (m *U) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowExample } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: U: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: U: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowExample } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthExample } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthExample } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &A{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowExample } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthExample } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthExample } if postIndex > l { return io.ErrUnexpectedEOF } if m.B == nil { m.B = &B{} } if err := m.B.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipExample(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthExample } if (iNdEx + skippy) < 0 { return ErrInvalidLengthExample } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,example.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1459,"func (m *R) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowExample } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: R: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: R: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Recognized"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowExample } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Recognized = &v default: iNdEx = preIndex skippy, err := skipExample(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthExample } if (iNdEx + skippy) < 0 { return ErrInvalidLengthExample } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,example.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1474,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowFuzz } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipFuzz(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthFuzz } if (iNdEx + skippy) < 0 { return ErrInvalidLengthFuzz } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,fuzz.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1475,"func (m *A) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowA } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: A: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: A: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field F1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowA } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthA } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthA } if postIndex > l { return io.ErrUnexpectedEOF } m.F1 = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipA(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthA } if (iNdEx + skippy) < 0 { return ErrInvalidLengthA } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,a.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1477,"func (m *C) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowC } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: C: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: C: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field F2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowC } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthC } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthC } if postIndex > l { return io.ErrUnexpectedEOF } if m.F2 == nil { m.F2 = &github_com_gogo_protobuf_test_importcustom_issue389_imported.B{} } if err := m.F2.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipC(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthC } if (iNdEx + skippy) < 0 { return ErrInvalidLengthC } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,c.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1479,"func (m *IndexQuery) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIndex } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: IndexQuery: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: IndexQuery: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Key"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIndex } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthIndex } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthIndex } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Key = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIndex } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthIndex } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthIndex } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Value = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipIndex(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIndex } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIndex } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,index.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1486,"func (m *DroppedWithoutGetters) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue260 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DroppedWithoutGetters: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DroppedWithoutGetters: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Height"", wireType) } m.Height = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue260 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Height |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Width"", wireType) } m.Width = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue260 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Width |= int64(b&0x7F) << shift if b < 0x80 { break } } case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Timestamp"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue260 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthIssue260 } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthIssue260 } if postIndex > l { return io.ErrUnexpectedEOF } if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Timestamp, dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipIssue260(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue260 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue260 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue260.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1494,"func (m *TimeFail) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTimefail } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: TimeFail: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: TimeFail: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field TimeTest"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTimefail } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthTimefail } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthTimefail } if postIndex > l { return io.ErrUnexpectedEOF } if m.TimeTest == nil { m.TimeTest = new(time.Time) } if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.TimeTest, dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTimefail(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTimefail } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTimefail } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,timefail.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1496,"func (m *OneofTest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue322 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OneofTest: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OneofTest: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field I"", wireType) } var v int32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue322 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int32(b&0x7F) << shift if b < 0x80 { break } } m.Union = &OneofTest_I{v} default: iNdEx = preIndex skippy, err := skipIssue322(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue322 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue322 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue322.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1498,"func (m *Object) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue330 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Object: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Object: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Type"", wireType) } m.Type = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue330 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Type |= TypeIdentifier(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipIssue330(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue330 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue330 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue330.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1500,"func (m *FooWithRepeated) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProto } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: FooWithRepeated: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: FooWithRepeated: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Bar"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProto } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthProto } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthProto } if postIndex > l { return io.ErrUnexpectedEOF } m.Bar = append(m.Bar, make([]byte, postIndex-iNdEx)) copy(m.Bar[len(m.Bar)-1], dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipProto(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthProto } if (iNdEx + skippy) < 0 { return ErrInvalidLengthProto } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,proto.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1504,"func (m *OrderedFields) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue42 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrderedFields: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrderedFields: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.B = &v case 10: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue42 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.A = &v default: iNdEx = preIndex skippy, err := skipIssue42(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue42 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue42 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue42.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1505,"func (m *UnorderedFields) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue42 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnorderedFields: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnorderedFields: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.B = &v case 10: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue42 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.A = &v default: iNdEx = preIndex skippy, err := skipIssue42(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue42 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue42 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue42.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1508,"func (m *CodeGenMsg) Unmarshal(dAtA []byte) error { var hasFields [1]uint64 l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue449 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CodeGenMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CodeGenMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64ReqPtr"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue449 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int64ReqPtr = &v hasFields[0] |= uint64(0x00000001) case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int32OptPtr"", wireType) } var v int32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue449 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int32(b&0x7F) << shift if b < 0x80 { break } } m.Int32OptPtr = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64Req"", wireType) } m.Int64Req = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue449 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Int64Req |= int64(b&0x7F) << shift if b < 0x80 { break } } hasFields[0] |= uint64(0x00000002) case 4: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int32Opt"", wireType) } m.Int32Opt = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue449 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Int32Opt |= int32(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipIssue449(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue449 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue449 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if hasFields[0]&uint64(0x00000001) == 0 { return github_com_gogo_protobuf_proto.NewRequiredNotSetError(""Int64ReqPtr"") } if hasFields[0]&uint64(0x00000002) == 0 { return github_com_gogo_protobuf_proto.NewRequiredNotSetError(""Int64Req"") } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue449.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1510,"func (m *Message) Unmarshal(dAtA []byte) error { var hasFields [1]uint64 l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue498 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Message: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Message: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Uint8"", wireType) } var v uint8 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue498 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint8(b&0x7F) << shift if b < 0x80 { break } } m.Uint8 = &v hasFields[0] |= uint64(0x00000001) case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Uint16"", wireType) } var v uint16 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue498 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint16(b&0x7F) << shift if b < 0x80 { break } } m.Uint16 = &v hasFields[0] |= uint64(0x00000002) case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int8"", wireType) } var v int8 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue498 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int8(b&0x7F) << shift if b < 0x80 { break } } m.Int8 = &v hasFields[0] |= uint64(0x00000004) case 4: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int16"", wireType) } var v int16 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue498 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int16(b&0x7F) << shift if b < 0x80 { break } } m.Int16 = &v hasFields[0] |= uint64(0x00000008) default: iNdEx = preIndex skippy, err := skipIssue498(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue498 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue498 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if hasFields[0]&uint64(0x00000001) == 0 { return github_com_gogo_protobuf_proto.NewRequiredNotSetError(""uint8"") } if hasFields[0]&uint64(0x00000002) == 0 { return github_com_gogo_protobuf_proto.NewRequiredNotSetError(""uint16"") } if hasFields[0]&uint64(0x00000004) == 0 { return github_com_gogo_protobuf_proto.NewRequiredNotSetError(""int8"") } if hasFields[0]&uint64(0x00000008) == 0 { return github_com_gogo_protobuf_proto.NewRequiredNotSetError(""int16"") } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue498.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1514,"func (m *Bar1) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Bar1: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Bar1: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Str"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthIssue530 } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthIssue530 } if postIndex > l { return io.ErrUnexpectedEOF } m.Str = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipIssue530(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue530 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue530 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue530.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1521,"func (m *Bar2) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Bar2: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Bar2: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Str"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthIssue530 } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthIssue530 } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Str = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipIssue530(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue530 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue530 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue530.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1524,"func (m *Bar5) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Bar5: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Bar5: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Bars2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthIssue530 } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthIssue530 } if postIndex > l { return io.ErrUnexpectedEOF } m.Bars2 = append(m.Bars2, &Bar2{}) if err := m.Bars2[len(m.Bars2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Bars1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthIssue530 } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthIssue530 } if postIndex > l { return io.ErrUnexpectedEOF } m.Bars1 = append(m.Bars1, &Bar1{}) if err := m.Bars1[len(m.Bars1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipIssue530(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue530 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue530 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue530.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1525,"func (m *Bar8) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Bar8: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Bar8: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Bars1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthIssue530 } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthIssue530 } if postIndex > l { return io.ErrUnexpectedEOF } m.Bars1 = append(m.Bars1, Bar9{}) if err := m.Bars1[len(m.Bars1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipIssue530(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue530 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue530 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue530.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1526,"func (m *Bar3) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Bar3: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Bar3: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Bars4"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthIssue530 } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthIssue530 } if postIndex > l { return io.ErrUnexpectedEOF } m.Bars4 = append(m.Bars4, Bar4{}) if err := m.Bars4[len(m.Bars4)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Bars2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthIssue530 } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthIssue530 } if postIndex > l { return io.ErrUnexpectedEOF } m.Bars2 = append(m.Bars2, Bar2{}) if err := m.Bars2[len(m.Bars2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipIssue530(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue530 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue530 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue530.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1527,"func (m *Bar9) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Bar9: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Bar9: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Str"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue530 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthIssue530 } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthIssue530 } if postIndex > l { return io.ErrUnexpectedEOF } m.Str = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipIssue530(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue530 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue530 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue530.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1533,"func (m *Foo_Bar) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowIssue617 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Bar: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Bar: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipIssue617(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthIssue617 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthIssue617 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,issue617.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1536,"func (m *Foo) Unmarshal(dAtA []byte) error { var hasFields [1]uint64 l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProto } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Foo: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Foo: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Bar"", wireType) } var v uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProto } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint64(b&0x7F) << shift if b < 0x80 { break } } m.Bar = &v hasFields[0] |= uint64(0x00000001) default: iNdEx = preIndex skippy, err := skipProto(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthProto } if (iNdEx + skippy) < 0 { return ErrInvalidLengthProto } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if hasFields[0]&uint64(0x00000001) == 0 { return github_com_gogo_protobuf_proto.NewRequiredNotSetError(""bar"") } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,proto.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1539,"func (m *FakeMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowMap } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: FakeMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: FakeMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Entries"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowMap } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthMap } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthMap } if postIndex > l { return io.ErrUnexpectedEOF } m.Entries = append(m.Entries, &FakeMapEntry{}) if err := m.Entries[len(m.Entries)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipMap(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthMap } if (iNdEx + skippy) < 0 { return ErrInvalidLengthMap } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,map.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1544,"func (m *FakeMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowMap } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: FakeMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: FakeMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Entries"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowMap } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthMap } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthMap } if postIndex > l { return io.ErrUnexpectedEOF } m.Entries = append(m.Entries, &FakeMapEntry{}) if err := m.Entries[len(m.Entries)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipMap(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthMap } if (iNdEx + skippy) < 0 { return ErrInvalidLengthMap } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,map.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1548,"func (m *FakeMapEntry) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowMap } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: FakeMapEntry: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: FakeMapEntry: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Key"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowMap } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthMap } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthMap } if postIndex > l { return io.ErrUnexpectedEOF } m.Key = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowMap } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthMap } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthMap } if postIndex > l { return io.ErrUnexpectedEOF } m.Value = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Other"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowMap } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthMap } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthMap } if postIndex > l { return io.ErrUnexpectedEOF } m.Other = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipMap(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthMap } if (iNdEx + skippy) < 0 { return ErrInvalidLengthMap } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,map.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1570,"func (m *Subby) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowOne } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Subby: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Subby: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Sub"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowOne } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthOne } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthOne } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Sub = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipOne(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthOne } if (iNdEx + skippy) < 0 { return ErrInvalidLengthOne } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,one.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1581,"func (m *Subby) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowOne } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Subby: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Subby: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Sub"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowOne } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthOne } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthOne } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Sub = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipOne(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthOne } if (iNdEx + skippy) < 0 { return ErrInvalidLengthOne } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,one.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1585,"func (m *Subby) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowOne } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Subby: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Subby: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Sub"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowOne } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthOne } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthOne } if postIndex > l { return io.ErrUnexpectedEOF } m.Sub = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipOne(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthOne } if (iNdEx + skippy) < 0 { return ErrInvalidLengthOne } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,one.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1590,"func (m *Subby) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowOne } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Subby: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Subby: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Sub"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowOne } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthOne } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthOne } if postIndex > l { return io.ErrUnexpectedEOF } m.Sub = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipOne(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthOne } if (iNdEx + skippy) < 0 { return ErrInvalidLengthOne } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,one.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1607,"func (m *NestedNinOptNative) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowRequiredexample } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNinOptNative: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNinOptNative: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNinOpts"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowRequiredexample } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthRequiredexample } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthRequiredexample } if postIndex > l { return io.ErrUnexpectedEOF } m.NestedNinOpts = append(m.NestedNinOpts, &NinOptNative{}) if err := m.NestedNinOpts[len(m.NestedNinOpts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipRequiredexample(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthRequiredexample } if (iNdEx + skippy) < 0 { return ErrInvalidLengthRequiredexample } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,requiredexample.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1610,"func (m *SizeMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowSizeunderscore } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: SizeMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: SizeMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Size_"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowSizeunderscore } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Size_ = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Equal_"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowSizeunderscore } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Equal_ = &b case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field String_"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowSizeunderscore } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthSizeunderscore } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthSizeunderscore } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.String_ = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipSizeunderscore(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthSizeunderscore } if (iNdEx + skippy) < 0 { return ErrInvalidLengthSizeunderscore } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,sizeunderscore.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1611,"func (m *Nested) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nested: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nested: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Bunny"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthTheproto3 } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthTheproto3 } if postIndex > l { return io.ErrUnexpectedEOF } m.Bunny = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTheproto3(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,theproto3.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1617,"func (m *Uint128Pair) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Uint128Pair: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Uint128Pair: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthTheproto3 } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthTheproto3 } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthTheproto3 } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthTheproto3 } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Right = &v if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTheproto3(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,theproto3.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1622,"func (m *ContainsNestedMap_NestedMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedMapField"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthTheproto3 } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthTheproto3 } if postIndex > l { return io.ErrUnexpectedEOF } if m.NestedMapField == nil { m.NestedMapField = make(map[string]float64) } var mapkey string var mapvalue float64 for iNdEx < postIndex { entryPreIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) if fieldNum == 1 { var stringLenmapkey uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLenmapkey |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLenmapkey := int(stringLenmapkey) if intStringLenmapkey < 0 { return ErrInvalidLengthTheproto3 } postStringIndexmapkey := iNdEx + intStringLenmapkey if postStringIndexmapkey < 0 { return ErrInvalidLengthTheproto3 } if postStringIndexmapkey > l { return io.ErrUnexpectedEOF } mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) iNdEx = postStringIndexmapkey } else if fieldNum == 2 { var mapvaluetemp uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } mapvaluetemp = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 mapvalue = math.Float64frombits(mapvaluetemp) } else { iNdEx = entryPreIndex skippy, err := skipTheproto3(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) > postIndex { return io.ErrUnexpectedEOF } iNdEx += skippy } } m.NestedMapField[mapkey] = mapvalue iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTheproto3(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,theproto3.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1627,"func (m *FloatingPoint) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: FloatingPoint: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: FloatingPoint: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field F"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.F = float64(math.Float64frombits(v)) default: iNdEx = preIndex skippy, err := skipTheproto3(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,theproto3.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1635,"func (m *Nested) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nested: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nested: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Bunny"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthTheproto3 } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthTheproto3 } if postIndex > l { return io.ErrUnexpectedEOF } m.Bunny = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTheproto3(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,theproto3.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1637,"func (m *ContainsNestedMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ContainsNestedMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ContainsNestedMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipTheproto3(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,theproto3.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1638,"func (m *ContainsNestedMap_NestedMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedMapField"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthTheproto3 } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthTheproto3 } if postIndex > l { return io.ErrUnexpectedEOF } if m.NestedMapField == nil { m.NestedMapField = make(map[string]float64) } var mapkey string var mapvalue float64 for iNdEx < postIndex { entryPreIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) if fieldNum == 1 { var stringLenmapkey uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLenmapkey |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLenmapkey := int(stringLenmapkey) if intStringLenmapkey < 0 { return ErrInvalidLengthTheproto3 } postStringIndexmapkey := iNdEx + intStringLenmapkey if postStringIndexmapkey < 0 { return ErrInvalidLengthTheproto3 } if postStringIndexmapkey > l { return io.ErrUnexpectedEOF } mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) iNdEx = postStringIndexmapkey } else if fieldNum == 2 { var mapvaluetemp uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } mapvaluetemp = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 mapvalue = math.Float64frombits(mapvaluetemp) } else { iNdEx = entryPreIndex skippy, err := skipTheproto3(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) > postIndex { return io.ErrUnexpectedEOF } iNdEx += skippy } } m.NestedMapField[mapkey] = mapvalue iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTheproto3(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,theproto3.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1641,"func (m *NotPacked) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NotPacked: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NotPacked: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 5: if wireType == 0 { var v uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint64(b&0x7F) << shift if b < 0x80 { break } } m.Key = append(m.Key, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthTheproto3 } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthTheproto3 } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int var count int for _, integer := range dAtA[iNdEx:postIndex] { if integer < 128 { count++ } } elementCount = count if elementCount != 0 && len(m.Key) == 0 { m.Key = make([]uint64, 0, elementCount) } for iNdEx < postIndex { var v uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTheproto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint64(b&0x7F) << shift if b < 0x80 { break } } m.Key = append(m.Key, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field Key"", wireType) } default: iNdEx = preIndex skippy, err := skipTheproto3(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTheproto3 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,theproto3.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1655,"func (m *Kept) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypedecl } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Kept: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Kept: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Name"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypedecl } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthTypedecl } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthTypedecl } if postIndex > l { return io.ErrUnexpectedEOF } m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Age"", wireType) } m.Age = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypedecl } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Age |= int32(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipTypedecl(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTypedecl } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTypedecl } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,typedecl.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1657,"func (m *DroppedWithoutGetters) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypedeclall } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DroppedWithoutGetters: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DroppedWithoutGetters: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Height"", wireType) } m.Height = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypedeclall } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Height |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Width"", wireType) } m.Width = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypedeclall } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Width |= int64(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipTypedeclall(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTypedeclall } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTypedeclall } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,typedeclall.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1659,"func (m *Dropped) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypedeclall } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Dropped: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Dropped: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Name"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypedeclall } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthTypedeclall } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthTypedeclall } if postIndex > l { return io.ErrUnexpectedEOF } m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Age"", wireType) } m.Age = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypedeclall } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Age |= int32(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipTypedeclall(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTypedeclall } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTypedeclall } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,typedeclall.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1661,"func (m *Kept) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypedeclall } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Kept: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Kept: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Name"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypedeclall } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthTypedeclall } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthTypedeclall } if postIndex > l { return io.ErrUnexpectedEOF } m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Age"", wireType) } m.Age = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypedeclall } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Age |= int32(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipTypedeclall(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTypedeclall } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTypedeclall } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,typedeclall.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1702,"func (m *Sub) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnmarshalmerge } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Sub: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Sub: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field SubNumber"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnmarshalmerge } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.SubNumber = &v default: iNdEx = preIndex skippy, err := skipUnmarshalmerge(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthUnmarshalmerge } if (iNdEx + skippy) < 0 { return ErrInvalidLengthUnmarshalmerge } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,unmarshalmerge.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1708,"func (m *A) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: A: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: A: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthUnrecognized } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthUnrecognized } if postIndex > l { return io.ErrUnexpectedEOF } m.B = append(m.B, &B{}) if err := m.B[len(m.B)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipUnrecognized(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthUnrecognized } if (iNdEx + skippy) < 0 { return ErrInvalidLengthUnrecognized } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,unrecognized.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1711,"func (m *OldB) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OldB: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OldB: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthUnrecognized } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthUnrecognized } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &OldC{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 5: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field F"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthUnrecognized } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthUnrecognized } if postIndex > l { return io.ErrUnexpectedEOF } if m.F == nil { m.F = &OldC{} } if err := m.F.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipUnrecognized(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthUnrecognized } if (iNdEx + skippy) < 0 { return ErrInvalidLengthUnrecognized } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,unrecognized.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1714,"func (m *OldA) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OldA: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OldA: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthUnrecognized } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthUnrecognized } if postIndex > l { return io.ErrUnexpectedEOF } m.B = append(m.B, &OldB{}) if err := m.B[len(m.B)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipUnrecognized(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthUnrecognized } if (iNdEx + skippy) < 0 { return ErrInvalidLengthUnrecognized } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,unrecognized.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1715,"func (m *U) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: U: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: U: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType == 1 { var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 v2 := float64(math.Float64frombits(v)) m.Field2 = append(m.Field2, v2) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthUnrecognized } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthUnrecognized } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int elementCount = packedLen / 8 if elementCount != 0 && len(m.Field2) == 0 { m.Field2 = make([]float64, 0, elementCount) } for iNdEx < postIndex { var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 v2 := float64(math.Float64frombits(v)) m.Field2 = append(m.Field2, v2) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipUnrecognized(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthUnrecognized } if (iNdEx + skippy) < 0 { return ErrInvalidLengthUnrecognized } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,unrecognized.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1716,"func (m *OldU) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OldU: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OldU: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthUnrecognized } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthUnrecognized } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex case 2: if wireType == 1 { var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 v2 := float64(math.Float64frombits(v)) m.Field2 = append(m.Field2, v2) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthUnrecognized } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthUnrecognized } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int elementCount = packedLen / 8 if elementCount != 0 && len(m.Field2) == 0 { m.Field2 = make([]float64, 0, elementCount) } for iNdEx < postIndex { var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 v2 := float64(math.Float64frombits(v)) m.Field2 = append(m.Field2, v2) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } default: iNdEx = preIndex skippy, err := skipUnrecognized(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthUnrecognized } if (iNdEx + skippy) < 0 { return ErrInvalidLengthUnrecognized } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,unrecognized.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1724,"func (m *D) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: D: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: D: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognized } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipUnrecognized(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthUnrecognized } if (iNdEx + skippy) < 0 { return ErrInvalidLengthUnrecognized } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,unrecognized.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1725,"func (m *A) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognizedgroup } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: A: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: A: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field AField"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowUnrecognizedgroup } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.AField = &v default: iNdEx = preIndex skippy, err := skipUnrecognizedgroup(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthUnrecognizedgroup } if (iNdEx + skippy) < 0 { return ErrInvalidLengthUnrecognizedgroup } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,unrecognizedgroup.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1740,"func (m *Empty) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEmpty } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Empty: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Empty: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipEmpty(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthEmpty } if (iNdEx + skippy) < 0 { return ErrInvalidLengthEmpty } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,empty.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1744,"func (m *SourceContext) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowSourceContext } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: SourceContext: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: SourceContext: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FileName"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowSourceContext } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthSourceContext } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthSourceContext } if postIndex > l { return io.ErrUnexpectedEOF } m.FileName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipSourceContext(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthSourceContext } if (iNdEx + skippy) < 0 { return ErrInvalidLengthSourceContext } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,source_context.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1749,"func (m *ListValue) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowStruct } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ListValue: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ListValue: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Values"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowStruct } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthStruct } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthStruct } if postIndex > l { return io.ErrUnexpectedEOF } m.Values = append(m.Values, &Value{}) if err := m.Values[len(m.Values)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipStruct(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthStruct } if (iNdEx + skippy) < 0 { return ErrInvalidLengthStruct } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,struct.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1752,"func (m *Timestamp) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTimestamp } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timestamp: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timestamp: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Seconds"", wireType) } m.Seconds = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTimestamp } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Seconds |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Nanos"", wireType) } m.Nanos = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTimestamp } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Nanos |= int32(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipTimestamp(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthTimestamp } if (iNdEx + skippy) < 0 { return ErrInvalidLengthTimestamp } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,timestamp.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1757,"func (m *Option) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowType } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Option: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Option: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Name"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowType } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthType } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthType } if postIndex > l { return io.ErrUnexpectedEOF } m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowType } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthType } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthType } if postIndex > l { return io.ErrUnexpectedEOF } if m.Value == nil { m.Value = &Any{} } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipType(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthType } if (iNdEx + skippy) < 0 { return ErrInvalidLengthType } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,type.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1764,"func (m *StringValue) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: StringValue: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: StringValue: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthWrappers } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthWrappers } if postIndex > l { return io.ErrUnexpectedEOF } m.Value = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipWrappers(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,wrappers.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1767,"func (m *UInt64Value) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UInt64Value: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UInt64Value: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= uint64(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipWrappers(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,wrappers.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1768,"func (m *Int32Value) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Int32Value: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Int32Value: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int32(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipWrappers(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,wrappers.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1769,"func (m *Int64Value) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Int64Value: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Int64Value: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipWrappers(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,wrappers.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1770,"func (m *BoolValue) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: BoolValue: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: BoolValue: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Value = bool(v != 0) default: iNdEx = preIndex skippy, err := skipWrappers(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,wrappers.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1776,"func (m *DoubleValue) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DoubleValue: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DoubleValue: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.Value = float64(math.Float64frombits(v)) default: iNdEx = preIndex skippy, err := skipWrappers(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,wrappers.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1777,"func (m *BytesValue) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: BytesValue: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: BytesValue: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthWrappers } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthWrappers } if postIndex > l { return io.ErrUnexpectedEOF } m.Value = append(m.Value[:0], dAtA[iNdEx:postIndex]...) if m.Value == nil { m.Value = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipWrappers(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,wrappers.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1780,"func (m *UInt32Value) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UInt32Value: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UInt32Value: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowWrappers } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= uint32(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipWrappers(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,wrappers.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1782,"func (m *B) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGogovanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: B: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: B: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field String_"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGogovanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthGogovanity } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthGogovanity } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.String_ = &s iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGogovanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int64 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int32"", wireType) } var v int32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGogovanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int32(b&0x7F) << shift if b < 0x80 { break } } m.Int32 = &v default: iNdEx = preIndex skippy, err := skipGogovanity(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthGogovanity } if (iNdEx + skippy) < 0 { return ErrInvalidLengthGogovanity } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,gogovanity.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1786,"func (m *A) Unmarshal(dAtA []byte) error { var hasFields [1]uint64 l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowVanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: A: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: A: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Strings"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowVanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthVanity } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthVanity } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Strings = &s iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowVanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Int = &v hasFields[0] |= uint64(0x00000001) default: iNdEx = preIndex skippy, err := skipVanity(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthVanity } if (iNdEx + skippy) < 0 { return ErrInvalidLengthVanity } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if hasFields[0]&uint64(0x00000001) == 0 { return github_com_gogo_protobuf_proto.NewRequiredNotSetError(""Int"") } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,vanity.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1789,"func (m *Aproto3) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Aproto3: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Aproto3: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthProto3 } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthProto3 } if postIndex > l { return io.ErrUnexpectedEOF } m.B = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipProto3(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthProto3 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthProto3 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,proto3.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1794,"func (m *B) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGogovanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: B: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: B: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field String_"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGogovanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthGogovanity } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthGogovanity } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.String_ = &s iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int64"", wireType) } m.Int64 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGogovanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Int64 |= int64(b&0x7F) << shift if b < 0x80 { break } } case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int32"", wireType) } var v int32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGogovanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int32(b&0x7F) << shift if b < 0x80 { break } } m.Int32 = &v default: iNdEx = preIndex skippy, err := skipGogovanity(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthGogovanity } if (iNdEx + skippy) < 0 { return ErrInvalidLengthGogovanity } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,gogovanity.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1795,"func (m *Aproto3) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Aproto3: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Aproto3: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProto3 } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthProto3 } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthProto3 } if postIndex > l { return io.ErrUnexpectedEOF } m.B = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipProto3(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthProto3 } if (iNdEx + skippy) < 0 { return ErrInvalidLengthProto3 } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,proto3.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1797,"func (m *A) Unmarshal(dAtA []byte) error { var hasFields [1]uint64 l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowVanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: A: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: A: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Strings"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowVanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthVanity } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthVanity } if postIndex > l { return io.ErrUnexpectedEOF } m.Strings = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Int"", wireType) } m.Int = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowVanity } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Int |= int64(b&0x7F) << shift if b < 0x80 { break } } hasFields[0] |= uint64(0x00000001) default: iNdEx = preIndex skippy, err := skipVanity(dAtA[iNdEx:]) if err != nil { return err } if skippy < 0 { return ErrInvalidLengthVanity } if (iNdEx + skippy) < 0 { return ErrInvalidLengthVanity } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if hasFields[0]&uint64(0x00000001) == 0 { return github_com_gogo_protobuf_proto.NewRequiredNotSetError(""Int"") } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }",True,Go,Unmarshal,vanity.pb.go,https://github.com/gogo/protobuf,gogo,Walter Schulze,2021-01-10 08:01:47+00:00,skippy peanut butter,CWE-129,Improper Validation of Array Index,"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.",https://cwe.mitre.org/data/definitions/129.html,CVE-2021-3121,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1799,"func VerifyGet(cfg schema.AuthenticationBackendConfiguration) middlewares.RequestHandler { refreshProfile, refreshProfileInterval := getProfileRefreshSettings(cfg) return func(ctx *middlewares.AutheliaCtx) { ctx.Logger.Tracef(""Headers=%s"", ctx.Request.Header.String()) targetURL, err := ctx.GetOriginalURL() if err != nil { ctx.Error(fmt.Errorf(""Unable to parse target URL: %s"", err), operationFailedMessage) return } if !isSchemeHTTPS(targetURL) && !isSchemeWSS(targetURL) { ctx.Logger.Error(fmt.Errorf(""Scheme of target URL %s must be secure since cookies are ""+ ""only transported over a secure connection for security reasons"", targetURL.String())) ctx.ReplyUnauthorized() return } if !isURLUnderProtectedDomain(targetURL, ctx.Configuration.Session.Domain) { ctx.Logger.Error(fmt.Errorf(""The target URL %s is not under the protected domain %s"", targetURL.String(), ctx.Configuration.Session.Domain)) ctx.ReplyUnauthorized() return } isBasicAuth, username, name, groups, emails, authLevel, err := verifyAuth(ctx, targetURL, refreshProfile, refreshProfileInterval) method := ctx.XForwardedMethod() if err != nil { ctx.Logger.Error(fmt.Sprintf(""Error caught when verifying user authorization: %s"", err)) if err := updateActivityTimestamp(ctx, isBasicAuth, username); err != nil { ctx.Error(fmt.Errorf(""Unable to update last activity: %s"", err), operationFailedMessage) return } handleUnauthorized(ctx, targetURL, isBasicAuth, username, method) return } authorized := isTargetURLAuthorized(ctx.Providers.Authorizer, *targetURL, username, groups, ctx.RemoteIP(), method, authLevel) switch authorized { case Forbidden: ctx.Logger.Infof(""Access to %s is forbidden to user %s"", targetURL.String(), username) ctx.ReplyForbidden() case NotAuthorized: handleUnauthorized(ctx, targetURL, isBasicAuth, username, method) case Authorized: setForwardedHeaders(&ctx.Response.Header, username, name, groups, emails) } if err := updateActivityTimestamp(ctx, isBasicAuth, username); err != nil { ctx.Error(fmt.Errorf(""Unable to update last activity: %s"", err), operationFailedMessage) } } }",True,Go,VerifyGet,handler_verify.go,https://github.com/authelia/authelia,authelia,GitHub,2021-05-21 14:03:44+02:00,"fix(handlers): align response status codes for the verify endpoint (#2016)

This aligns all response status codes on the /api/verify endpoint when an error occurs, making it impossible to determine the actual reason for the failure.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2021-32637,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1812,"func (a *AuthenticatorOAuth2Introspection) Config(config json.RawMessage) (*AuthenticatorOAuth2IntrospectionConfiguration, *http.Client, error) { var c AuthenticatorOAuth2IntrospectionConfiguration if err := a.c.AuthenticatorConfig(a.GetID(), config, &c); err != nil { return nil, nil, NewErrAuthenticatorMisconfigured(a, err) } clientKey := fmt.Sprintf(""%x"", md5.Sum([]byte(config))) a.mu.RLock() client, ok := a.clientMap[clientKey] a.mu.RUnlock() if !ok { a.logger.Debug(""Initializing http client"") var rt http.RoundTripper if c.PreAuth != nil && c.PreAuth.Enabled { var ep url.Values if c.PreAuth.Audience != """" { ep = url.Values{""audience"": {c.PreAuth.Audience}} } rt = (&clientcredentials.Config{ ClientID: c.PreAuth.ClientID, ClientSecret: c.PreAuth.ClientSecret, Scopes: c.PreAuth.Scope, EndpointParams: ep, TokenURL: c.PreAuth.TokenURL, }).Client(context.Background()).Transport } if c.Retry == nil { c.Retry = &AuthenticatorOAuth2IntrospectionRetryConfiguration{Timeout: ""500ms"", MaxWait: ""1s""} } else { if c.Retry.Timeout == """" { c.Retry.Timeout = ""500ms"" } if c.Retry.MaxWait == """" { c.Retry.MaxWait = ""1s"" } } duration, err := time.ParseDuration(c.Retry.Timeout) if err != nil { return nil, nil, err } timeout := time.Millisecond * duration maxWait, err := time.ParseDuration(c.Retry.MaxWait) if err != nil { return nil, nil, err } client = httpx.NewResilientClientLatencyToleranceConfigurable(rt, timeout, maxWait) a.mu.Lock() a.clientMap[clientKey] = client a.mu.Unlock() } if c.Cache.TTL != """" { cacheTTL, err := time.ParseDuration(c.Cache.TTL) if err != nil { return nil, nil, err } a.cacheTTL = &cacheTTL } if a.tokenCache == nil { a.logger.Debugf(""Creating cache with max cost: %d"", c.Cache.MaxCost) cache, _ := ristretto.NewCache(&ristretto.Config{ NumCounters: 10000, MaxCost: int64(c.Cache.MaxCost), BufferItems: 64, }) a.tokenCache = cache } return &c, client, nil }",True,Go,Config,authenticator_oauth2_introspection.go,https://github.com/ory/oathkeeper,ory,GitHub,2021-06-22 15:02:29+02:00,"Merge pull request from GHSA-qvp4-rpmr-xwrr

This patch addresses a security vulnerability which would bypass token claim validation once a token is in the cache.

For more information please refer to https://github.com/ory/oathkeeper/security/advisories/GHSA-qvp4-rpmr-xwrr",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-32701,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1813,"func (a *AuthenticatorOAuth2Introspection) tokenFromCache(config *AuthenticatorOAuth2IntrospectionConfiguration, token string) (*AuthenticatorOAuth2IntrospectionResult, bool) { if !config.Cache.Enabled { return nil, false } item, found := a.tokenCache.Get(token) if !found { return nil, false } i := item.(*AuthenticatorOAuth2IntrospectionResult) expires := time.Unix(i.Expires, 0) if expires.Before(time.Now()) { a.tokenCache.Del(token) return nil, false } return i, true }",True,Go,tokenFromCache,authenticator_oauth2_introspection.go,https://github.com/ory/oathkeeper,ory,GitHub,2021-06-22 15:02:29+02:00,"Merge pull request from GHSA-qvp4-rpmr-xwrr

This patch addresses a security vulnerability which would bypass token claim validation once a token is in the cache.

For more information please refer to https://github.com/ory/oathkeeper/security/advisories/GHSA-qvp4-rpmr-xwrr",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-32701,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1817,"func (a *AuthenticatorOAuth2Introspection) traceRequest(ctx context.Context, req *http.Request) func() { tracer := opentracing.GlobalTracer() if tracer == nil { return func() {} } parentSpan := opentracing.SpanFromContext(ctx) opts := make([]opentracing.StartSpanOption, 0, 1) if parentSpan != nil { opts = append(opts, opentracing.ChildOf(parentSpan.Context())) } urlStr := req.URL.String() clientSpan := tracer.StartSpan(req.Method+"" ""+urlStr, opts...) ext.SpanKindRPCClient.Set(clientSpan) ext.HTTPUrl.Set(clientSpan, urlStr) ext.HTTPMethod.Set(clientSpan, req.Method) tracer.Inject(clientSpan.Context(), opentracing.HTTPHeaders, opentracing.HTTPHeadersCarrier(req.Header)) return clientSpan.Finish }",True,Go,traceRequest,authenticator_oauth2_introspection.go,https://github.com/ory/oathkeeper,ory,GitHub,2021-06-22 15:02:29+02:00,"Merge pull request from GHSA-qvp4-rpmr-xwrr

This patch addresses a security vulnerability which would bypass token claim validation once a token is in the cache.

For more information please refer to https://github.com/ory/oathkeeper/security/advisories/GHSA-qvp4-rpmr-xwrr",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-32701,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1819,"func (a *AuthenticatorOAuth2Introspection) tokenToCache(config *AuthenticatorOAuth2IntrospectionConfiguration, i *AuthenticatorOAuth2IntrospectionResult, token string) { if !config.Cache.Enabled { return } if a.cacheTTL != nil { a.tokenCache.SetWithTTL(token, i, 1, *a.cacheTTL) } else { a.tokenCache.Set(token, i, 1) } }",True,Go,tokenToCache,authenticator_oauth2_introspection.go,https://github.com/ory/oathkeeper,ory,GitHub,2021-06-22 15:02:29+02:00,"Merge pull request from GHSA-qvp4-rpmr-xwrr

This patch addresses a security vulnerability which would bypass token claim validation once a token is in the cache.

For more information please refer to https://github.com/ory/oathkeeper/security/advisories/GHSA-qvp4-rpmr-xwrr",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-32701,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1823,"func (dag *DAG) EnsureService(meta types.NamespacedName, port intstr.IntOrString, cache *KubernetesCache) (*Service, error) { svc, svcPort, err := cache.LookupService(meta, port) if err != nil { return nil, err } if dagSvc := dag.GetService(k8s.NamespacedNameOf(svc), svcPort.Port); dagSvc != nil { return dagSvc, nil } dagSvc := &Service{ Weighted: WeightedService{ ServiceName: svc.Name, ServiceNamespace: svc.Namespace, ServicePort: svcPort, Weight: 1, }, Protocol: upstreamProtocol(svc, svcPort), MaxConnections: annotation.MaxConnections(svc), MaxPendingRequests: annotation.MaxPendingRequests(svc), MaxRequests: annotation.MaxRequests(svc), MaxRetries: annotation.MaxRetries(svc), ExternalName: externalName(svc), } return dagSvc, nil }",True,Go,EnsureService,accessors.go,https://github.com/projectcontour/contour,projectcontour,GitHub,2021-07-22 12:04:46-06:00,"cherrypicks for v1.17.1 (#3909)

* Merge pull request from GHSA-5ph6-qq5x-7jwc

Signed-off-by: Nick Young <ynick@vmware.com>

* Fix spelling and lint errors that slipped into the ExternalName PR (#3908)

Signed-off-by: Nick Young <ynick@vmware.com>

Co-authored-by: Nick Young <ynick@vmware.com>",CWE-610,Externally Controlled Reference to a Resource in Another Sphere,The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.,https://cwe.mitre.org/data/definitions/610.html,CVE-2021-32783,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1825,"func TestBuilderLookupService(t *testing.T) { s1 := &v1.Service{ ObjectMeta: metav1.ObjectMeta{ Name: ""kuard"", Namespace: ""default"", }, Spec: v1.ServiceSpec{ Ports: []v1.ServicePort{{ Name: ""http"", Protocol: ""TCP"", Port: 8080, TargetPort: intstr.FromInt(8080), }}, }, } services := map[types.NamespacedName]*v1.Service{ {Name: ""service1"", Namespace: ""default""}: s1, } tests := map[string]struct { types.NamespacedName port intstr.IntOrString want *Service wantErr error }{ ""lookup service by port number"": { NamespacedName: types.NamespacedName{Name: ""service1"", Namespace: ""default""}, port: intstr.FromInt(8080), want: service(s1), }, ""lookup service by port name"": { NamespacedName: types.NamespacedName{Name: ""service1"", Namespace: ""default""}, port: intstr.FromString(""http""), want: service(s1), }, ""lookup service by port number (as string)"": { NamespacedName: types.NamespacedName{Name: ""service1"", Namespace: ""default""}, port: intstr.Parse(""8080""), want: service(s1), }, ""lookup service by port number (from string)"": { NamespacedName: types.NamespacedName{Name: ""service1"", Namespace: ""default""}, port: intstr.FromString(""8080""), want: service(s1), }, ""when service does not exist an error is returned"": { NamespacedName: types.NamespacedName{Name: ""nonexistent-service"", Namespace: ""default""}, port: intstr.FromString(""8080""), wantErr: errors.New(`service ""default/nonexistent-service"" not found`), }, ""when port does not exist an error is returned"": { NamespacedName: types.NamespacedName{Name: ""service1"", Namespace: ""default""}, port: intstr.FromString(""9999""), wantErr: errors.New(`port ""9999"" on service ""default/service1"" not matched`), }, } for name, tc := range tests { t.Run(name, func(t *testing.T) { b := Builder{ Source: KubernetesCache{ services: services, FieldLogger: fixture.NewTestLogger(t), }, } var dag DAG got, gotErr := dag.EnsureService(tc.NamespacedName, tc.port, &b.Source) assert.Equal(t, tc.want, got) assert.Equal(t, tc.wantErr, gotErr) }) } }",True,Go,TestBuilderLookupService,accessors_test.go,https://github.com/projectcontour/contour,projectcontour,GitHub,2021-07-22 12:04:46-06:00,"cherrypicks for v1.17.1 (#3909)

* Merge pull request from GHSA-5ph6-qq5x-7jwc

Signed-off-by: Nick Young <ynick@vmware.com>

* Fix spelling and lint errors that slipped into the ExternalName PR (#3908)

Signed-off-by: Nick Young <ynick@vmware.com>

Co-authored-by: Nick Young <ynick@vmware.com>",CWE-610,Externally Controlled Reference to a Resource in Another Sphere,The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.,https://cwe.mitre.org/data/definitions/610.html,CVE-2021-32783,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1829,"func (p *GatewayAPIProcessor) validateForwardTo(serviceName *string, port *gatewayapi_v1alpha1.PortNumber, namespace string) (*Service, error) { if serviceName == nil { return nil, fmt.Errorf(""Spec.Rules.ForwardTo.ServiceName must be specified"") } if port == nil { return nil, fmt.Errorf(""Spec.Rules.ForwardTo.ServicePort must be specified"") } meta := types.NamespacedName{Name: *serviceName, Namespace: namespace} service, err := p.dag.EnsureService(meta, intstr.FromInt(int(*port)), p.source) if err != nil { return nil, fmt.Errorf(""service %q does not exist"", meta.Name) } return service, nil }",True,Go,validateForwardTo,gatewayapi_processor.go,https://github.com/projectcontour/contour,projectcontour,GitHub,2021-07-22 12:04:46-06:00,"cherrypicks for v1.17.1 (#3909)

* Merge pull request from GHSA-5ph6-qq5x-7jwc

Signed-off-by: Nick Young <ynick@vmware.com>

* Fix spelling and lint errors that slipped into the ExternalName PR (#3908)

Signed-off-by: Nick Young <ynick@vmware.com>

Co-authored-by: Nick Young <ynick@vmware.com>",CWE-610,Externally Controlled Reference to a Resource in Another Sphere,The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.,https://cwe.mitre.org/data/definitions/610.html,CVE-2021-32783,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1836,"func (p *IngressProcessor) computeIngressRule(ing *networking_v1.Ingress, rule networking_v1.IngressRule) { host := rule.Host if host == """" { host = ""*"" } var clientCertSecret *Secret var err error if p.ClientCertificate != nil { clientCertSecret, err = p.source.LookupSecret(*p.ClientCertificate, validSecret) if err != nil { p.WithError(err). WithField(""name"", ing.GetName()). WithField(""namespace"", ing.GetNamespace()). WithField(""secret"", p.ClientCertificate). Error(""tls.envoy-client-certificate contains unresolved secret reference"") return } } for _, httppath := range httppaths(rule) { path := stringOrDefault(httppath.Path, ""/"") pathType := derefPathTypeOr(httppath.PathType, networking_v1.PathTypeImplementationSpecific) be := httppath.Backend m := types.NamespacedName{Name: be.Service.Name, Namespace: ing.Namespace} var port intstr.IntOrString if len(be.Service.Port.Name) > 0 { port = intstr.FromString(be.Service.Port.Name) } else { port = intstr.FromInt(int(be.Service.Port.Number)) } s, err := p.dag.EnsureService(m, port, p.source) if err != nil { p.WithError(err). WithField(""name"", ing.GetName()). WithField(""namespace"", ing.GetNamespace()). WithField(""service"", be.Service.Name). Error(""unresolved service reference"") continue } r, err := route(ing, rule.Host, path, pathType, s, clientCertSecret, p.FieldLogger) if err != nil { p.WithError(err). WithField(""name"", ing.GetName()). WithField(""namespace"", ing.GetNamespace()). WithField(""regex"", path). Errorf(""path regex is not valid"") return } if annotation.TLSRequired(ing) || annotation.HTTPAllowed(ing) { vhost := p.dag.EnsureVirtualHost(ListenerName{Name: host, ListenerName: ""ingress_http""}) vhost.addRoute(r) } if svh := p.dag.GetSecureVirtualHost(ListenerName{Name: host, ListenerName: ""ingress_https""}); svh != nil && host != ""*"" { svh.addRoute(r) } } }",True,Go,computeIngressRule,ingress_processor.go,https://github.com/projectcontour/contour,projectcontour,GitHub,2021-07-22 12:04:46-06:00,"cherrypicks for v1.17.1 (#3909)

* Merge pull request from GHSA-5ph6-qq5x-7jwc

Signed-off-by: Nick Young <ynick@vmware.com>

* Fix spelling and lint errors that slipped into the ExternalName PR (#3908)

Signed-off-by: Nick Young <ynick@vmware.com>

Co-authored-by: Nick Young <ynick@vmware.com>",CWE-610,Externally Controlled Reference to a Resource in Another Sphere,The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.,https://cwe.mitre.org/data/definitions/610.html,CVE-2021-32783,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1841,"func TestExternalNameService(t *testing.T) { rh, c, done := setup(t) defer done() s1 := fixture.NewService(""kuard""). WithSpec(v1.ServiceSpec{ Ports: []v1.ServicePort{{ Port: 80, TargetPort: intstr.FromInt(8080), }}, ExternalName: ""foo.io"", Type: v1.ServiceTypeExternalName, }) i1 := &networking_v1.Ingress{ ObjectMeta: metav1.ObjectMeta{ Name: ""kuard"", Namespace: s1.Namespace, }, Spec: networking_v1.IngressSpec{ DefaultBackend: featuretests.IngressBackend(s1), }, } rh.OnAdd(s1) rh.OnAdd(i1) c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration(""ingress_http"", envoy_v3.VirtualHost(""*"", &envoy_route_v3.Route{ Match: routePrefix(""/""), Action: routeCluster(""default/kuard/80/da39a3ee5e""), }, ), ), ), TypeUrl: routeType, }) c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ Resources: resources(t, externalNameCluster(""default/kuard/80/da39a3ee5e"", ""default/kuard"", ""default_kuard_80"", ""foo.io"", 80), ), TypeUrl: clusterType, }) rh.OnDelete(i1) rh.OnAdd(fixture.NewProxy(""kuard""). WithFQDN(""kuard.projectcontour.io""). WithSpec(contour_api_v1.HTTPProxySpec{ Routes: []contour_api_v1.Route{{ Services: []contour_api_v1.Service{{ Name: s1.Name, Port: 80, }}, }}, }), ) c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration(""ingress_http"", envoy_v3.VirtualHost(""kuard.projectcontour.io"", &envoy_route_v3.Route{ Match: routePrefix(""/""), Action: routeCluster(""default/kuard/80/da39a3ee5e""), }, ), ), ), TypeUrl: routeType, }) c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ Resources: resources(t, externalNameCluster(""default/kuard/80/da39a3ee5e"", ""default/kuard"", ""default_kuard_80"", ""foo.io"", 80), ), TypeUrl: clusterType, }) rh.OnDelete(fixture.NewProxy(""kuard"").WithSpec(contour_api_v1.HTTPProxySpec{})) rh.OnAdd(fixture.NewProxy(""kuard""). WithFQDN(""kuard.projectcontour.io""). WithSpec(contour_api_v1.HTTPProxySpec{ Routes: []contour_api_v1.Route{{ Services: []contour_api_v1.Service{{ Name: s1.Name, Port: 80, }}, RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ Set: []contour_api_v1.HeaderValue{{ Name: ""Host"", Value: ""external.address"", }}, }, }}, }), ) c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration(""ingress_http"", envoy_v3.VirtualHost(""kuard.projectcontour.io"", &envoy_route_v3.Route{ Match: routePrefix(""/""), Action: routeHostRewrite(""default/kuard/80/da39a3ee5e"", ""external.address""), }, ), ), ), }) c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, externalNameCluster(""default/kuard/80/da39a3ee5e"", ""default/kuard"", ""default_kuard_80"", ""foo.io"", 80), ), }) rh.OnDelete(fixture.NewProxy(""kuard"").WithSpec(contour_api_v1.HTTPProxySpec{})) rh.OnAdd(fixture.NewProxy(""kuard""). WithFQDN(""kuard.projectcontour.io""). WithSpec(contour_api_v1.HTTPProxySpec{ Routes: []contour_api_v1.Route{{ Services: []contour_api_v1.Service{{ Protocol: pointer.StringPtr(""h2""), Name: s1.Name, Port: 80, }}, RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ Set: []contour_api_v1.HeaderValue{{ Name: ""Host"", Value: ""external.address"", }}, }, }}, }), ) c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration(""ingress_http"", envoy_v3.VirtualHost(""kuard.projectcontour.io"", &envoy_route_v3.Route{ Match: routePrefix(""/""), Action: routeHostRewrite(""default/kuard/80/da39a3ee5e"", ""external.address""), }, ), ), ), }) c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( externalNameCluster(""default/kuard/80/da39a3ee5e"", ""default/kuard"", ""default_kuard_80"", ""foo.io"", 80), &envoy_cluster_v3.Cluster{ TypedExtensionProtocolOptions: map[string]*any.Any{ ""envoy.extensions.upstreams.http.v3.HttpProtocolOptions"": protobuf.MustMarshalAny( &envoy_extensions_upstream_http_v3.HttpProtocolOptions{ UpstreamProtocolOptions: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ ExplicitHttpConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, }, }, }), }, }, &envoy_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( envoy_v3.UpstreamTLSContext(nil, ""external.address"", nil, ""h2""), ), }, ), ), }) rh.OnDelete(fixture.NewProxy(""kuard"").WithSpec(contour_api_v1.HTTPProxySpec{})) rh.OnAdd(fixture.NewProxy(""kuard""). WithFQDN(""kuard.projectcontour.io""). WithSpec(contour_api_v1.HTTPProxySpec{ Routes: []contour_api_v1.Route{{ Services: []contour_api_v1.Service{{ Protocol: pointer.StringPtr(""tls""), Name: s1.Name, Port: 80, }}, RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ Set: []contour_api_v1.HeaderValue{{ Name: ""Host"", Value: ""external.address"", }}, }, }}, }), ) c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration(""ingress_http"", envoy_v3.VirtualHost(""kuard.projectcontour.io"", &envoy_route_v3.Route{ Match: routePrefix(""/""), Action: routeHostRewrite(""default/kuard/80/da39a3ee5e"", ""external.address""), }, ), ), ), }) c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( externalNameCluster(""default/kuard/80/da39a3ee5e"", ""default/kuard"", ""default_kuard_80"", ""foo.io"", 80), &envoy_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( envoy_v3.UpstreamTLSContext(nil, ""external.address"", nil), ), }, ), ), }) sec1 := &v1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: ""secret"", Namespace: ""default"", }, Type: ""kubernetes.io/tls"", Data: featuretests.Secretdata(featuretests.CERTIFICATE, featuretests.RSA_PRIVATE_KEY), } rh.OnDelete(fixture.NewProxy(""kuard"").WithSpec(contour_api_v1.HTTPProxySpec{})) rh.OnAdd(sec1) rh.OnAdd(fixture.NewProxy(""kuard""). WithFQDN(""kuard.projectcontour.io""). WithCertificate(sec1.Name). WithSpec(contour_api_v1.HTTPProxySpec{ TCPProxy: &contour_api_v1.TCPProxy{ Services: []contour_api_v1.Service{{ Protocol: pointer.StringPtr(""tls""), Name: s1.Name, Port: 80, }}, }, }), ) c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( externalNameCluster(""default/kuard/80/da39a3ee5e"", ""default/kuard"", ""default_kuard_80"", ""foo.io"", 80), &envoy_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( envoy_v3.UpstreamTLSContext(nil, ""foo.io"", nil), ), }, ), ), }) }",True,Go,TestExternalNameService,externalname_test.go,https://github.com/projectcontour/contour,projectcontour,GitHub,2021-07-22 12:04:46-06:00,"cherrypicks for v1.17.1 (#3909)

* Merge pull request from GHSA-5ph6-qq5x-7jwc

Signed-off-by: Nick Young <ynick@vmware.com>

* Fix spelling and lint errors that slipped into the ExternalName PR (#3908)

Signed-off-by: Nick Young <ynick@vmware.com>

Co-authored-by: Nick Young <ynick@vmware.com>",CWE-610,Externally Controlled Reference to a Resource in Another Sphere,The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.,https://cwe.mitre.org/data/definitions/610.html,CVE-2021-32783,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1844,"func testExternalNameServiceTLS(namespace string) { Specify(""external name services work over https"", func() { t := f.T() f.Certs.CreateSelfSignedCert(namespace, ""backend-server-cert"", ""backend-server-cert"", ""echo"") f.Fixtures.EchoSecure.Deploy(namespace, ""echo-tls"") externalNameService := &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ Namespace: namespace, Name: ""external-name-service-tls"", }, Spec: corev1.ServiceSpec{ Type: corev1.ServiceTypeExternalName, ExternalName: ""echo-tls."" + namespace, Ports: []corev1.ServicePort{ { Name: ""https"", Port: 443, Protocol: corev1.ProtocolTCP, }, }, }, } require.NoError(t, f.Client.Create(context.TODO(), externalNameService)) p := &contourv1.HTTPProxy{ ObjectMeta: metav1.ObjectMeta{ Namespace: namespace, Name: ""external-name-proxy-tls"", }, Spec: contourv1.HTTPProxySpec{ VirtualHost: &contourv1.VirtualHost{ Fqdn: ""tls.externalnameservice.projectcontour.io"", }, Routes: []contourv1.Route{ { Services: []contourv1.Service{ { Name: externalNameService.Name, Port: 443, Protocol: stringPtr(""tls""), }, }, RequestHeadersPolicy: &contourv1.HeadersPolicy{ Set: []contourv1.HeaderValue{ { Name: ""Host"", Value: externalNameService.Spec.ExternalName, }, }, }, }, }, }, } f.CreateHTTPProxyAndWaitFor(p, httpProxyValid) res, ok := f.HTTP.RequestUntil(&e2e.HTTPRequestOpts{ Host: p.Spec.VirtualHost.Fqdn, Condition: e2e.HasStatusCode(200), }) require.Truef(t, ok, ""expected 200 response code, got %d"", res.StatusCode) }) }",True,Go,testExternalNameServiceTLS,018_external_name_test.go,https://github.com/projectcontour/contour,projectcontour,GitHub,2021-07-22 12:04:46-06:00,"cherrypicks for v1.17.1 (#3909)

* Merge pull request from GHSA-5ph6-qq5x-7jwc

Signed-off-by: Nick Young <ynick@vmware.com>

* Fix spelling and lint errors that slipped into the ExternalName PR (#3908)

Signed-off-by: Nick Young <ynick@vmware.com>

Co-authored-by: Nick Young <ynick@vmware.com>",CWE-610,Externally Controlled Reference to a Resource in Another Sphere,The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.,https://cwe.mitre.org/data/definitions/610.html,CVE-2021-32783,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1851,"func httpProxyValid(proxy *contourv1.HTTPProxy) bool { return proxy != nil && proxy.Status.CurrentStatus == ""valid"" }",True,Go,httpProxyValid,httpproxy_test.go,https://github.com/projectcontour/contour,projectcontour,GitHub,2021-07-22 12:04:46-06:00,"cherrypicks for v1.17.1 (#3909)

* Merge pull request from GHSA-5ph6-qq5x-7jwc

Signed-off-by: Nick Young <ynick@vmware.com>

* Fix spelling and lint errors that slipped into the ExternalName PR (#3908)

Signed-off-by: Nick Young <ynick@vmware.com>

Co-authored-by: Nick Young <ynick@vmware.com>",CWE-610,Externally Controlled Reference to a Resource in Another Sphere,The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.,https://cwe.mitre.org/data/definitions/610.html,CVE-2021-32783,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1855,"func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) action := vars[""action""] token := vars[""token""] filename := vars[""filename""] metadata, err := s.CheckMetadata(token, filename, true) if err != nil { log.Printf(""Error metadata: %s"", err.Error()) http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound) return } contentType := metadata.ContentType reader, contentLength, err := s.storage.Get(token, filename) if s.storage.IsNotExist(err) { http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound) return } else if err != nil { log.Printf(""%s"", err.Error()) http.Error(w, ""Could not retrieve file."", 500) return } defer reader.Close() var disposition string if action == ""inline"" { disposition = ""inline"" } else { disposition = ""attachment"" } remainingDownloads, remainingDays := metadata.remainingLimitHeaderValues() w.Header().Set(""Content-Type"", contentType) w.Header().Set(""Content-Length"", strconv.FormatUint(contentLength, 10)) w.Header().Set(""Content-Disposition"", fmt.Sprintf(""%s; filename=\""%s\"""", disposition, filename)) w.Header().Set(""Connection"", ""keep-alive"") w.Header().Set(""X-Remaining-Downloads"", remainingDownloads) w.Header().Set(""X-Remaining-Days"", remainingDays) if disposition == ""inline"" && strings.Contains(contentType, ""html"") { reader = ioutil.NopCloser(bluemonday.UGCPolicy().SanitizeReader(reader)) } if w.Header().Get(""Range"") == """" { if _, err = io.Copy(w, reader); err != nil { log.Printf(""%s"", err.Error()) http.Error(w, ""Error occurred copying to output stream"", 500) return } return } file, err := ioutil.TempFile(s.tempPath, ""range-"") if err != nil { log.Printf(""%s"", err.Error()) http.Error(w, ""Error occurred copying to output stream"", 500) return } defer cleanTmpFile(file) tee := io.TeeReader(reader, file) for { b := make([]byte, _5M) _, err = tee.Read(b) if err == io.EOF { break } if err != nil { log.Printf(""%s"", err.Error()) http.Error(w, ""Error occurred copying to output stream"", 500) return } } http.ServeContent(w, r, filename, time.Now(), file) }",True,Go,getHandler,handlers.go,https://github.com/dutchcoders/transfer.sh,dutchcoders,GitHub,2021-05-21 15:49:48+02:00,fixes-20210521 (#373),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-33496,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1857,"func (s *Server) putHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) filename := sanitize(vars[""filename""]) contentLength := r.ContentLength var reader io.Reader reader = r.Body defer r.Body.Close() if contentLength == -1 { var err error var f io.Reader f = reader var b bytes.Buffer n, err := io.CopyN(&b, f, _24K+1) if err != nil && err != io.EOF { log.Printf(""Error putting new file: %s"", err.Error()) http.Error(w, err.Error(), 500) return } var file *os.File if n > _24K { file, err = ioutil.TempFile(s.tempPath, ""transfer-"") if err != nil { log.Printf(""%s"", err.Error()) http.Error(w, err.Error(), 500) return } defer cleanTmpFile(file) n, err = io.Copy(file, io.MultiReader(&b, f)) if err != nil { log.Printf(""%s"", err.Error()) http.Error(w, err.Error(), 500) return } reader, err = os.Open(file.Name()) } else { reader = bytes.NewReader(b.Bytes()) } contentLength = n } if s.maxUploadSize > 0 && contentLength > s.maxUploadSize { log.Print(""Entity too large"") http.Error(w, http.StatusText(http.StatusRequestEntityTooLarge), http.StatusRequestEntityTooLarge) return } if contentLength == 0 { log.Print(""Empty content-length"") http.Error(w, errors.New(""Could not upload empty file"").Error(), 400) return } contentType := r.Header.Get(""Content-Type"") if contentType == """" { contentType = mime.TypeByExtension(filepath.Ext(vars[""filename""])) } token := Encode(INIT_SEED, s.randomTokenLength) metadata := MetadataForRequest(contentType, s.randomTokenLength, r) buffer := &bytes.Buffer{} if err := json.NewEncoder(buffer).Encode(metadata); err != nil { log.Printf(""%s"", err.Error()) http.Error(w, errors.New(""Could not encode metadata"").Error(), 500) return } else if err := s.storage.Put(token, fmt.Sprintf(""%s.metadata"", filename), buffer, ""text/json"", uint64(buffer.Len())); err != nil { log.Printf(""%s"", err.Error()) http.Error(w, errors.New(""Could not save metadata"").Error(), 500) return } log.Printf(""Uploading %s %s %d %s"", token, filename, contentLength, contentType) var err error if err = s.storage.Put(token, filename, reader, contentType, uint64(contentLength)); err != nil { log.Printf(""Error putting new file: %s"", err.Error()) http.Error(w, errors.New(""Could not save file"").Error(), 500) return } w.Header().Set(""Content-Type"", ""text/plain"") filename = url.PathEscape(filename) relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename)) deleteURL, _ := url.Parse(path.Join(s.proxyPath, token, filename, metadata.DeletionToken)) w.Header().Set(""X-Url-Delete"", resolveURL(r, deleteURL, s.proxyPort)) fmt.Fprint(w, resolveURL(r, relativeURL, s.proxyPort)) }",True,Go,putHandler,handlers.go,https://github.com/dutchcoders/transfer.sh,dutchcoders,GitHub,2021-05-21 15:49:48+02:00,fixes-20210521 (#373),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-33496,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1869,"func RunUsingChroot(spec *specs.Spec, bundlePath, homeDir string, stdin io.Reader, stdout, stderr io.Writer) (err error) { var confwg sync.WaitGroup var homeFound bool for _, env := range spec.Process.Env { if strings.HasPrefix(env, ""HOME="") { homeFound = true break } } if !homeFound { spec.Process.Env = append(spec.Process.Env, fmt.Sprintf(""HOME=%s"", homeDir)) } runtime.LockOSThread() defer runtime.UnlockOSThread() specbytes, err := json.Marshal(spec) if err != nil { return err } if err = ioutils.AtomicWriteFile(filepath.Join(bundlePath, ""config.json""), specbytes, 0600); err != nil { return errors.Wrapf(err, ""error storing runtime configuration"") } logrus.Debugf(""config = %v"", string(specbytes)) if stdin == nil { stdin = os.Stdin } if stdout == nil { stdout = os.Stdout } if stderr == nil { stderr = os.Stderr } preader, pwriter, err := os.Pipe() if err != nil { return errors.Wrapf(err, ""error creating configuration pipe"") } config, conferr := json.Marshal(runUsingChrootSubprocOptions{ Spec: spec, BundlePath: bundlePath, }) if conferr != nil { return errors.Wrapf(conferr, ""error encoding configuration for %q"", runUsingChrootCommand) } if spec.Process.Terminal && terminal.IsTerminal(unix.Stdin) { state, err := terminal.MakeRaw(unix.Stdin) if err != nil { logrus.Warnf(""error setting terminal state: %v"", err) } else { defer func() { if err = terminal.Restore(unix.Stdin, state); err != nil { logrus.Errorf(""unable to restore terminal state: %v"", err) } }() } } if err = setRlimits(spec, false, true); err != nil { return err } cmd := unshare.Command(runUsingChrootCommand) cmd.Stdin, cmd.Stdout, cmd.Stderr = stdin, stdout, stderr cmd.Dir = ""/"" cmd.Env = append([]string{fmt.Sprintf(""LOGLEVEL=%d"", logrus.GetLevel())}, os.Environ()...) logrus.Debugf(""Running %#v in %#v"", cmd.Cmd, cmd) confwg.Add(1) go func() { _, conferr = io.Copy(pwriter, bytes.NewReader(config)) pwriter.Close() confwg.Done() }() cmd.ExtraFiles = append([]*os.File{preader}, cmd.ExtraFiles...) err = cmd.Run() confwg.Wait() if err == nil { return conferr } return err }",True,Go,RunUsingChroot,run.go,https://github.com/containers/buildah,containers,Nalin Dahyabhai,2021-07-15 10:08:38-04:00,"chroot: fix environment value leakage to intermediate processes

Blake Burkhart reports that when running processes using ""chroot""
isolation, the process being run can examine the environment of its
immediate parent and grandparent processes (CVE-2021-3602).

When run in a container in a CI/CD environment, the environment may
include sensitive information which was shared with the container in
order to be used only by buildah itself.  The command being executed is
able to read such information.

This patch reduces the set of environment variables passed to these
intermediate processes, from all variables to the one which is used to
control the level of debug logging.  It also corrects a misleading debug
message and expands the description of chroot isolation in man pages.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>",CWE-212,Improper Removal of Sensitive Information Before Storage or Transfer,"The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.",https://cwe.mitre.org/data/definitions/212.html,CVE-2021-3602,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1871,"func logNamespaceDiagnostics(spec *specs.Spec) { sawMountNS := false sawUserNS := false sawUTSNS := false for _, ns := range spec.Linux.Namespaces { switch ns.Type { case specs.CgroupNamespace: if ns.Path != """" { logrus.Debugf(""unable to join cgroup namespace, sorry about that"") } else { logrus.Debugf(""unable to create cgroup namespace, sorry about that"") } case specs.IPCNamespace: if ns.Path != """" { logrus.Debugf(""unable to join IPC namespace, sorry about that"") } else { logrus.Debugf(""unable to create IPC namespace, sorry about that"") } case specs.MountNamespace: if ns.Path != """" { logrus.Debugf(""unable to join mount namespace %q, creating a new one"", ns.Path) } sawMountNS = true case specs.NetworkNamespace: if ns.Path != """" { logrus.Debugf(""unable to join network namespace, sorry about that"") } else { logrus.Debugf(""unable to create network namespace, sorry about that"") } case specs.PIDNamespace: if ns.Path != """" { logrus.Debugf(""unable to join PID namespace, sorry about that"") } else { logrus.Debugf(""unable to create PID namespace, sorry about that"") } case specs.UserNamespace: if ns.Path != """" { logrus.Debugf(""unable to join user namespace %q, creating a new one"", ns.Path) } sawUserNS = true case specs.UTSNamespace: if ns.Path != """" { logrus.Debugf(""unable to join UTS namespace %q, creating a new one"", ns.Path) } sawUTSNS = true } } if !sawMountNS { logrus.Debugf(""mount namespace not requested, but creating a new one anyway"") } if !sawUserNS { logrus.Debugf(""user namespace not requested, but creating a new one anyway"") } if !sawUTSNS { logrus.Debugf(""UTS namespace not requested, but creating a new one anyway"") } }",True,Go,logNamespaceDiagnostics,run.go,https://github.com/containers/buildah,containers,Nalin Dahyabhai,2021-07-15 10:08:38-04:00,"chroot: fix environment value leakage to intermediate processes

Blake Burkhart reports that when running processes using ""chroot""
isolation, the process being run can examine the environment of its
immediate parent and grandparent processes (CVE-2021-3602).

When run in a container in a CI/CD environment, the environment may
include sensitive information which was shared with the container in
order to be used only by buildah itself.  The command being executed is
able to read such information.

This patch reduces the set of environment variables passed to these
intermediate processes, from all variables to the one which is used to
control the level of debug logging.  It also corrects a misleading debug
message and expands the description of chroot isolation in man pages.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>",CWE-212,Improper Removal of Sensitive Information Before Storage or Transfer,"The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.",https://cwe.mitre.org/data/definitions/212.html,CVE-2021-3602,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1872,"func (o *ops) ExtractFromIgnition(ignitionPath string, fileToExtract string) error { o.log.Infof(""Getting pull secret from %s"", ignitionPath) ignitionData, err := ioutil.ReadFile(ignitionPath) if err != nil { o.log.Errorf(""Error occurred while trying to read %s : %e"", ignitionPath, err) return err } extractedContent, err := utils.GetFileContentFromIgnition(ignitionData, fileToExtract) if err != nil { o.log.Error(""Failed to parse ignition"") return err } tmpFile := ""/opt/extracted_from_ignition.json"" o.log.Infof(""Writing extracted content to tmp file %s"", tmpFile) err = ioutil.WriteFile(tmpFile, extractedContent, 0644) if err != nil { o.log.Errorf(""Error occurred while writing extracted content to %s"", tmpFile) return err } o.log.Infof(""Moving %s to %s"", tmpFile, fileToExtract) dir := filepath.Dir(fileToExtract) _, err = o.ExecPrivilegeCommand(o.logWriter, ""mkdir"", ""-p"", filepath.Dir(fileToExtract)) if err != nil { o.log.Errorf(""Failed to create directory %s "", dir) return err } _, err = o.ExecPrivilegeCommand(o.logWriter, ""mv"", tmpFile, fileToExtract) if err != nil { o.log.Errorf(""Error occurred while moving %s to %s"", tmpFile, fileToExtract) return err } return nil }",True,Go,ExtractFromIgnition,ops.go,https://github.com/openshift/assisted-installer,openshift,GitHub,2021-08-05 09:40:56+00:00,MGMT-7452: Remove token from assisted-installer-controller log (#338),CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2021-3684,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1877,"func (e *ExecCommandError) DetailedError() string { return fmt.Sprintf(""failed executing %s %v, env vars %v, error %s, waitStatus %d, Output \""%s\"""", e.Command, e.Args, e.Env, e.ExitErr, e.WaitStatus, e.Output) }",True,Go,DetailedError,ops.go,https://github.com/openshift/assisted-installer,openshift,GitHub,2021-08-09 09:42:34+00:00,"MGMT-7450: Removing pull secret token from failure logs (#340)

Adding function that will change token value to <SECRET>",CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2021-3684,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1878,"func (e *ExecCommandError) Error() string { lastOutput := e.Output if len(e.Output) > 200 { lastOutput = ""... "" + e.Output[len(e.Output)-200:] } return fmt.Sprintf(""failed executing %s %v, Error %s, LastOutput \""%s\"""", e.Command, e.Args, e.ExitErr, lastOutput) }",True,Go,Error,ops.go,https://github.com/openshift/assisted-installer,openshift,GitHub,2021-08-09 09:42:34+00:00,"MGMT-7450: Removing pull secret token from failure logs (#340)

Adding function that will change token value to <SECRET>",CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2021-3684,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1884,"func (hs *HTTPServer) getPluginAssets(c *models.ReqContext) { pluginID := web.Params(c.Req)["":pluginId""] plugin, exists := hs.pluginStore.Plugin(c.Req.Context(), pluginID) if !exists { c.JsonApiErr(404, ""Plugin not found"", nil) return } requestedFile := filepath.Clean(web.Params(c.Req)[""*""]) pluginFilePath := filepath.Join(plugin.PluginDir, requestedFile) if !plugin.IncludedInSignature(requestedFile) { hs.log.Warn(""Access to requested plugin file will be forbidden in upcoming Grafana versions as the file ""+ ""is not included in the plugin signature"", ""file"", requestedFile) } f, err := os.Open(pluginFilePath) if err != nil { if os.IsNotExist(err) { c.JsonApiErr(404, ""Plugin file not found"", err) return } c.JsonApiErr(500, ""Could not open plugin file"", err) return } defer func() { if err := f.Close(); err != nil { hs.log.Error(""Failed to close file"", ""err"", err) } }() fi, err := f.Stat() if err != nil { c.JsonApiErr(500, ""Plugin file exists but could not open"", err) return } if hs.Cfg.Env == setting.Dev { c.Resp.Header().Set(""Cache-Control"", ""max-age=0, must-revalidate, no-cache"") } else { c.Resp.Header().Set(""Cache-Control"", ""public, max-age=3600"") } http.ServeContent(c.Resp, c.Req, pluginFilePath, fi.ModTime(), f) }",True,Go,getPluginAssets,plugins.go,https://github.com/grafana/grafana,grafana,GitHub,2021-12-07 19:15:53+02:00,"Security: Fix directory traversal issue (#42846)

* security: fix dir traversal issue

(cherry picked from commit 00e38ba555cfb120361c9623de3285d70c60172f)

* Improve comments and error message.

Co-authored-by: Kyle Brandt <kyle@grafana.com>",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-43798,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1896,"func (g Grant) ValidateBasic() error { if g.Expiration.Unix() < time.Now().Unix() { return sdkerrors.Wrap(ErrInvalidExpirationTime, ""Time can't be in the past"") } av := g.Authorization.GetCachedValue() a, ok := av.(Authorization) if !ok { return sdkerrors.Wrapf(sdkerrors.ErrInvalidType, ""expected %T, got %T"", (Authorization)(nil), av) } return a.ValidateBasic() }",True,Go,ValidateBasic,authorization_grant.go,https://github.com/cosmos/cosmos-sdk,cosmos,GitHub,2021-10-12 10:40:49-04:00,"Merge pull request from GHSA-2p6r-37p9-89p2

* test: adding authz grant tests

* fix TestCLITxGrantAuthorization/Invalid_expiration_time test case

* comment out the test

* reenable test",CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2021-41135,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1901,"func (s *IntegrationTestSuite) TestCLITxGrantAuthorization() { val := s.network.Validators[0] grantee := s.grantee twoHours := time.Now().Add(time.Minute * time.Duration(120)).Unix() pastHour := time.Now().Add(time.Minute * time.Duration(-60)).Unix() testCases := []struct { name string args []string expectedCode uint32 expectErr bool }{ { ""Invalid granter Address"", []string{ ""grantee_addr"", ""send"", fmt.Sprintf(""--%s=100steak"", cli.FlagSpendLimit), fmt.Sprintf(""--%s=%s"", flags.FlagFrom, ""granter""), fmt.Sprintf(""--%s=true"", flags.FlagGenerateOnly), fmt.Sprintf(""--%s=%d"", cli.FlagExpiration, twoHours), }, 0, true, }, { ""Invalid grantee Address"", []string{ ""grantee_addr"", ""send"", fmt.Sprintf(""--%s=100steak"", cli.FlagSpendLimit), fmt.Sprintf(""--%s=%s"", flags.FlagFrom, val.Address.String()), fmt.Sprintf(""--%s=true"", flags.FlagGenerateOnly), fmt.Sprintf(""--%s=%d"", cli.FlagExpiration, twoHours), }, 0, true, }, { ""Invalid expiration time"", []string{ grantee.String(), ""send"", fmt.Sprintf(""--%s=100steak"", cli.FlagSpendLimit), fmt.Sprintf(""--%s=%s"", flags.FlagFrom, val.Address.String()), fmt.Sprintf(""--%s=true"", flags.FlagGenerateOnly), fmt.Sprintf(""--%s=%d"", cli.FlagExpiration, pastHour), }, 0, true, }, { ""fail with error invalid msg-type"", []string{ grantee.String(), ""generic"", fmt.Sprintf(""--%s=invalid-msg-type"", cli.FlagMsgType), fmt.Sprintf(""--%s=%s"", flags.FlagFrom, val.Address.String()), fmt.Sprintf(""--%s=%s"", flags.FlagBroadcastMode, flags.BroadcastBlock), fmt.Sprintf(""--%s=true"", flags.FlagSkipConfirmation), fmt.Sprintf(""--%s=%s"", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()), fmt.Sprintf(""--%s=%d"", cli.FlagExpiration, twoHours), }, 0x1d, false, }, { ""failed with error both validators not allowed"", []string{ grantee.String(), ""delegate"", fmt.Sprintf(""--%s=100stake"", cli.FlagSpendLimit), fmt.Sprintf(""--%s=true"", flags.FlagSkipConfirmation), fmt.Sprintf(""--%s=%s"", flags.FlagFrom, val.Address.String()), fmt.Sprintf(""--%s=%s"", flags.FlagBroadcastMode, flags.BroadcastBlock), fmt.Sprintf(""--%s=%d"", cli.FlagExpiration, twoHours), fmt.Sprintf(""--%s=%s"", cli.FlagAllowedValidators, val.ValAddress.String()), fmt.Sprintf(""--%s=%s"", cli.FlagDenyValidators, val.ValAddress.String()), fmt.Sprintf(""--%s=%s"", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()), }, 0, true, }, { ""valid tx delegate authorization allowed validators"", []string{ grantee.String(), ""delegate"", fmt.Sprintf(""--%s=100stake"", cli.FlagSpendLimit), fmt.Sprintf(""--%s=true"", flags.FlagSkipConfirmation), fmt.Sprintf(""--%s=%s"", flags.FlagFrom, val.Address.String()), fmt.Sprintf(""--%s=%s"", flags.FlagBroadcastMode, flags.BroadcastBlock), fmt.Sprintf(""--%s=%d"", cli.FlagExpiration, twoHours), fmt.Sprintf(""--%s=%s"", cli.FlagAllowedValidators, val.ValAddress.String()), fmt.Sprintf(""--%s=%s"", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()), }, 0, false, }, { ""valid tx delegate authorization deny validators"", []string{ grantee.String(), ""delegate"", fmt.Sprintf(""--%s=100stake"", cli.FlagSpendLimit), fmt.Sprintf(""--%s=true"", flags.FlagSkipConfirmation), fmt.Sprintf(""--%s=%s"", flags.FlagFrom, val.Address.String()), fmt.Sprintf(""--%s=%s"", flags.FlagBroadcastMode, flags.BroadcastBlock), fmt.Sprintf(""--%s=%d"", cli.FlagExpiration, twoHours), fmt.Sprintf(""--%s=%s"", cli.FlagDenyValidators, val.ValAddress.String()), fmt.Sprintf(""--%s=%s"", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()), }, 0, false, }, { ""valid tx undelegate authorization"", []string{ grantee.String(), ""unbond"", fmt.Sprintf(""--%s=100stake"", cli.FlagSpendLimit), fmt.Sprintf(""--%s=true"", flags.FlagSkipConfirmation), fmt.Sprintf(""--%s=%s"", flags.FlagFrom, val.Address.String()), fmt.Sprintf(""--%s=%s"", flags.FlagBroadcastMode, flags.BroadcastBlock), fmt.Sprintf(""--%s=%d"", cli.FlagExpiration, twoHours), fmt.Sprintf(""--%s=%s"", cli.FlagAllowedValidators, val.ValAddress.String()), fmt.Sprintf(""--%s=%s"", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()), }, 0, false, }, { ""valid tx redelegate authorization"", []string{ grantee.String(), ""redelegate"", fmt.Sprintf(""--%s=100stake"", cli.FlagSpendLimit), fmt.Sprintf(""--%s=true"", flags.FlagSkipConfirmation), fmt.Sprintf(""--%s=%s"", flags.FlagFrom, val.Address.String()), fmt.Sprintf(""--%s=%s"", flags.FlagBroadcastMode, flags.BroadcastBlock), fmt.Sprintf(""--%s=%d"", cli.FlagExpiration, twoHours), fmt.Sprintf(""--%s=%s"", cli.FlagAllowedValidators, val.ValAddress.String()), fmt.Sprintf(""--%s=%s"", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()), }, 0, false, }, { ""Valid tx send authorization"", []string{ grantee.String(), ""send"", fmt.Sprintf(""--%s=100steak"", cli.FlagSpendLimit), fmt.Sprintf(""--%s=%s"", flags.FlagFrom, val.Address.String()), fmt.Sprintf(""--%s=%s"", flags.FlagBroadcastMode, flags.BroadcastBlock), fmt.Sprintf(""--%s=%d"", cli.FlagExpiration, twoHours), fmt.Sprintf(""--%s=true"", flags.FlagSkipConfirmation), fmt.Sprintf(""--%s=%s"", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()), }, 0, false, }, { ""Valid tx generic authorization"", []string{ grantee.String(), ""generic"", fmt.Sprintf(""--%s=%s"", cli.FlagMsgType, typeMsgVote), fmt.Sprintf(""--%s=%s"", flags.FlagFrom, val.Address.String()), fmt.Sprintf(""--%s=%s"", flags.FlagBroadcastMode, flags.BroadcastBlock), fmt.Sprintf(""--%s=%d"", cli.FlagExpiration, twoHours), fmt.Sprintf(""--%s=true"", flags.FlagSkipConfirmation), fmt.Sprintf(""--%s=%s"", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()), }, 0, false, }, { ""Valid tx with amino"", []string{ grantee.String(), ""generic"", fmt.Sprintf(""--%s=%s"", cli.FlagMsgType, typeMsgVote), fmt.Sprintf(""--%s=%s"", flags.FlagFrom, val.Address.String()), fmt.Sprintf(""--%s=%s"", flags.FlagBroadcastMode, flags.BroadcastBlock), fmt.Sprintf(""--%s=%d"", cli.FlagExpiration, twoHours), fmt.Sprintf(""--%s=true"", flags.FlagSkipConfirmation), fmt.Sprintf(""--%s=%s"", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()), fmt.Sprintf(""--%s=%s"", flags.FlagSignMode, flags.SignModeLegacyAminoJSON), }, 0, false, }, } for _, tc := range testCases { tc := tc s.Run(tc.name, func() { clientCtx := val.ClientCtx out, err := ExecGrant( val, tc.args, ) if tc.expectErr { s.Require().Error(err) } else { var txResp sdk.TxResponse s.Require().NoError(err) s.Require().NoError(clientCtx.Codec.UnmarshalJSON(out.Bytes(), &txResp), out.String()) s.Require().Equal(tc.expectedCode, txResp.Code, out.String()) } }) } }",True,Go,TestCLITxGrantAuthorization,tx.go,https://github.com/cosmos/cosmos-sdk,cosmos,GitHub,2021-10-12 10:40:49-04:00,"Merge pull request from GHSA-2p6r-37p9-89p2

* test: adding authz grant tests

* fix TestCLITxGrantAuthorization/Invalid_expiration_time test case

* comment out the test

* reenable test",CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2021-41135,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1904,"func TestMsgGrantAuthorization(t *testing.T) { tests := []struct { title string granter, grantee sdk.AccAddress authorization authz.Authorization expiration time.Time expectErr bool expectPass bool }{ {""nil granter address"", nil, grantee, &banktypes.SendAuthorization{SpendLimit: coinsPos}, time.Now(), false, false}, {""nil grantee address"", granter, nil, &banktypes.SendAuthorization{SpendLimit: coinsPos}, time.Now(), false, false}, {""nil granter and grantee address"", nil, nil, &banktypes.SendAuthorization{SpendLimit: coinsPos}, time.Now(), false, false}, {""nil authorization"", granter, grantee, nil, time.Now(), true, false}, {""valid test case"", granter, grantee, &banktypes.SendAuthorization{SpendLimit: coinsPos}, time.Now().AddDate(0, 1, 0), false, true}, {""past time"", granter, grantee, &banktypes.SendAuthorization{SpendLimit: coinsPos}, time.Now().AddDate(0, 0, -1), false, false}, } for i, tc := range tests { msg, err := authz.NewMsgGrant( tc.granter, tc.grantee, tc.authorization, tc.expiration, ) if !tc.expectErr { require.NoError(t, err) } else { continue } if tc.expectPass { require.NoError(t, msg.ValidateBasic(), ""test: %v"", i) } else { require.Error(t, msg.ValidateBasic(), ""test: %v"", i) } } }",True,Go,TestMsgGrantAuthorization,msgs_test.go,https://github.com/cosmos/cosmos-sdk,cosmos,GitHub,2021-10-12 10:40:49-04:00,"Merge pull request from GHSA-2p6r-37p9-89p2

* test: adding authz grant tests

* fix TestCLITxGrantAuthorization/Invalid_expiration_time test case

* comment out the test

* reenable test",CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2021-41135,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1906,"func (s *server) authAndCreateUserLdap(UserName string, UserPassword string) (*database.User, error) { var AuthedUser *database.User l, err := ldap.DialURL(viper.GetString(""auth.ldap.url"")) if err != nil { log.Println(""Failed connecting to ldap server at"", viper.GetString(""auth.ldap.url"")) return AuthedUser, err } defer l.Close() if viper.GetBool(""auth.ldap.use_tls"") { err = l.StartTLS(&tls.Config{InsecureSkipVerify: true}) if err != nil { log.Println(""Failed securing ldap connection"", err) return AuthedUser, err } } if viper.GetString(""auth.ldap.bindname"") != """" { err = l.Bind(viper.GetString(""auth.ldap.bindname""), viper.GetString(""auth.ldap.bindpass"")) if err != nil { log.Println(""Failed binding for authentication:"", err) return AuthedUser, err } } searchRequest := ldap.NewSearchRequest(viper.GetString(""auth.ldap.basedn""), ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, fmt.Sprintf(viper.GetString(""auth.ldap.filter""), UserName), []string{""dn"", viper.GetString(""auth.ldap.mail_attr""), viper.GetString(""auth.ldap.cn_attr"")}, nil, ) sr, err := l.Search(searchRequest) if err != nil { log.Println(""Failed performing ldap search query for"", UserName, "":"", err) return AuthedUser, err } if len(sr.Entries) != 1 { log.Println(""User"", UserName, ""does not exist or too many entries returned"") return AuthedUser, errors.New(""user not found"") } userdn := sr.Entries[0].DN useremail := sr.Entries[0].GetAttributeValue(viper.GetString(""auth.ldap.mail_attr"")) usercn := sr.Entries[0].GetAttributeValue(viper.GetString(""auth.ldap.cn_attr"")) err = l.Bind(userdn, UserPassword) if err != nil { log.Println(""Failed authenticating user "", UserName) return AuthedUser, err } AuthedUser, err = s.database.GetUserByEmail(useremail) if AuthedUser == nil { log.Println(""User"", useremail, ""does not exist in database, auto-recruit"") newUser, verifyID, err := s.database.CreateUserRegistered(usercn, useremail, """", """") if err != nil { log.Println(""Failed auto-creating new user"", err) return AuthedUser, err } err = s.database.VerifyUserAccount(verifyID) if err != nil { log.Println(""Failed verifying new user"", err) return AuthedUser, err } AuthedUser = newUser } return AuthedUser, nil }",True,Go,authAndCreateUserLdap,auth.go,https://github.com/StevenWeathers/thunderdome-planning-poker,StevenWeathers,Steven Weathers,2021-11-01 20:48:52-04:00,Fix LDAP vulnerability,CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2021-41232,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1908,"func (app *Configurable) Encrypt(parameters map[string]string) interfaces.AppFunction { algorithm, ok := parameters[Algorithm] if !ok { app.lc.Errorf(""Could not find '%s' parameter for Encrypt"", Algorithm) return nil } secretPath := parameters[SecretPath] secretName := parameters[SecretName] encryptionKey := parameters[EncryptionKey] if len(encryptionKey) == 0 && (len(secretPath) == 0 || len(secretName) == 0) { app.lc.Errorf(""Could not find '%s' or '%s' and '%s' in configuration"", EncryptionKey, SecretPath, SecretName) return nil } if (len(secretPath) != 0 && len(secretName) == 0) || (len(secretPath) == 0 && len(secretName) != 0) { app.lc.Errorf(""'%s' and '%s' both must be set in configuration"", SecretPath, SecretName) return nil } initVector, ok := parameters[InitVector] if !ok { app.lc.Error(""Could not find "" + InitVector) return nil } transform := transforms.Encryption{ EncryptionKey: encryptionKey, InitializationVector: initVector, SecretPath: secretPath, SecretName: secretName, } switch strings.ToLower(algorithm) { case EncryptAES: return transform.EncryptWithAES default: app.lc.Errorf( ""Invalid encryption algorithm '%s'. Must be '%s'"", algorithm, EncryptAES) return nil } }",True,Go,Encrypt,configurable.go,https://github.com/edgexfoundry/app-functions-sdk-go,edgexfoundry,GitHub,2021-11-01 16:40:51-07:00,"feat(transforms): new AES 256 Encryption Transform (#984)

Add new transform using AES 256 Encryption with a SHA512 authentication
mechanism.

Fixes #968

Signed-off-by: Alex Ullrich <alex.ullrich@gmail.com>",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2021-41278,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1936,"func (s *Server) socketHandler(endpointHandle SocketHandle, options HandleOptions) httprouter.Handle { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { conn, err := upgrader.Upgrade(w, r, nil) if err != nil { s.log.Error(""Error upgrading client for websocket connection: %s"", err.Error()) return } endpointHandle(Request{ Params: ps, log: s.log, }, WSConn{ c: conn, }) s.log.Debug(""HTTP WS Request: ws: } }",True,Go,socketHandler,websocket.go,https://github.com/ecnepsnai/web,ecnepsnai,Ian Spence,2020-12-30 15:48:46-08:00,Fix: websocket requests were not authenticated,CWE-476,NULL Pointer Dereference,"A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.",https://cwe.mitre.org/data/definitions/476.html,CVE-2021-4236,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1943,"func RandomAlphaNumeric(count int) (string, error) { RandomString, err := Random(count, 0, 0, true, true) if err != nil { return """", fmt.Errorf(""Error: %s"", err) } match, err := regexp.MatchString(""([0-9]+)"", RandomString) if err != nil { panic(err) } if !match { position := rand.Intn(count) RandomString = RandomString[:position] + string('0'+rand.Intn(10)) + RandomString[position+1:] return RandomString, err } return RandomString, err }",True,Go,RandomAlphaNumeric,randomstringutils.go,https://github.com/Masterminds/goutils,Masterminds,Matt Butcher,2021-01-28 14:00:48-07:00,"Remove unnecessary checks on a value that is already definitely an alphanum

Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>",CWE-331,Insufficient Entropy,"The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.",https://cwe.mitre.org/data/definitions/331.html,CVE-2021-4238,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1953,func (d *DefaultClient) ClientSecretMatches(secret string) bool { return d.Secret == secret },True,Go,ClientSecretMatches,client.go,https://github.com/openshift/osin,openshift,Stanislav Laznicka,2021-01-13 13:41:01+01:00,"Use constant time comparisons for client secrets

This is a precaution to avoid possible timing attacks on
client secrets.",CWE-203,Observable Discrepancy,"The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.",https://cwe.mitre.org/data/definitions/203.html,CVE-2021-4294,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1955,"func CheckClientSecret(client Client, secret string) bool { switch client := client.(type) { case ClientSecretMatcher: return client.ClientSecretMatches(secret) default: return client.GetSecret() == secret } }",True,Go,CheckClientSecret,util.go,https://github.com/openshift/osin,openshift,Stanislav Laznicka,2021-01-13 13:41:01+01:00,"Use constant time comparisons for client secrets

This is a precaution to avoid possible timing attacks on
client secrets.",CWE-203,Observable Discrepancy,"The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.",https://cwe.mitre.org/data/definitions/203.html,CVE-2021-4294,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1956,"func WithRelabeledContainerMounts(mountLabel string) oci.SpecOpts { return func(ctx context.Context, client oci.Client, _ *containers.Container, s *runtimespec.Spec) (err error) { if mountLabel == """" { return nil } for _, m := range s.Mounts { switch m.Destination { case etcHosts, etcHostname, resolvConfPath: if err := label.Relabel(m.Source, mountLabel, false); err != nil { return err } } } return nil } }",True,Go,WithRelabeledContainerMounts,spec_linux.go,https://github.com/dweomer/containerd,dweomer,Jacob Blain Christen,2021-11-02 12:38:43-07:00,"Revert ""[cri] label etc files for selinux containers""

This reverts commit a731039238c62be081eb8c31525b988415745eea.",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2021-43816,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1960,"func createDefaultConfigFileIfNotExists() error { defaultFilePath := GetDefaultConfigFilePath() if isExists(defaultFilePath) { return nil } folderPath := filepath.Dir(defaultFilePath) if !isExists(folderPath) { err := os.Mkdir(folderPath, folderPermission) if err != nil { return err } } f, err := os.Create(defaultFilePath) if err != nil { return err } return f.Close() }",True,Go,createDefaultConfigFileIfNotExists,root.go,https://github.com/opensearch-project/opensearch-cli,opensearch-project,Vijayan Balasubramanian,2021-10-28 11:48:43-07:00,"Update default folder and file permission

Update folder path to 700 and file path to 600.

Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com>",CWE-276,Incorrect Default Permissions,"During installation, installed file permissions are set to allow anyone to modify those files.",https://cwe.mitre.org/data/definitions/276.html,CVE-2021-44833,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1964,"func GetDNSKey() string { key := ""secretkey"" if os.Getenv(""DNS_KEY"") != """" { key = os.Getenv(""DNS_KEY"") } else if config.Config.Server.DNSKey != """" { key = config.Config.Server.DNSKey } return key }",True,Go,GetDNSKey,serverconf.go,https://github.com/gravitl/netmaker,gravitl,0xdcarns,2023-04-03 14:17:14-04:00,fixed hard coded dns key,CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2023-32077,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1965,"func SetJWTSecret() { currentSecret, jwtErr := FetchJWTSecret() if jwtErr != nil { jwtSecretKey = []byte(RandomString(64)) if err := StoreJWTSecret(string(jwtSecretKey)); err != nil { logger.FatalLog(""something went wrong when configuring JWT authentication"") } } else { jwtSecretKey = []byte(currentSecret) } }",True,Go,SetJWTSecret,jwts.go,https://github.com/gravitl/netmaker,gravitl,0xdcarns,2022-02-15 21:50:47-05:00,hotfix 2,CWE-321,Use of Hard-coded Cryptographic Key,The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.,https://cwe.mitre.org/data/definitions/321.html,CVE-2022-0664,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1968,"func ServeData(ctx *context.Context, name string, size int64, reader io.Reader) error { buf := make([]byte, 1024) n, err := util.ReadAtMost(reader, buf) if err != nil { return err } if n >= 0 { buf = buf[:n] } ctx.Resp.Header().Set(""Cache-Control"", ""public,max-age=86400"") if size >= 0 { ctx.Resp.Header().Set(""Content-Length"", fmt.Sprintf(""%d"", size)) } else { log.Error(""ServeData called to serve data: %s with size < 0: %d"", name, size) } name = path.Base(name) name = strings.ReplaceAll(name, "","", "" "") st := typesniffer.DetectContentType(buf) mappedMimeType := """" if setting.MimeTypeMap.Enabled { fileExtension := strings.ToLower(filepath.Ext(name)) mappedMimeType = setting.MimeTypeMap.Map[fileExtension] } if st.IsText() || ctx.FormBool(""render"") { cs, err := charset.DetectEncoding(buf) if err != nil { log.Error(""Detect raw file %s charset failed: %v, using by default utf-8"", name, err) cs = ""utf-8"" } if mappedMimeType == """" { mappedMimeType = ""text/plain"" } ctx.Resp.Header().Set(""Content-Type"", mappedMimeType+""; charset=""+strings.ToLower(cs)) } else { ctx.Resp.Header().Set(""Access-Control-Expose-Headers"", ""Content-Disposition"") if mappedMimeType != """" { ctx.Resp.Header().Set(""Content-Type"", mappedMimeType) } if (st.IsImage() || st.IsPDF()) && (setting.UI.SVG.Enabled || !st.IsSvgImage()) { ctx.Resp.Header().Set(""Content-Disposition"", fmt.Sprintf(`inline; filename=""%s""`, name)) if st.IsSvgImage() { ctx.Resp.Header().Set(""Content-Security-Policy"", ""default-src 'none'; style-src 'unsafe-inline'; sandbox"") ctx.Resp.Header().Set(""X-Content-Type-Options"", ""nosniff"") ctx.Resp.Header().Set(""Content-Type"", typesniffer.SvgMimeType) } } else { ctx.Resp.Header().Set(""Content-Disposition"", fmt.Sprintf(`attachment; filename=""%s""`, name)) } } _, err = ctx.Resp.Write(buf) if err != nil { return err } _, err = io.Copy(ctx.Resp, reader) return err }",True,Go,ServeData,repo.go,https://github.com/go-gitea/gitea,go-gitea,GitHub,2022-05-28 18:10:14+03:00,Fix raw endpoint PDF file headers (#19825),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1928,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1971,"func (ctx *Context) RedirectToFirst(location ...string) { for _, loc := range location { if len(loc) == 0 { continue } if len(loc) > 1 && loc[0] == '/' && (loc[1] == '/' || loc[1] == '\\') { continue } u, err := url.Parse(loc) if err != nil || ((u.Scheme != """" || u.Host != """") && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) { continue } ctx.Redirect(loc) return } ctx.Redirect(setting.AppSubURL + ""/"") }",True,Go,RedirectToFirst,context_response.go,https://github.com/go-gitea/gitea,go-gitea,GitHub,2023-06-08 14:08:14+00:00,"Fix open redirect check for more cases (#25143)

If redirect_to parameter has set value starting with `\\example.com`
redirect will be created with header `Location: /\\example.com` that
will redirect to example.com domain.",CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2023-3515,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1975,"func (c CrossOriginResourceSharing) isOriginAllowed(origin string) bool { if len(origin) == 0 { return false } if len(c.AllowedDomains) == 0 { return true } allowed := false for _, domain := range c.AllowedDomains { if domain == origin { allowed = true break } } if !allowed { if len(c.allowedOriginPatterns) == 0 { allowedOriginRegexps, err := compileRegexps(c.AllowedDomains) if err != nil { return false } c.allowedOriginPatterns = allowedOriginRegexps } for _, pattern := range c.allowedOriginPatterns { if allowed = pattern.MatchString(origin); allowed { break } } } return allowed }",True,Go,isOriginAllowed,cors_filter.go,https://github.com/emicklei/go-restful,emicklei,GitHub,2022-06-06 07:45:08+02:00,"use exact matching of allowed domain entries, issue #489 (#493)

* use exact matching of allowed domain entries, issue #489

* update doc, add testcases from PR conversation

* introduce AllowedDomainFunc #489

* more tests, fix doc

* lowercase origin before checking cors",CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-1996,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1978,"func TestCORSFilter_AllowedDomains(t *testing.T) { for _, each := range allowedDomainInput { tearDown() ws := new(WebService) ws.Route(ws.PUT(""/cors"").To(dummy)) Add(ws) cors := CrossOriginResourceSharing{ AllowedDomains: each.domains, CookiesAllowed: true, Container: DefaultContainer} Filter(cors.Filter) httpRequest, _ := http.NewRequest(""PUT"", ""http: httpRequest.Header.Set(HEADER_Origin, each.origin) httpWriter := httptest.NewRecorder() DefaultContainer.Dispatch(httpWriter, httpRequest) actual := httpWriter.Header().Get(HEADER_AccessControlAllowOrigin) if actual != each.origin && each.allowed { t.Fatal(""expected to be accepted"") } if actual == each.origin && !each.allowed { t.Fatal(""did not expect to be accepted"") } } }",True,Go,TestCORSFilter_AllowedDomains,cors_filter_test.go,https://github.com/emicklei/go-restful,emicklei,GitHub,2022-06-06 07:45:08+02:00,"use exact matching of allowed domain entries, issue #489 (#493)

* use exact matching of allowed domain entries, issue #489

* update doc, add testcases from PR conversation

* introduce AllowedDomainFunc #489

* more tests, fix doc

* lowercase origin before checking cors",CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-1996,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1984,"const getPathFromExecutableNameOnNonWindows = (packageName, executableName) => { try { const whichResult = (childProcess.execSync(`which ${executableName}`) || """").toString().trim(), lsLResult = (childProcess.execSync(`ls -l \`which ${executableName}\``) || """").toString().trim(); if (whichResult && lsLResult) { const regex = new RegExp(`${whichResult}\\s+->\\s+(.*?)$`), match = lsLResult.match(regex); if (match && match[1]) { const pathToRealExecutable = fs.realpathSync(path.join(path.dirname(whichResult), match[1])); const packagePathMatch = pathToRealExecutable.match(new RegExp(`(.*?${path.join(nodeModulesDirName, packageName)}).*$`)); if (packagePathMatch) { const verifiedPath = getVerifiedPath(packagePathMatch[1], packageName); if (verifiedPath) { return verifiedPath; } } } return getPathWhenExecutableIsAddedDirectlyToPath(packageName, whichResult); } } catch (err) { console.error(err.message); } return null; };",True,Go,getPathFromExecutableNameOnNonWindows,index.js,https://github.com/rosen-vladimirov/global-modules-path,rosen-vladimirov,rosen-vladimirov,2023-01-08 19:05:12+02:00,"fix: do not allow command injection

Due to usage of execSync, callers may inject commands, like getPath(""something & touch abc"", ""somethingElse & touch def"").
To fix this, replace execSync with spawnSync, which is safe for command injection.",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-21191,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1986,const getNpmPrefix = (pathToNpm) => { try { const npmPrefixStdout = childProcess.execSync(`${pathToNpm} config get prefix`); return npmPrefixStdout && npmPrefixStdout.toString().trim(); } catch (err) { console.error(err.message); } return null; };,True,Go,getNpmPrefix,index.js,https://github.com/rosen-vladimirov/global-modules-path,rosen-vladimirov,rosen-vladimirov,2023-01-08 19:05:12+02:00,"fix: do not allow command injection

Due to usage of execSync, callers may inject commands, like getPath(""something & touch abc"", ""somethingElse & touch def"").
To fix this, replace execSync with spawnSync, which is safe for command injection.",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-21191,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1991,"func TestMaxDepthValidation(t *testing.T) { s, err := schema.ParseSchema(interfaceSimple, false) if err != nil { t.Fatal(err) } for _, tc := range []struct { name string query string maxDepth int expected bool }{ { name: ""off"", query: `query Fine { # depth 0 characters { # depth 1 id # depth 2 name # depth 2 friends { # depth 2 id # depth 3 name # depth 3 } } }`, maxDepth: 0, }, { name: ""fields"", query: `query Fine { # depth 0 characters { # depth 1 id # depth 2 name # depth 2 friends { # depth 2 id # depth 3 name # depth 3 } } }`, maxDepth: 2, expected: true, }, { name: ""fragment"", query: `fragment friend on Character { id # depth 6 name friends { name # depth 7 } } query { # depth 0 characters { # depth 1 id # depth 2 name # depth 2 friends { # depth 2 friends { # depth 3 friends { # depth 4 friends { # depth 5 ...friend # depth 6 } } } } } }`, maxDepth: 5, expected: true, }, { name: ""inlinefragment"", query: `query { # depth 0 characters { # depth 1 ... on Droid { # depth 2 primaryFunction # depth 2 } } }`, maxDepth: 1, expected: true, }, } { t.Run(tc.name, func(t *testing.T) { doc, err := query.Parse(tc.query) if err != nil { t.Fatal(err) } context := newContext(s, doc, tc.maxDepth) op := doc.Operations[0] opc := &opContext{context: context, ops: doc.Operations} actual := validateMaxDepth(opc, op.Selections, 1) if actual != tc.expected { t.Errorf(""expected %t, actual %t"", tc.expected, actual) } }) } }",True,Go,TestMaxDepthValidation,validate_max_depth_test.go,https://github.com/graph-gophers/graphql-go,graph-gophers,GitHub,2022-01-18 23:14:45+02:00,validation: fix bug in maxDepth fragment spread logic (#492),CWE-674,Uncontrolled Recursion,"The product does not properly control the amount of recursion that takes place,  consuming excessive resources, such as allocated memory or the program stack.",https://cwe.mitre.org/data/definitions/674.html,CVE-2022-21708,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
1994,"func validateMaxDepth(c *opContext, sels []types.Selection, depth int) bool { if c.maxDepth == 0 { return false } exceededMaxDepth := false for _, sel := range sels { switch sel := sel.(type) { case *types.Field: if depth > c.maxDepth { exceededMaxDepth = true c.addErr(sel.Alias.Loc, ""MaxDepthExceeded"", ""Field %q has depth %d that exceeds max depth %d"", sel.Name.Name, depth, c.maxDepth) continue } exceededMaxDepth = exceededMaxDepth || validateMaxDepth(c, sel.SelectionSet, depth+1) case *types.InlineFragment: exceededMaxDepth = exceededMaxDepth || validateMaxDepth(c, sel.Selections, depth) case *types.FragmentSpread: frag := c.doc.Fragments.Get(sel.Name.Name) if frag == nil { c.addErr(sel.Loc, ""MaxDepthEvaluationError"", ""Unknown fragment %q. Unable to evaluate depth."", sel.Name.Name) continue } exceededMaxDepth = exceededMaxDepth || validateMaxDepth(c, frag.Selections, depth) } } return exceededMaxDepth }",True,Go,validateMaxDepth,validation.go,https://github.com/graph-gophers/graphql-go,graph-gophers,GitHub,2022-01-18 23:14:45+02:00,validation: fix bug in maxDepth fragment spread logic (#492),CWE-674,Uncontrolled Recursion,"The product does not properly control the amount of recursion that takes place,  consuming excessive resources, such as allocated memory or the program stack.",https://cwe.mitre.org/data/definitions/674.html,CVE-2022-21708,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2003,"func performV1APIRouting(e *echo.Echo) { prefix := *appFlags.APIPrefix if viper.IsSet(""http_settings.api_prefix"") { prefix = viper.GetString(""http_settings.api_prefix"") } acc := e.Group(prefix + ""/api/v3"") switch config.Setting.MAIN_SETTINGS.DefaultAuth { case ""ldap"": apirouterv1.RouteUserApis(acc, servicesObject.configDBSession, &ldapClient, nil) case ""http_auth"": apirouterv1.RouteUserApis(acc, servicesObject.configDBSession, nil, &httpAuth) default: apirouterv1.RouteUserApis(acc, servicesObject.configDBSession, nil, nil) } apirouterv1.RouteAgentsubAuthKeyApis(acc, servicesObject.configDBSession) addr := fmt.Sprintf(""%s:%d"", viper.Get(""hep_relay.host""), viper.GetInt(""hep_relay.port"")) apirouterv1.RouteWebSocketApis(acc, addr) res := e.Group(prefix + ""/api/v3"") config := middleware.JWTConfig{ Claims: &auth.JwtUserClaim{}, SigningKey: []byte(auth.JwtSecret), } res.Use(middleware.JWTWithConfig(config)) res.Use(auth.MiddlewareRes) logger.Debug(auth.JwtUserClaim{}) apirouterv1.RouteMappingdApis(res, servicesObject.configDBSession) apirouterv1.RouteAliasApis(res, servicesObject.configDBSession) apirouterv1.RouteAdvancedApis(res, servicesObject.configDBSession) apirouterv1.RouteHepsubApis(res, servicesObject.configDBSession) apirouterv1.RouteAuthTokenApis(res, servicesObject.configDBSession) apirouterv1.RouteUserDetailsApis(res, servicesObject.configDBSession) apirouterv1.RouteUserSettingsApis(res, servicesObject.configDBSession) apirouterv1.RouteAgentsubApis(res, servicesObject.configDBSession) apirouterv1.RouteHepSubSearch(res, servicesObject.configDBSession) apirouterv1.RouteSearchApis(res, servicesObject.dataDBSession, servicesObject.configDBSession, servicesObject.externalDecoder) apirouterv1.RouteDashboardApis(res, servicesObject.configDBSession) apirouterv1.RouteProfileApis(res, servicesObject.configDBSession, servicesObject.databaseNodeMap) apirouterv1.RouteStatisticApis(res, servicesObject.influxDBSession) apirouterv1.RoutePrometheusApis(res, servicesObject.servicePrometheus) apirouterv1.RouteLokiApis(res, servicesObject.serviceLoki) apirouterv1.RouteGrafanaApis(res, servicesObject.configDBSession, servicesObject.serviceGrafana) }",True,Go,performV1APIRouting,main.go,https://github.com/sipcapture/homer-app,sipcapture,Alexandr Dubovikov,2022-01-07 16:24:41+01:00,"added jwt generator.

Many thanks to Omri Baso and Fabien Aunay for the report! Great job guys!",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2022-22845,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2005,"func (*DeleteGroupRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{17} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2008,func (x *ListAccountsRequest) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[26] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2009,func (x *UpdateGroupRequest) Reset() { *x = UpdateGroupRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[37] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2010,"func (*DeleteLeaderboardRecordRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{20} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2011,func (x *DeleteWalletLedgerRequest) Reset() { *x = DeleteWalletLedgerRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[22] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2012,func (x *StatusList_Status) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[49] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2013,func (x *ListPurchasesRequest) Reset() { *x = ListPurchasesRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[28] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2024,"func (*LeaderboardList) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{24} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2026,func (x *RuntimeInfo_ModuleInfo) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[50] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2029,func (x *StorageCollectionsList) Reset() { *x = StorageCollectionsList{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[34] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2034,func (x *UpdateAccountRequest) Reset() { *x = UpdateAccountRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[36] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2043,func (x *UpdateGroupUserStateRequest) Reset() { *x = UpdateGroupUserStateRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[19] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2052,func (x *DeleteGroupRequest) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[17] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2054,func (x *RuntimeInfo_ModuleInfo) Reset() { *x = RuntimeInfo_ModuleInfo{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[50] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2055,"func (*DeleteWalletLedgerRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{22} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2057,func (x *ConsoleSession) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[15] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2058,func (x *MatchStateRequest) Reset() { *x = MatchStateRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[32] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2059,func (x *ListAccountsRequest) Reset() { *x = ListAccountsRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[26] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2064,func (x *WalletLedgerList) Reset() { *x = WalletLedgerList{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[43] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2065,func (x *DeleteWalletLedgerRequest) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[22] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2068,func (x *RuntimeInfo) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[41] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2073,"func (*WalletLedger) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{42} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2077,"func (*ListSubscriptionsRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{29} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2079,func (x *UpdateGroupRequest) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[37] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2080,func (x *WriteStorageObjectRequest) Reset() { *x = WriteStorageObjectRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[44] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2083,"func (*UpdateGroupRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{37} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2084,func (x *UserList_User) Reset() { *x = UserList_User{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[48] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2087,"func (*CallApiEndpointResponse) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{13} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2096,"func (*DeleteGroupUserRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{18} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2098,func (x *GetWalletLedgerRequest) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[45] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2101,func (x *WriteStorageObjectRequest) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[44] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2102,"func (*StorageList) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{33} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2104,func (x *ListStorageRequest) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[30] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2106,func (x *UserList) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[39] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2109,func (x *Leaderboard) Reset() { *x = Leaderboard{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[23] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2110,func (x *StatusList_Status) Reset() { *x = StatusList_Status{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[49] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2111,"func (*Config) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{14} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2114,func (x *StorageCollectionsList) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[34] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2116,func (x *DeleteFriendRequest) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[16] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2118,func (x *DeleteFriendRequest) Reset() { *x = DeleteFriendRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[16] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2119,func (x *StorageList) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[33] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2120,func (x *Config_Warning) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[46] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2121,"func (*DeleteStorageObjectRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{21} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2124,"func (*Username) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{38} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2125,func (x *GetWalletLedgerRequest) Reset() { *x = GetWalletLedgerRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[45] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2129,func (x *UserList_User) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[48] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2131,"func (*UpdateAccountRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{36} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2134,func (x *StorageList) Reset() { *x = StorageList{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[33] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2135,"func (*WriteStorageObjectRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{44} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2136,"func (*GetWalletLedgerRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{45} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2137,"func (*DeleteFriendRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{16} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2147,func (x *CallApiEndpointResponse) Reset() { *x = CallApiEndpointResponse{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2150,func (x *MatchStateRequest) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[32] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2153,func (x *RuntimeInfo) Reset() { *x = RuntimeInfo{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[41] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2157,func (x *StatusList) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[40] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2164,"func (*MatchStateRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{32} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2171,"func (*UserList_User) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{39, 0} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2175,func (x *MatchState) Reset() { *x = MatchState{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[31] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2176,"func (*CallApiEndpointRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{12} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2177,func (x *Config_Warning) Reset() { *x = Config_Warning{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[46] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2180,"func (*StorageCollectionsList) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{34} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2185,func (x *Config) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[14] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2189,func (x *LeaderboardRequest) Reset() { *x = LeaderboardRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[25] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2190,"func (*ListGroupsRequest) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{27} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2193,func (x *DeleteGroupUserRequest) Reset() { *x = DeleteGroupUserRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2207,"func (*StatusList) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{40} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2215,func (x *CallApiEndpointRequest) Reset() { *x = CallApiEndpointRequest{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2217,func (x *LeaderboardList) Reset() { *x = LeaderboardList{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[24] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2220,"func (*ConsoleSession) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{15} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2221,func (x *ConsoleSession) Reset() { *x = ConsoleSession{} if protoimpl.UnsafeEnabled { mi := &file_console_proto_msgTypes[15] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } },True,Go,Reset,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2223,func (x *ListPurchasesRequest) ProtoReflect() protoreflect.Message { mi := &file_console_proto_msgTypes[28] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) },True,Go,ProtoReflect,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2229,"func (*Leaderboard) Descriptor() ([]byte, []int) { return file_console_proto_rawDescGZIP(), []int{23} }",True,Go,Descriptor,console.pb.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2250,"func consoleInterceptorFunc(logger *zap.Logger, config Config) func(context.Context, interface{}, *grpc.UnaryServerInfo, grpc.UnaryHandler) (interface{}, error) {",True,Go,consoleInterceptorFunc,console.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2251,"func checkAuth(ctx context.Context, config Config, auth string) (context.Context, bool) { const basicPrefix = ""Basic "" const bearerPrefix = ""Bearer "" if strings.HasPrefix(auth, basicPrefix) { username, password, ok := parseBasicAuth(auth) if !ok { return ctx, false } if username != config.GetConsole().Username || password != config.GetConsole().Password { return ctx, false } ctx = context.WithValue(context.WithValue(context.WithValue(ctx, ctxConsoleRoleKey{}, console.UserRole_USER_ROLE_ADMIN), ctxConsoleUsernameKey{}, username), ctxConsoleEmailKey{}, """") return ctx, true } else if strings.HasPrefix(auth, bearerPrefix) { token, err := jwt.Parse(auth[len(bearerPrefix):], func(token *jwt.Token) (interface{}, error) { if s, ok := token.Method.(*jwt.SigningMethodHMAC); !ok || s.Hash != crypto.SHA256 { return nil, fmt.Errorf(""unexpected signing method: %v"", token.Header[""alg""]) } return []byte(config.GetConsole().SigningKey), nil }) if err != nil { return ctx, false } uname, email, role, exp, ok := parseConsoleToken([]byte(config.GetConsole().SigningKey), auth[len(bearerPrefix):]) if !ok || !token.Valid { return ctx, false } if !ok { return ctx, false } if exp <= time.Now().UTC().Unix() { return ctx, false } ctx = context.WithValue(context.WithValue(context.WithValue(ctx, ctxConsoleRoleKey{}, role), ctxConsoleUsernameKey{}, uname), ctxConsoleEmailKey{}, email) return ctx, true } return ctx, false }",True,Go,checkAuth,console.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2254,"func parseConsoleToken(hmacSecretByte []byte, tokenString string) (username, email string, role console.UserRole, exp int64, ok bool) { token, err := jwt.ParseWithClaims(tokenString, &ConsoleTokenClaims{}, func(token *jwt.Token) (interface{}, error) { if s, ok := token.Method.(*jwt.SigningMethodHMAC); !ok || s.Hash != crypto.SHA256 { return nil, fmt.Errorf(""unexpected signing method: %v"", token.Header[""alg""]) } return hmacSecretByte, nil }) if err != nil { return } claims, ok := token.Claims.(*ConsoleTokenClaims) if !ok || !token.Valid { return } return claims.Username, claims.Email, claims.Role, claims.ExpiresAt, true }",True,Go,parseConsoleToken,console_authenticate.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2256,"func (s *ConsoleServer) Authenticate(ctx context.Context, in *console.AuthenticateRequest) (*console.ConsoleSession, error) { role := console.UserRole_USER_ROLE_UNKNOWN var uname string var email string switch in.Username { case s.config.GetConsole().Username: if in.Password == s.config.GetConsole().Password { role = console.UserRole_USER_ROLE_ADMIN uname = in.Username } default: var err error uname, email, role, err = s.lookupConsoleUser(ctx, in.Username, in.Password) if err != nil { return nil, err } } if role == console.UserRole_USER_ROLE_UNKNOWN { return nil, status.Error(codes.Unauthenticated, ""Invalid credentials."") } token := jwt.NewWithClaims(jwt.SigningMethodHS256, &ConsoleTokenClaims{ ExpiresAt: time.Now().UTC().Add(time.Duration(s.config.GetConsole().TokenExpirySec) * time.Second).Unix(), Username: uname, Email: email, Role: role, Cookie: s.cookie, }) key := []byte(s.config.GetConsole().SigningKey) signedToken, _ := token.SignedString(key) return &console.ConsoleSession{Token: signedToken}, nil }",True,Go,Authenticate,console_authenticate.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2259,"func (s *ConsoleServer) importStorage(w http.ResponseWriter, r *http.Request) { auth := r.Header.Get(""authorization"") if len(auth) == 0 { w.WriteHeader(401) if _, err := w.Write([]byte(""Console authentication required."")); err != nil { s.logger.Error(""Error writing storage import response"", zap.Error(err)) } return } ctx, ok := checkAuth(r.Context(), s.config, auth) if !ok { w.WriteHeader(401) if _, err := w.Write([]byte(""Console authentication invalid."")); err != nil { s.logger.Error(""Error writing storage import response"", zap.Error(err)) } return } role := ctx.Value(ctxConsoleRoleKey{}).(console.UserRole) if role > console.UserRole_USER_ROLE_DEVELOPER { w.WriteHeader(403) if _, err := w.Write([]byte(""Forbidden"")); err != nil { s.logger.Error(""Error writing storage import response"", zap.Error(err)) } return } if err := r.ParseMultipartForm(s.config.GetConsole().MaxMessageSizeBytes); err != nil { s.logger.Error(""Error parsing storage import form"", zap.Error(err)) w.WriteHeader(400) if _, err := w.Write([]byte(""Error parsing form data."")); err != nil { s.logger.Error(""Error writing storage import response"", zap.Error(err)) } return } var filename string for n := range r.MultipartForm.File { filename = n break } if filename == """" { s.logger.Warn(""Could not find file in storage import multipart form"") w.WriteHeader(400) if _, err := w.Write([]byte(""No file was uploaded."")); err != nil { s.logger.Error(""Error writing storage import response"", zap.Error(err)) } return } file, _, err := r.FormFile(filename) if err != nil { s.logger.Error(""Error opening storage import file"", zap.Error(err)) w.WriteHeader(400) if _, err := w.Write([]byte(""Error opening uploaded file."")); err != nil { s.logger.Error(""Error writing storage import response"", zap.Error(err)) } return } defer file.Close() fileBytes, err := ioutil.ReadAll(file) if err != nil { s.logger.Error(""Error opening storage import file"", zap.Error(err)) w.WriteHeader(400) if _, err := w.Write([]byte(""Error opening uploaded file."")); err != nil { s.logger.Error(""Error writing storage import response"", zap.Error(err)) } return } if strings.HasSuffix(strings.ToLower(filename), "".json"") { err = importStorageJSON(r.Context(), s.logger, s.db, fileBytes) } else { err = importStorageCSV(r.Context(), s.logger, s.db, fileBytes) } if err != nil { w.WriteHeader(400) if _, err := w.Write([]byte(fmt.Sprintf(""Error importing uploaded file - %s."", err))); err != nil { s.logger.Error(""Error writing storage import response"", zap.Error(err)) } } else { w.WriteHeader(204) } }",True,Go,importStorage,console_storage_import.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2262,"func NewLocalSessionCache(config Config) SessionCache { ctx, ctxCancelFn := context.WithCancel(context.Background()) s := &LocalSessionCache{ config: config, ctx: ctx, ctxCancelFn: ctxCancelFn, cache: make(map[uuid.UUID]*sessionCacheUser), } go func() { ticker := time.NewTicker(2 * time.Duration(config.GetSession().TokenExpirySec) * time.Second) for { select { case <-s.ctx.Done(): ticker.Stop() return case t := <-ticker.C: tMs := t.UTC().Unix() s.Lock() for userID, cache := range s.cache { for token, exp := range cache.sessionTokens { if exp <= tMs { delete(cache.sessionTokens, token) } } for token, exp := range cache.refreshTokens { if exp <= tMs { delete(cache.refreshTokens, token) } } if len(cache.sessionTokens) == 0 && len(cache.refreshTokens) == 0 { delete(s.cache, userID) } } s.Unlock() } } }() return s }",True,Go,NewLocalSessionCache,session_cache.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-02 18:35:56+01:00,Correctly console session token on all logouts. (#875),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-2306,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2265,"func (s *ConsoleServer) Authenticate(ctx context.Context, in *console.AuthenticateRequest) (*console.ConsoleSession, error) { role := console.UserRole_USER_ROLE_UNKNOWN var uname string var email string var id uuid.UUID switch in.Username { case s.config.GetConsole().Username: if in.Password == s.config.GetConsole().Password { role = console.UserRole_USER_ROLE_ADMIN uname = in.Username id = uuid.Nil } default: var err error id, uname, email, role, err = s.lookupConsoleUser(ctx, in.Username, in.Password) if err != nil { return nil, err } } if role == console.UserRole_USER_ROLE_UNKNOWN { return nil, status.Error(codes.Unauthenticated, ""Invalid credentials."") } exp := time.Now().UTC().Add(time.Duration(s.config.GetConsole().TokenExpirySec) * time.Second).Unix() token := jwt.NewWithClaims(jwt.SigningMethodHS256, &ConsoleTokenClaims{ ExpiresAt: exp, ID: id.String(), Username: uname, Email: email, Role: role, Cookie: s.cookie, }) key := []byte(s.config.GetConsole().SigningKey) signedToken, _ := token.SignedString(key) s.consoleSessionCache.Add(id, exp, signedToken, 0, """") return &console.ConsoleSession{Token: signedToken}, nil }",True,Go,Authenticate,console_authenticate.go,https://github.com/heroiclabs/nakama,heroiclabs,GitHub,2022-07-05 19:22:19+01:00,Better limit for unsuccessful login attempts on the devconsole. (#878),CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2022-2321,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2276,"func initFlags() { var inputOs = flag.String(""os"", """", ""Please provide the os preference, valid value: windows/linux."") var inputJsonFile = flag.String(""input"", """", ""Please provide the path of input agent json config file"") var inputJsonDir = flag.String(""input-dir"", """", ""Please provide the path of input agent json config directory."") var inputTomlFile = flag.String(""output"", """", ""Please provide the path of the output CWAgent config file"") var inputMode = flag.String(""mode"", ""ec2"", ""Please provide the mode, i.e. ec2, onPremise, auto"") var inputConfig = flag.String(""config"", """", ""Please provide the common-config file"") var multiConfig = flag.String(""multi-config"", ""remove"", ""valid values: default, append, remove"") flag.Parse() ctx := context.CurrentContext() ctx.SetOs(*inputOs) ctx.SetInputJsonFilePath(*inputJsonFile) ctx.SetInputJsonDirPath(*inputJsonDir) ctx.SetMultiConfig(*multiConfig) ctx.SetOutputTomlFilePath(*inputTomlFile) if *inputConfig != """" { f, err := os.Open(*inputConfig) if err != nil { log.Fatalf(""E! Failed to open common-config file %s with error: %v"", *inputConfig, err) } defer f.Close() conf, err := commonconfig.Parse(f) if err != nil { log.Fatalf(""E! Failed to parse common-config file %s with error: %v"", *inputConfig, err) } ctx.SetCredentials(conf.CredentialsMap()) ctx.SetProxy(conf.ProxyMap()) ctx.SetSSL(conf.SSLMap()) } translatorUtil.SetProxyEnv(ctx.Proxy()) translatorUtil.SetSSLEnv(ctx.SSL()) ctx.SetMode(translatorUtil.DetectAgentMode(*inputMode)) }",True,Go,initFlags,translator.go,https://github.com/aws/amazon-cloudwatch-agent,aws,GitHub,2022-08-08 13:00:55-04:00,"support onprem and onpremise and support windows msi installer w silent exec (#543)

* support onprem and onpremise and support windows msi installer w silent
exec",CWE-274,Improper Handling of Insufficient Privileges,"The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.",https://cwe.mitre.org/data/definitions/274.html,CVE-2022-23511,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2283,"func (p *Parser) parseSome() *Expr { decl := &SomeDecl{} decl.SetLoc(p.s.Loc()) s := p.save() p.scan() if term := p.parseTermInfixCall(); term != nil { if call, ok := term.Value.(Call); ok { switch call[0].String() { case Member.Name, MemberWithKey.Name: default: p.illegal(""expected `x in xs` or `x, y in xs` expression"") return nil } decl.Symbols = []*Term{term} expr := NewExpr(decl).SetLocation(decl.Location) if p.s.tok == tokens.With { if expr.With = p.parseWith(); expr.With == nil { return nil } } return expr } } p.restore(s) s = p.save() var hint bool p.scan() if term := p.futureParser().parseTermInfixCall(); term != nil { if call, ok := term.Value.(Call); ok { switch call[0].String() { case Member.Name, MemberWithKey.Name: hint = true } } } p.restore(s) if hint { p.hint(""`import future.keywords.in` for `some x in xs` expressions"") } for { p.scan() if p.s.tok != tokens.Ident { p.illegal(""expected var"") return nil } decl.Symbols = append(decl.Symbols, p.parseVar()) p.scan() if p.s.tok != tokens.Comma { break } } return NewExpr(decl).SetLocation(decl.Location) }",True,Go,parseSome,parser.go,https://github.com/open-policy-agent/opa,open-policy-agent,GitHub,2022-04-05 13:17:11+02:00,"ast/parser: guard against invalid domains for ""some"" and ""every"" (#4548)

These would cause a runtime exception when attempting to parse

    some internal.member_2()

This is due to a technicality in how

    some x in xs

is parsed: `x in xs` will first become `internal.member_2(x, xs)`,
and `some internal.member_2(x, xs)` is then further processed. The
assumption that there're always two (resp. three for internal.member_3)
arguments won't hold if a snippet like the one above is fed into
the parser.

Thanks to Norbert Szetei of Doyensec, @doyensec, for reporting this.

Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-28946,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2292,"func TestFormatAST(t *testing.T) { cases := []struct { note string toFmt interface{} expected string }{ { note: ""var"", toFmt: ast.Var(`foo`), expected: ""foo"", }, { note: ""string"", toFmt: &ast.Term{ Value: ast.String(""foo""), Location: &ast.Location{Text: []byte(`""foo""`)}, }, expected: `""foo""`, }, { note: ""var wildcard"", toFmt: ast.Var(`$12`), expected: ""_"", }, { note: ""string with wildcard prefix"", toFmt: &ast.Term{ Value: ast.String(""$01""), Location: &ast.Location{Text: []byte(`""$01""`)}, }, expected: `""$01""`, }, { note: ""ref var only"", toFmt: ast.MustParseRef(`data.foo`), expected: ""data.foo"", }, { note: ""ref multi vars"", toFmt: ast.MustParseRef(`data.foo.bar.baz`), expected: ""data.foo.bar.baz"", }, { note: ""ref with string"", toFmt: ast.MustParseRef(`data[""foo""]`), expected: `data.foo`, }, { note: ""ref multi string"", toFmt: ast.MustParseRef(`data[""foo""][""bar""][""baz""]`), expected: `data.foo.bar.baz`, }, { note: ""ref with string needs brackets"", toFmt: ast.MustParseRef(`data[""foo my-var\nbar""]`), expected: `data[""foo my-var\nbar""]`, }, { note: ""ref multi string needs brackets"", toFmt: ast.MustParseRef(`data[""foo my-var""][""bar""][""almost.baz""]`), expected: `data[""foo my-var""].bar[""almost.baz""]`, }, { note: ""ref var wildcard"", toFmt: ast.MustParseRef(`data.foo[_]`), expected: ""data.foo[_]"", }, { note: ""ref var wildcard"", toFmt: ast.MustParseRef(`foo[_]`), expected: ""foo[_]"", }, { note: ""ref string with wildcard prefix"", toFmt: ast.MustParseRef(`foo[""$01""]`), expected: `foo[""$01""]`, }, { note: ""nested ref var wildcard"", toFmt: ast.MustParseRef(`foo[bar[baz[_]]]`), expected: ""foo[bar[baz[_]]]"", }, { note: ""ref mixed"", toFmt: ast.MustParseRef(`foo[""bar""].baz[_][""bar-2""].qux`), expected: `foo.bar.baz[_][""bar-2""].qux`, }, { note: ""ref empty"", toFmt: ast.Ref{}, expected: ``, }, { note: ""ref nil"", toFmt: ast.Ref(nil), expected: ``, }, { note: ""ref operator"", toFmt: ast.MustParseRef(`foo[count(foo) - 1]`), expected: `foo[count(foo) - 1]`, }, { note: ""x in xs"", toFmt: ast.Member.Call(ast.VarTerm(""x""), ast.VarTerm(""xs"")), expected: `x in xs`, }, { note: ""x, y in xs"", toFmt: ast.MemberWithKey.Call(ast.VarTerm(""x""), ast.VarTerm(""y""), ast.VarTerm(""xs"")), expected: `(x, y in xs)`, }, { note: ""some x in xs"", toFmt: ast.NewExpr(&ast.SomeDecl{Symbols: []*ast.Term{ ast.Member.Call(ast.VarTerm(""x""), ast.VarTerm(""xs"")), }}), expected: `some x in xs`, }, { note: ""some x, y in xs"", toFmt: ast.NewExpr(&ast.SomeDecl{Symbols: []*ast.Term{ ast.MemberWithKey.Call(ast.VarTerm(""x""), ast.VarTerm(""y""), ast.VarTerm(""xs"")), }}), expected: `some x, y in xs`, }, { note: ""body shared wildcard"", toFmt: ast.Body{ &ast.Expr{ Index: 0, Terms: []*ast.Term{ ast.RefTerm(ast.VarTerm(""eq"")), ast.RefTerm(ast.VarTerm(""input""), ast.StringTerm(""arr""), ast.VarTerm(""$01""), ast.StringTerm(""some key""), ast.VarTerm(""$02"")), ast.VarTerm(""bar""), }, }, &ast.Expr{ Index: 1, Location: &ast.Location{ Row: 2, Col: 1, }, Terms: []*ast.Term{ ast.RefTerm(ast.VarTerm(""eq"")), ast.RefTerm(ast.VarTerm(""input""), ast.StringTerm(""arr""), ast.VarTerm(""$01""), ast.StringTerm(""bar"")), ast.VarTerm(""qux""), }, }, &ast.Expr{ Index: 1, Location: &ast.Location{ Row: 2, Col: 1, }, Terms: []*ast.Term{ ast.RefTerm(ast.VarTerm(""eq"")), ast.RefTerm(ast.VarTerm(""foo""), ast.VarTerm(""$03""), ast.VarTerm(""$01""), ast.StringTerm(""bar"")), ast.RefTerm(ast.VarTerm(""bar""), ast.VarTerm(""$03""), ast.VarTerm(""$04""), ast.VarTerm(""$01""), ast.StringTerm(""bar"")), }, }, }, expected: `input.arr[_01][""some key""][_] = bar input.arr[_01].bar = qux foo[_03][_01].bar = bar[_03][_][_01].bar `, }, { note: ""body shared wildcard - ref head"", toFmt: ast.Body{ &ast.Expr{ Index: 0, Terms: ast.VarTerm(""$x""), }, &ast.Expr{ Index: 1, Terms: ast.RefTerm(ast.VarTerm(""$x""), ast.VarTerm(""y"")), }, }, expected: `_x _x[y]`, }, { note: ""body shared wildcard - nested ref"", toFmt: ast.Body{ &ast.Expr{ Index: 0, Terms: ast.VarTerm(""$x""), }, &ast.Expr{ Index: 1, Terms: ast.RefTerm(ast.VarTerm(""a""), ast.RefTerm(ast.VarTerm(""$x""), ast.VarTerm(""y""))), }, }, expected: `_x a[_x[y]]`, }, { note: ""body shared wildcard - nested ref array"", toFmt: ast.Body{ &ast.Expr{ Index: 0, Terms: ast.VarTerm(""$x""), }, &ast.Expr{ Index: 1, Terms: ast.RefTerm(ast.VarTerm(""a""), ast.RefTerm(ast.VarTerm(""$x""), ast.VarTerm(""y""), ast.ArrayTerm(ast.VarTerm(""z""), ast.VarTerm(""w"")))), }, }, expected: `_x a[_x[y][[z, w]]]`, }, } for _, tc := range cases { t.Run(tc.note, func(t *testing.T) { bs, err := Ast(tc.toFmt) if err != nil { t.Fatalf(""Unexpected error: %s"", err) } expected := strings.TrimSpace(tc.expected) actual := strings.TrimSpace(string(bs)) if actual != expected { t.Fatalf(""Expected:\n\n%s\n\nGot:\n\n%s\n\n"", expected, actual) } }) } }",True,Go,TestFormatAST,format_test.go,https://github.com/open-policy-agent/opa,open-policy-agent,GitHub,2022-01-25 08:43:20+01:00,"format: don't group iterable when one has defaulted location (#4260)

As mentioned in the comment, empty file names happen when the format
package's Ast() function does a sweep of its input, and adds a
""default location"" to everything that has a nil location.

During PE, when generated the pairs to save in saveUnify, we'll
return Var Terms without locations. Fixing that seemed like a bigger
hurdle, so I went this route.

The new check is such that if any term has the default file in
its location, such as would happen if we're formatting code that
was created programmatically (not parsed), we'll group the terms'
elements, but print them in one line.

Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>",CWE-682,Incorrect Calculation,The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.,https://cwe.mitre.org/data/definitions/682.html,CVE-2022-23628,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2294,"func PrintVerificationHeader(imgRef string, co *cosign.CheckOpts, bundleVerified bool) { fmt.Fprintf(os.Stderr, ""\nVerification for %s --\n"", imgRef) fmt.Fprintln(os.Stderr, ""The following checks were performed on each of these signatures:"") if co.ClaimVerifier != nil { if co.Annotations != nil { fmt.Fprintln(os.Stderr, "" - The specified annotations were verified."") } fmt.Fprintln(os.Stderr, "" - The cosign claims were validated"") } if bundleVerified { fmt.Fprintln(os.Stderr, "" - Existence of the claims in the transparency log was verified offline"") } else if co.RekorClient != nil { fmt.Fprintln(os.Stderr, "" - The claims were present in the transparency log"") fmt.Fprintln(os.Stderr, "" - The signatures were integrated into the transparency log when the certificate was valid"") } if co.SigVerifier != nil { fmt.Fprintln(os.Stderr, "" - The signatures were verified against the specified public key"") } fmt.Fprintln(os.Stderr, "" - Any certificates were verified against the Fulcio roots."") }",True,Go,PrintVerificationHeader,verify.go,https://github.com/sigstore/cosign,sigstore,GitHub,2022-02-18 11:40:01-08:00,"Merge pull request from GHSA-ccxc-vr6p-4858

* Make sure signature in Rekor bundle matches signature being verified

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Only print ""fulcio verified"" when using Fulcio

Currently we tell users that we've verified against the Fulcio root
trust when verifying but this isn't always true. This work ensures we
only say this when we actually use the Fulcio root cert for
verification.

Signed-off-by: Nathan Smith <nathan@chainguard.dev>

* Add e2e test

Signed-off-by: Nathan Smith <nathan@chainguard.dev>

Co-authored-by: Priya Wadhwa <priya@chainguard.dev>",CWE-295,Improper Certificate Validation,"The product does not validate, or incorrectly validates, a certificate.",https://cwe.mitre.org/data/definitions/295.html,CVE-2022-23649,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2296,"func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) { if len(images) == 0 { return flag.ErrHelp } switch c.Attachment { case ""sbom"", """": break default: return flag.ErrHelp } if c.HashAlgorithm == 0 { c.HashAlgorithm = crypto.SHA256 } if !options.OneOf(c.KeyRef, c.CertRef, c.Sk) && !options.EnableExperimental() { return &options.KeyParseError{} } ociremoteOpts, err := c.ClientOpts(ctx) if err != nil { return errors.Wrap(err, ""constructing client options"") } co := &cosign.CheckOpts{ Annotations: c.Annotations.Annotations, RegistryClientOpts: ociremoteOpts, CertEmail: c.CertEmail, CertOidcIssuer: c.CertOidcIssuer, SignatureRef: c.SignatureRef, } if c.CheckClaims { co.ClaimVerifier = cosign.SimpleClaimVerifier } if options.EnableExperimental() { if c.RekorURL != """" { rekorClient, err := rekor.NewClient(c.RekorURL) if err != nil { return errors.Wrap(err, ""creating Rekor client"") } co.RekorClient = rekorClient } co.RootCerts = fulcio.GetRoots() } keyRef := c.KeyRef certRef := c.CertRef var pubKey signature.Verifier switch { case keyRef != """": pubKey, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, c.HashAlgorithm) if err != nil { return errors.Wrap(err, ""loading public key"") } pkcs11Key, ok := pubKey.(*pkcs11key.Key) if ok { defer pkcs11Key.Close() } case c.Sk: sk, err := pivkey.GetKeyWithSlot(c.Slot) if err != nil { return errors.Wrap(err, ""opening piv token"") } defer sk.Close() pubKey, err = sk.Verifier() if err != nil { return errors.Wrap(err, ""initializing piv token verifier"") } case certRef != """": cert, err := loadCertFromFileOrURL(c.CertRef) if err != nil { return err } pubKey, err = signature.LoadECDSAVerifier(cert.PublicKey.(*ecdsa.PublicKey), crypto.SHA256) if err != nil { return err } } co.SigVerifier = pubKey for _, img := range images { if c.LocalImage { verified, bundleVerified, err := cosign.VerifyLocalImageSignatures(ctx, img, co) if err != nil { return err } PrintVerificationHeader(img, co, bundleVerified) PrintVerification(img, verified, c.Output) } else { ref, err := name.ParseReference(img) if err != nil { return errors.Wrap(err, ""parsing reference"") } ref, err = sign.GetAttachedImageRef(ref, c.Attachment, ociremoteOpts...) if err != nil { return errors.Wrapf(err, ""resolving attachment type %s for image %s"", c.Attachment, img) } verified, bundleVerified, err := cosign.VerifyImageSignatures(ctx, ref, co) if err != nil { return err } PrintVerificationHeader(ref.Name(), co, bundleVerified) PrintVerification(ref.Name(), verified, c.Output) } } return nil }",True,Go,Exec,verify.go,https://github.com/sigstore/cosign,sigstore,GitHub,2022-02-18 11:40:01-08:00,"Merge pull request from GHSA-ccxc-vr6p-4858

* Make sure signature in Rekor bundle matches signature being verified

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Only print ""fulcio verified"" when using Fulcio

Currently we tell users that we've verified against the Fulcio root
trust when verifying but this isn't always true. This work ensures we
only say this when we actually use the Fulcio root cert for
verification.

Signed-off-by: Nathan Smith <nathan@chainguard.dev>

* Add e2e test

Signed-off-by: Nathan Smith <nathan@chainguard.dev>

Co-authored-by: Priya Wadhwa <priya@chainguard.dev>",CWE-295,Improper Certificate Validation,"The product does not validate, or incorrectly validates, a certificate.",https://cwe.mitre.org/data/definitions/295.html,CVE-2022-23649,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2308,"func extractCerts(e *models.LogEntryAnon) ([]*x509.Certificate, error) { b, err := base64.StdEncoding.DecodeString(e.Body.(string)) if err != nil { return nil, err } pe, err := models.UnmarshalProposedEntry(bytes.NewReader(b), runtime.JSONConsumer()) if err != nil { return nil, err } eimpl, err := types.NewEntry(pe) if err != nil { return nil, err } var publicKeyB64 []byte switch e := eimpl.(type) { case *rekord.V001Entry: publicKeyB64, err = e.RekordObj.Signature.PublicKey.Content.MarshalText() if err != nil { return nil, err } case *hashedrekord.V001Entry: publicKeyB64, err = e.HashedRekordObj.Signature.PublicKey.Content.MarshalText() if err != nil { return nil, err } default: return nil, errors.New(""unexpected tlog entry type"") } publicKey, err := base64.StdEncoding.DecodeString(string(publicKeyB64)) if err != nil { return nil, err } certs, err := cryptoutils.UnmarshalCertificatesFromPEM(publicKey) if err != nil { return nil, err } if len(certs) == 0 { return nil, errors.New(""no certs found in pem tlog"") } return certs, err }",True,Go,extractCerts,verify_blob.go,https://github.com/sigstore/cosign,sigstore,GitHub,2022-09-14 09:37:41+01:00,"Merge pull request from GHSA-8gw7-4j42-w388

* wip

Signed-off-by: Asra Ali <asraa@google.com>

more tests

Signed-off-by: Asra Ali <asraa@google.com>

finish tests

Signed-off-by: Asra Ali <asraa@google.com>

Add explicit testcase for failure in verifytlogentry

Signed-off-by: Asra Ali <asraa@google.com>

add testing for invalid provided bundle fails

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

address hayden comments

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

* fix: verify RekorBundle payload references blob

Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Asra Ali <asraa@google.com>

* Add test for invalid blob signature causing error

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Add tests for checking identity flags

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* address bob's comment

Signed-off-by: Asra Ali <asraa@google.com>

* add comment on intoto multisig

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>",CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2022-36056,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2313,"func verifyRekorBundle(ctx context.Context, bundlePath string, cert *x509.Certificate, rekorClient *client.Rekor) error { b, err := cosign.FetchLocalSignedPayloadFromPath(bundlePath) if err != nil { return err } if b.Bundle == nil { return fmt.Errorf(""rekor entry is not available"") } publicKeys, err := cosign.GetRekorPubs(ctx, rekorClient) if err != nil { return fmt.Errorf(""retrieving rekor public key: %w"", err) } pubKey, ok := publicKeys[b.Bundle.Payload.LogID] if !ok { return errors.New(""rekor log public key not found for payload"") } err = cosign.VerifySET(b.Bundle.Payload, b.Bundle.SignedEntryTimestamp, pubKey.PubKey) if err != nil { return err } if pubKey.Status != tuf.Active { fmt.Fprintf(os.Stderr, ""**Info** Successfully verified Rekor entry using an expired verification key\n"") } if cert == nil { return nil } it := time.Unix(b.Bundle.Payload.IntegratedTime, 0) return cosign.CheckExpiry(cert, it) }",True,Go,verifyRekorBundle,verify_blob.go,https://github.com/sigstore/cosign,sigstore,GitHub,2022-09-14 09:37:41+01:00,"Merge pull request from GHSA-8gw7-4j42-w388

* wip

Signed-off-by: Asra Ali <asraa@google.com>

more tests

Signed-off-by: Asra Ali <asraa@google.com>

finish tests

Signed-off-by: Asra Ali <asraa@google.com>

Add explicit testcase for failure in verifytlogentry

Signed-off-by: Asra Ali <asraa@google.com>

add testing for invalid provided bundle fails

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

address hayden comments

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

* fix: verify RekorBundle payload references blob

Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Asra Ali <asraa@google.com>

* Add test for invalid blob signature causing error

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Add tests for checking identity flags

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* address bob's comment

Signed-off-by: Asra Ali <asraa@google.com>

* add comment on intoto multisig

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>",CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2022-36056,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2323,"func TestSignaturesBundle(t *testing.T) { td := t.TempDir() fp := filepath.Join(td, ""file"") sig := ""a=="" b64sig := ""YT09"" lsp := cosign.LocalSignedPayload{ Base64Signature: b64sig, } contents, err := json.Marshal(lsp) if err != nil { t.Fatal(err) } if err := os.WriteFile(fp, contents, 0644); err != nil { t.Fatal(err) } gotSig, gotb64Sig, err := signatures("""", fp) if err != nil { t.Fatal(err) } if gotSig != sig { t.Fatalf(""unexpected signature, expected: %s got: %s"", sig, gotSig) } if gotb64Sig != b64sig { t.Fatalf(""unexpected encoded signature, expected: %s got: %s"", b64sig, gotb64Sig) } }",True,Go,TestSignaturesBundle,verify_blob_test.go,https://github.com/sigstore/cosign,sigstore,GitHub,2022-09-14 09:37:41+01:00,"Merge pull request from GHSA-8gw7-4j42-w388

* wip

Signed-off-by: Asra Ali <asraa@google.com>

more tests

Signed-off-by: Asra Ali <asraa@google.com>

finish tests

Signed-off-by: Asra Ali <asraa@google.com>

Add explicit testcase for failure in verifytlogentry

Signed-off-by: Asra Ali <asraa@google.com>

add testing for invalid provided bundle fails

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

address hayden comments

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

* fix: verify RekorBundle payload references blob

Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Asra Ali <asraa@google.com>

* Add test for invalid blob signature causing error

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Add tests for checking identity flags

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* address bob's comment

Signed-off-by: Asra Ali <asraa@google.com>

* add comment on intoto multisig

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>",CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2022-36056,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2325,"func TestIsIntotoDSSEWithEnvelopes(t *testing.T) { tts := []struct { envelope dsse.Envelope isIntotoDSSE bool }{ { envelope: dsse.Envelope{ PayloadType: ""application/vnd.in-toto+json"", Payload: base64.StdEncoding.EncodeToString([]byte(""This is a test"")), Signatures: []dsse.Signature{}, }, isIntotoDSSE: true, }, } for _, tt := range tts { envlopeBytes, _ := json.Marshal(tt.envelope) got := isIntotoDSSE(envlopeBytes) if got != tt.isIntotoDSSE { t.Fatalf(""unexpected envelope content"") } } }",True,Go,TestIsIntotoDSSEWithEnvelopes,verify_blob_test.go,https://github.com/sigstore/cosign,sigstore,GitHub,2022-09-14 09:37:41+01:00,"Merge pull request from GHSA-8gw7-4j42-w388

* wip

Signed-off-by: Asra Ali <asraa@google.com>

more tests

Signed-off-by: Asra Ali <asraa@google.com>

finish tests

Signed-off-by: Asra Ali <asraa@google.com>

Add explicit testcase for failure in verifytlogentry

Signed-off-by: Asra Ali <asraa@google.com>

add testing for invalid provided bundle fails

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

address hayden comments

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

* fix: verify RekorBundle payload references blob

Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Asra Ali <asraa@google.com>

* Add test for invalid blob signature causing error

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Add tests for checking identity flags

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* address bob's comment

Signed-off-by: Asra Ali <asraa@google.com>

* add comment on intoto multisig

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>",CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2022-36056,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2331,"func TestSignaturesRef(t *testing.T) { sig := ""a=="" b64sig := ""YT09"" tests := []struct { description string sigRef string shouldErr bool }{ { description: ""raw sig"", sigRef: sig, }, { description: ""encoded sig"", sigRef: b64sig, }, { description: ""empty ref"", shouldErr: true, }, } for _, test := range tests { t.Run(test.description, func(t *testing.T) { gotSig, gotb64Sig, err := signatures(test.sigRef, """") if test.shouldErr && err != nil { return } if test.shouldErr { t.Fatal(""should have received an error"") } if gotSig != sig { t.Fatalf(""unexpected signature, expected: %s got: %s"", sig, gotSig) } if gotb64Sig != b64sig { t.Fatalf(""unexpected encoded signature, expected: %s got: %s"", b64sig, gotb64Sig) } }) } }",True,Go,TestSignaturesRef,verify_blob_test.go,https://github.com/sigstore/cosign,sigstore,GitHub,2022-09-14 09:37:41+01:00,"Merge pull request from GHSA-8gw7-4j42-w388

* wip

Signed-off-by: Asra Ali <asraa@google.com>

more tests

Signed-off-by: Asra Ali <asraa@google.com>

finish tests

Signed-off-by: Asra Ali <asraa@google.com>

Add explicit testcase for failure in verifytlogentry

Signed-off-by: Asra Ali <asraa@google.com>

add testing for invalid provided bundle fails

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

address hayden comments

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

* fix: verify RekorBundle payload references blob

Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Asra Ali <asraa@google.com>

* Add test for invalid blob signature causing error

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Add tests for checking identity flags

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* address bob's comment

Signed-off-by: Asra Ali <asraa@google.com>

* add comment on intoto multisig

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>",CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2022-36056,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2336,"func (m *EntriesClient) CreateLogEntry(params *entries.CreateLogEntryParams, opts ...entries.ClientOption) (*entries.CreateLogEntryCreated, error) { return &entries.CreateLogEntryCreated{ ETag: """", Location: """", Payload: data, }, nil }",True,Go,CreateLogEntry,mock_rekor_client.go,https://github.com/sigstore/cosign,sigstore,GitHub,2022-09-14 09:37:41+01:00,"Merge pull request from GHSA-8gw7-4j42-w388

* wip

Signed-off-by: Asra Ali <asraa@google.com>

more tests

Signed-off-by: Asra Ali <asraa@google.com>

finish tests

Signed-off-by: Asra Ali <asraa@google.com>

Add explicit testcase for failure in verifytlogentry

Signed-off-by: Asra Ali <asraa@google.com>

add testing for invalid provided bundle fails

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

address hayden comments

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

* fix: verify RekorBundle payload references blob

Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Asra Ali <asraa@google.com>

* Add test for invalid blob signature causing error

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Add tests for checking identity flags

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* address bob's comment

Signed-off-by: Asra Ali <asraa@google.com>

* add comment on intoto multisig

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>",CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2022-36056,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2337,"func uuid(e models.LogEntryAnon) string { entryBytes, err := base64.StdEncoding.DecodeString(e.Body.(string)) if err != nil { panic(err) } return hex.EncodeToString(rfc6962.DefaultHasher.HashLeaf(entryBytes)) }",True,Go,uuid,mock_rekor_client.go,https://github.com/sigstore/cosign,sigstore,GitHub,2022-09-14 09:37:41+01:00,"Merge pull request from GHSA-8gw7-4j42-w388

* wip

Signed-off-by: Asra Ali <asraa@google.com>

more tests

Signed-off-by: Asra Ali <asraa@google.com>

finish tests

Signed-off-by: Asra Ali <asraa@google.com>

Add explicit testcase for failure in verifytlogentry

Signed-off-by: Asra Ali <asraa@google.com>

add testing for invalid provided bundle fails

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

address hayden comments

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

* fix: verify RekorBundle payload references blob

Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Asra Ali <asraa@google.com>

* Add test for invalid blob signature causing error

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Add tests for checking identity flags

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* address bob's comment

Signed-off-by: Asra Ali <asraa@google.com>

* add comment on intoto multisig

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>",CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2022-36056,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2338,"func (m *EntriesClient) SearchLogQuery(params *entries.SearchLogQueryParams, opts ...entries.ClientOption) (*entries.SearchLogQueryOK, error) { return &entries.SearchLogQueryOK{ Payload: []models.LogEntry{data}, }, nil }",True,Go,SearchLogQuery,mock_rekor_client.go,https://github.com/sigstore/cosign,sigstore,GitHub,2022-09-14 09:37:41+01:00,"Merge pull request from GHSA-8gw7-4j42-w388

* wip

Signed-off-by: Asra Ali <asraa@google.com>

more tests

Signed-off-by: Asra Ali <asraa@google.com>

finish tests

Signed-off-by: Asra Ali <asraa@google.com>

Add explicit testcase for failure in verifytlogentry

Signed-off-by: Asra Ali <asraa@google.com>

add testing for invalid provided bundle fails

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

address hayden comments

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

* fix: verify RekorBundle payload references blob

Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Asra Ali <asraa@google.com>

* Add test for invalid blob signature causing error

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Add tests for checking identity flags

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* address bob's comment

Signed-off-by: Asra Ali <asraa@google.com>

* add comment on intoto multisig

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>",CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2022-36056,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2341,"func TestSigner(t *testing.T) { payloadSigner := payload.NewSigner(mustGetNewSigner(t)) var mClient client.Rekor mClient.Entries = &mock.EntriesClient{} testSigner := NewSigner(payloadSigner, &mClient) testPayload := ""test payload"" ociSig, pub, err := testSigner.Sign(context.Background(), strings.NewReader(testPayload)) if err != nil { t.Fatalf(""Sign() returned error: %v"", err) } verifier, err := signature.LoadVerifier(pub, crypto.SHA256) if err != nil { t.Fatalf(""signature.LoadVerifier(pub) returned error: %v"", err) } b64Sig, err := ociSig.Base64Signature() if err != nil { t.Fatalf(""ociSig.Base64Signature() returned error: %v"", err) } sig, err := base64.StdEncoding.DecodeString(b64Sig) if err != nil { t.Fatalf(""base64.StdEncoding.DecodeString(b64Sig) returned error: %v"", err) } gotPayload, err := ociSig.Payload() if err != nil { t.Fatalf(""ociSig.Payload() returned error: %v"", err) } if string(gotPayload) != testPayload { t.Errorf(""ociSig.Payload() returned %q, wanted %q"", string(gotPayload), testPayload) } if err = verifier.VerifySignature(bytes.NewReader(sig), bytes.NewReader(gotPayload)); err != nil { t.Errorf(""VerifySignature() returned error: %v"", err) } }",True,Go,TestSigner,signer_test.go,https://github.com/sigstore/cosign,sigstore,GitHub,2022-09-14 09:37:41+01:00,"Merge pull request from GHSA-8gw7-4j42-w388

* wip

Signed-off-by: Asra Ali <asraa@google.com>

more tests

Signed-off-by: Asra Ali <asraa@google.com>

finish tests

Signed-off-by: Asra Ali <asraa@google.com>

Add explicit testcase for failure in verifytlogentry

Signed-off-by: Asra Ali <asraa@google.com>

add testing for invalid provided bundle fails

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

address hayden comments

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

* fix: verify RekorBundle payload references blob

Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Asra Ali <asraa@google.com>

* Add test for invalid blob signature causing error

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Add tests for checking identity flags

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* address bob's comment

Signed-off-by: Asra Ali <asraa@google.com>

* add comment on intoto multisig

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>",CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2022-36056,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2345,"func TestVerifyImageSignatureWithSigVerifierAndRekor(t *testing.T) { sv, privKey, err := signature.NewDefaultECDSASignerVerifier() if err != nil { t.Fatalf(""error generating verifier: %v"", err) } payload := []byte{1, 2, 3, 4} h := sha256.Sum256(payload) sig, _ := privKey.Sign(rand.Reader, h[:], crypto.SHA256) ociSig, _ := static.NewSignature(payload, base64.StdEncoding.EncodeToString(sig)) mClient := new(client.Rekor) mClient.Entries = &mock.EntriesClient{} if _, err := VerifyImageSignature(context.TODO(), ociSig, v1.Hash{}, &CheckOpts{ SigVerifier: sv, RekorClient: mClient, }); err == nil || !strings.Contains(err.Error(), ""verifying inclusion proof"") { t.Fatal(""expected error while verifying signature"") } }",True,Go,TestVerifyImageSignatureWithSigVerifierAndRekor,verify_test.go,https://github.com/sigstore/cosign,sigstore,GitHub,2022-09-14 09:37:41+01:00,"Merge pull request from GHSA-8gw7-4j42-w388

* wip

Signed-off-by: Asra Ali <asraa@google.com>

more tests

Signed-off-by: Asra Ali <asraa@google.com>

finish tests

Signed-off-by: Asra Ali <asraa@google.com>

Add explicit testcase for failure in verifytlogentry

Signed-off-by: Asra Ali <asraa@google.com>

add testing for invalid provided bundle fails

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

address hayden comments

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

* fix: verify RekorBundle payload references blob

Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Asra Ali <asraa@google.com>

* Add test for invalid blob signature causing error

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Add tests for checking identity flags

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* address bob's comment

Signed-off-by: Asra Ali <asraa@google.com>

* add comment on intoto multisig

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Co-authored-by: Cody Soyland <codysoyland@github.com>
Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>",CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2022-36056,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2353,"func (c Criteria) OrderBy() string { if c.Sort == """" { c.Sort = ""title"" } f := fieldMap[strings.ToLower(c.Sort)] var mapped string if f == nil { log.Error(""Invalid field in 'sort' field"", ""field"", c.Sort) mapped = c.Sort } else { if f.order == """" { mapped = f.field } else { mapped = f.order } } if c.Order != """" { mapped = mapped + "" "" + c.Order } return mapped }",True,Go,OrderBy,criteria.go,https://github.com/navidrome/navidrome,navidrome,Deluan,2022-01-18 21:36:29-05:00,Fix potential SQL injection in Smart Playlists,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-23857,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2357,"func installSyncthing(appId string) { var appInfo model.ServerAppList m := model.CustomizationPostData{} var dockerImage string var dockerImageVersion string appInfo = service.MyService.OAPI().GetServerAppInfo(appId, ""system"") dockerImage = appInfo.Image dockerImageVersion = appInfo.ImageVersion if len(appInfo.ImageVersion) == 0 { dockerImageVersion = ""latest"" } if appInfo.NetworkModel != ""host"" { for i := 0; i < len(appInfo.Ports); i++ { if p, _ := strconv.Atoi(appInfo.Ports[i].ContainerPort); port.IsPortAvailable(p, appInfo.Ports[i].Protocol) { appInfo.Ports[i].CommendPort = strconv.Itoa(p) } else { if appInfo.Ports[i].Protocol == ""tcp"" { if p, err := port.GetAvailablePort(""tcp""); err == nil { appInfo.Ports[i].CommendPort = strconv.Itoa(p) } } else if appInfo.Ports[i].Protocol == ""upd"" { if p, err := port.GetAvailablePort(""udp""); err == nil { appInfo.Ports[i].CommendPort = strconv.Itoa(p) } } } if appInfo.Ports[i].Type == 0 { appInfo.PortMap = appInfo.Ports[i].CommendPort } } } for i := 0; i < len(appInfo.Devices); i++ { if !file.CheckNotExist(appInfo.Devices[i].ContainerPath) { appInfo.Devices[i].Path = appInfo.Devices[i].ContainerPath } } if len(appInfo.Tip) > 0 { appInfo.Tip = env_helper.ReplaceStringDefaultENV(appInfo.Tip) } appInfo.MaxMemory = service.MyService.ZiMa().GetMemInfo().Total >> 20 id := uuid.NewV4().String() installLog := model2.AppNotify{} err := service.MyService.Docker().DockerPullImage(dockerImage+"":""+dockerImageVersion, installLog) if err != nil { fmt.Println(""pull image error"", err, dockerImage, dockerImageVersion) return } for !service.MyService.Docker().IsExistImage(dockerImage + "":"" + dockerImageVersion) { time.Sleep(time.Second) } m.CpuShares = 50 m.Envs = appInfo.Envs m.Memory = int64(appInfo.MaxMemory) m.Origin = ""system"" m.PortMap = appInfo.PortMap m.Ports = appInfo.Ports m.Restart = ""always"" m.Volumes = appInfo.Volumes containerId, err := service.MyService.Docker().DockerContainerCreate(dockerImage+"":""+dockerImageVersion, id, m, appInfo.NetworkModel) if err != nil { fmt.Println(""container create error"", err) return } err = service.MyService.Docker().DockerContainerStart(id) if err != nil { return } portsStr, _ := json.Marshal(appInfo.Ports) envsStr, _ := json.Marshal(appInfo.Envs) volumesStr, _ := json.Marshal(appInfo.Volumes) devicesStr, _ := json.Marshal(appInfo.Devices) md := model2.AppListDBModel{ CustomId: id, Title: appInfo.Title, Slogan: appInfo.Tagline, Description: appInfo.Description, Icon: appInfo.Icon, Version: dockerImageVersion, ContainerId: containerId, Image: dockerImage, Index: appInfo.Index, PortMap: appInfo.PortMap, Label: appInfo.Title, EnableUPNP: false, Ports: string(portsStr), Envs: string(envsStr), Volumes: string(volumesStr), Position: true, NetModel: appInfo.NetworkModel, Restart: m.Restart, CpuShares: 50, Memory: int64(appInfo.MaxMemory), Devices: string(devicesStr), Origin: m.Origin, CreatedAt: strconv.FormatInt(time.Now().Unix(), 10), UpdatedAt: strconv.FormatInt(time.Now().Unix(), 10), } service.MyService.App().SaveContainer(md) checkSystemApp() }",True,Go,installSyncthing,init.go,https://github.com/IceWhaleTech/CasaOS,IceWhaleTech,link,2022-01-26 18:50:34+08:00,Apply multilingual support,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24193,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2361,"func AppList(c *gin.Context) { index := c.DefaultQuery(""index"", ""1"") size := c.DefaultQuery(""size"", ""10000"") t := c.DefaultQuery(""type"", ""rank"") categoryId := c.DefaultQuery(""category_id"", ""0"") key := c.DefaultQuery(""key"", """") recommend, list, community := service.MyService.OAPI().GetServerList(index, size, t, categoryId, key) data := make(map[string]interface{}, 3) data[""recommend""] = recommend data[""list""] = list data[""community""] = community c.JSON(http.StatusOK, &model.Result{Success: oasis_err2.SUCCESS, Message: oasis_err2.GetMsg(oasis_err2.SUCCESS), Data: data}) }",True,Go,AppList,app.go,https://github.com/IceWhaleTech/CasaOS,IceWhaleTech,link,2022-01-26 18:50:34+08:00,Apply multilingual support,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24193,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2369,"func ZeroTierLeaveNetwork(c *gin.Context) { networkId := c.Param(""id"") service.MyService.ZeroTier().ZeroTierLeaveNetwork(networkId) if len(networkId) == 0 { c.JSON(http.StatusOK, model.Result{Success: oasis_err2.INVALID_PARAMS, Message: oasis_err2.GetMsg(oasis_err2.INVALID_PARAMS)}) return } c.JSON(http.StatusOK, model.Result{Success: oasis_err2.SUCCESS, Message: oasis_err2.GetMsg(oasis_err2.SUCCESS)}) }",True,Go,ZeroTierLeaveNetwork,zerotier.go,https://github.com/IceWhaleTech/CasaOS,IceWhaleTech,link,2022-01-26 18:50:34+08:00,Apply multilingual support,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24193,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2370,"func ZeroTierJoinNetwork(c *gin.Context) { networkId := c.Param(""id"") service.MyService.ZeroTier().ZeroTierJoinNetwork(networkId) if len(networkId) == 0 { c.JSON(http.StatusOK, model.Result{Success: oasis_err2.INVALID_PARAMS, Message: oasis_err2.GetMsg(oasis_err2.INVALID_PARAMS)}) return } c.JSON(http.StatusOK, model.Result{Success: oasis_err2.SUCCESS, Message: oasis_err2.GetMsg(oasis_err2.SUCCESS)}) }",True,Go,ZeroTierJoinNetwork,zerotier.go,https://github.com/IceWhaleTech/CasaOS,IceWhaleTech,link,2022-01-26 18:50:34+08:00,Apply multilingual support,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24193,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2374,"func (o *casaService) GetServerAppInfo(id, t string) model.ServerAppList { head := make(map[string]string) head[""Authorization""] = GetToken() infoS := httper2.Get(config.ServerInfo.ServerApi+""/v2/app/info/""+id+""?t=""+t, head) info := model.ServerAppList{} json2.Unmarshal([]byte(gjson.Get(infoS, ""data"").String()), &info) return info }",True,Go,GetServerAppInfo,casa.go,https://github.com/IceWhaleTech/CasaOS,IceWhaleTech,link,2022-01-26 18:50:34+08:00,Apply multilingual support,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24193,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2375,"func (o *casaService) GetServerList(index, size, tp, categoryId, key string) (recommend, list, community []model.ServerAppList) { keyName := fmt.Sprintf(""list_%s_%s_%s_%s"", index, size, tp, categoryId) if result, ok := Cache.Get(keyName); ok { res, ok := result.(string) if ok { json2.Unmarshal([]byte(gjson.Get(res, ""data.list"").String()), &list) json2.Unmarshal([]byte(gjson.Get(res, ""data.recommend"").String()), &recommend) json2.Unmarshal([]byte(gjson.Get(res, ""data.community"").String()), &community) return } } head := make(map[string]string) head[""Authorization""] = GetToken() listS := httper2.Get(config.ServerInfo.ServerApi+""/v2/app/newlist?index=""+index+""&size=""+size+""&rank=""+tp+""&category_id=""+categoryId+""&key=""+key, head) json2.Unmarshal([]byte(gjson.Get(listS, ""data.list"").String()), &list) json2.Unmarshal([]byte(gjson.Get(listS, ""data.recommend"").String()), &recommend) json2.Unmarshal([]byte(gjson.Get(listS, ""data.community"").String()), &community) if len(list) > 0 { Cache.SetDefault(keyName, listS) } return }",True,Go,GetServerList,casa.go,https://github.com/IceWhaleTech/CasaOS,IceWhaleTech,link,2022-01-26 18:50:34+08:00,Apply multilingual support,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24193,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2379,"func PostSambaConnectionsCreate(c *gin.Context) { connection := model.Connections{} c.ShouldBindJSON(&connection) if connection.Port == """" { connection.Port = ""445"" } if connection.Username == """" || connection.Host == """" { c.JSON(common_err.CLIENT_ERROR, model.Result{Success: common_err.CHARACTER_LIMIT, Message: common_err.GetMsg(common_err.CHARACTER_LIMIT)}) return } if ok, _ := regexp.MatchString(`^[\w@#*.]{4,30}$`, connection.Password); !ok { c.JSON(common_err.CLIENT_ERROR, model.Result{Success: common_err.CHARACTER_LIMIT, Message: common_err.GetMsg(common_err.CHARACTER_LIMIT)}) return }",True,Go,PostSambaConnectionsCreate,samba.go,https://github.com/IceWhaleTech/CasaOS,IceWhaleTech,GitHub,2023-04-24 11:24:22+08:00,Update samba (#1021),CWE-77,Improper Neutralization of Special Elements used in a Command ('Command Injection'),"The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/77.html,CVE-2023-37469,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2381,"func (s *connectionsStruct) MountSmaba(username, host, directory, port, mountPoint, password string) string { str := command2.ExecResultStr(""source "" + config.AppInfo.ShellPath + ""/helper.sh ;MountCIFS "" + username + "" "" + host + "" "" + directory + "" "" + port + "" "" + mountPoint + "" "" + password) return str }",True,Go,MountSmaba,connections.go,https://github.com/IceWhaleTech/CasaOS,IceWhaleTech,GitHub,2023-04-24 11:24:22+08:00,Update samba (#1021),CWE-77,Improper Neutralization of Special Elements used in a Command ('Command Injection'),"The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/77.html,CVE-2023-37469,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2383,"func InitV1Router() *gin.Engine { ginMode := gin.ReleaseMode if config.ServerInfo.RunMode != """" { ginMode = config.ServerInfo.RunMode } if os.Getenv(gin.EnvGinMode) != """" { ginMode = os.Getenv(gin.EnvGinMode) } gin.SetMode(ginMode) r := gin.New() r.Use(gin.Recovery()) r.Use(middleware.Cors()) r.Use(gzip.Gzip(gzip.DefaultCompression)) if ginMode != gin.ReleaseMode { r.Use(middleware.WriteLog()) } r.GET(""/v1/sys/debug"", v1.GetSystemConfigDebug) r.GET(""/v1/sys/version/check"", v1.GetSystemCheckVersion) r.GET(""/ping"", func(ctx *gin.Context) { ctx.String(200, ""pong"") }) r.GET(""/v1/recover/:type"", v1.GetRecoverStorage) v1Group := r.Group(""/v1"") v1Group.Use(jwt.ExceptLocalhost()) { v1SysGroup := v1Group.Group(""/sys"") v1SysGroup.Use() { v1SysGroup.GET(""/version"", v1.GetSystemCheckVersion) v1SysGroup.POST(""/update"", v1.SystemUpdate) v1SysGroup.GET(""/hardware"", v1.GetSystemHardwareInfo) v1SysGroup.GET(""/wsssh"", v1.WsSsh) v1SysGroup.POST(""/ssh-login"", v1.PostSshLogin) v1SysGroup.GET(""/logs"", v1.GetCasaOSErrorLogs) v1SysGroup.POST(""/stop"", v1.PostKillCasaOS) v1SysGroup.GET(""/utilization"", v1.GetSystemUtilization) v1SysGroup.GET(""/server-info"", nil) v1SysGroup.PUT(""/server-info"", nil) v1SysGroup.GET(""/proxy"", v1.GetSystemProxy) v1SysGroup.PUT(""/state/:state"", v1.PutSystemState) } v1PortGroup := v1Group.Group(""/port"") v1PortGroup.Use() { v1PortGroup.GET(""/"", v1.GetPort) v1PortGroup.GET(""/state/:port"", v1.PortCheck) } v1FileGroup := v1Group.Group(""/file"") v1FileGroup.Use() { v1FileGroup.GET("""", v1.GetDownloadSingleFile) v1FileGroup.POST("""", v1.PostCreateFile) v1FileGroup.PUT("""", v1.PutFileContent) v1FileGroup.PUT(""/name"", v1.RenamePath) v1FileGroup.GET(""/content"", v1.GetFilerContent) v1FileGroup.POST(""/upload"", v1.PostFileUpload) v1FileGroup.GET(""/upload"", v1.GetFileUpload) v1FileGroup.GET(""/ws"", v1.ConnectWebSocket) v1FileGroup.GET(""/peers"", v1.GetPeers) } v1CloudGroup := v1Group.Group(""/cloud"") v1CloudGroup.Use() { v1CloudGroup.GET("""", v1.ListStorages) v1CloudGroup.DELETE("""", v1.UmountStorage) } v1DriverGroup := v1Group.Group(""/driver"") v1DriverGroup.Use() { v1DriverGroup.GET("""", v1.ListDriverInfo) } v1FolderGroup := v1Group.Group(""/folder"") v1FolderGroup.Use() { v1FolderGroup.PUT(""/name"", v1.RenamePath) v1FolderGroup.GET("""", v1.DirPath) v1FolderGroup.POST("""", v1.MkdirAll) v1FolderGroup.GET(""/size"", v1.GetSize) v1FolderGroup.GET(""/count"", v1.GetFileCount) } v1BatchGroup := v1Group.Group(""/batch"") v1BatchGroup.Use() { v1BatchGroup.DELETE("""", v1.DeleteFile) v1BatchGroup.DELETE(""/:id/task"", v1.DeleteOperateFileOrDir) v1BatchGroup.POST(""/task"", v1.PostOperateFileOrDir) v1BatchGroup.GET("""", v1.GetDownloadFile) } v1ImageGroup := v1Group.Group(""/image"") v1ImageGroup.Use() { v1ImageGroup.GET("""", v1.GetFileImage) } v1SambaGroup := v1Group.Group(""/samba"") v1SambaGroup.Use() { v1ConnectionsGroup := v1SambaGroup.Group(""/connections"") v1ConnectionsGroup.Use() { v1ConnectionsGroup.GET("""", v1.GetSambaConnectionsList) v1ConnectionsGroup.POST("""", v1.PostSambaConnectionsCreate) v1ConnectionsGroup.DELETE(""/:id"", v1.DeleteSambaConnections) } v1SharesGroup := v1SambaGroup.Group(""/shares"") v1SharesGroup.Use() { v1SharesGroup.GET("""", v1.GetSambaSharesList) v1SharesGroup.POST("""", v1.PostSambaSharesCreate) v1SharesGroup.DELETE(""/:id"", v1.DeleteSambaShares) v1SharesGroup.GET(""/status"", v1.GetSambaStatus) } } v1NotifyGroup := v1Group.Group(""/notify"") v1NotifyGroup.Use() { v1NotifyGroup.POST(""/:path"", v1.PostNotifyMessage) v1NotifyGroup.POST(""/system_status"", v1.PostSystemStatusNotify) } v1OtherGroup := v1Group.Group(""/other"") v1OtherGroup.Use() { v1OtherGroup.GET(""/search"", v1.GetSearchResult) } } return r }",True,Go,InitV1Router,v1.go,https://github.com/IceWhaleTech/CasaOS,IceWhaleTech,GitHub,2023-04-26 16:00:43+08:00,Update jwt (#1025),CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-37266,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2393,"func WorkspaceDidChangeConfiguration(srv *jrpc2.Server) jrpc2.Handler { return handler.New(func(ctx context.Context, params lsp.DidChangeConfigurationParams) (bool, error) { log.Info().Str(""method"", ""WorkspaceDidChangeConfiguration"").Interface(""params"", params).Msg(""RECEIVED"") defer log.Info().Str(""method"", ""WorkspaceDidChangeConfiguration"").Interface(""params"", params).Msg(""DONE"") emptySettings := lsp.Settings{} if params.Settings != emptySettings { UpdateSettings(ctx, params.Settings) return true, nil } if !config.CurrentConfig().ClientCapabilities().Workspace.Configuration { log.Info().Msg(""Pull model for workspace configuration not supported, ignoring workspace/didChangeConfiguration notification."") return false, nil } configRequestParams := lsp.ConfigurationParams{ Items: []lsp.ConfigurationItem{ {Section: ""snyk""}, }, } res, err := srv.Callback(ctx, ""workspace/configuration"", configRequestParams) if err != nil { return false, err } var fetchedSettings []lsp.Settings err = res.UnmarshalResult(&fetchedSettings) if err != nil { return false, err } if fetchedSettings[0] != emptySettings { UpdateSettings(ctx, fetchedSettings[0]) return true, nil } return false, nil }) }",True,Go,WorkspaceDidChangeConfiguration,configuration.go,https://github.com/snyk/snyk-ls,snyk,GitHub,2022-11-29 13:17:08+01:00,feat: add trust management mechanism (#187),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24441,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2407,"func WorkspaceDidChangeWorkspaceFoldersHandler() jrpc2.Handler { return handler.New(func(ctx context.Context, params lsp.DidChangeWorkspaceFoldersParams) (interface{}, error) { bgCtx := context.Background() log.Info().Str(""method"", ""WorkspaceDidChangeWorkspaceFoldersHandler"").Msg(""RECEIVING"") defer log.Info().Str(""method"", ""WorkspaceDidChangeWorkspaceFoldersHandler"").Msg(""SENDING"") workspace.Get().ProcessFolderChange(bgCtx, params) return nil, nil }) }",True,Go,WorkspaceDidChangeWorkspaceFoldersHandler,server.go,https://github.com/snyk/snyk-ls,snyk,GitHub,2022-11-29 13:17:08+01:00,feat: add trust management mechanism (#187),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24441,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2412,"func initHandlers(srv *jrpc2.Server, handlers *handler.Map) { (*handlers)[""initialize""] = InitializeHandler(srv) (*handlers)[""initialized""] = InitializedHandler(srv) (*handlers)[""textDocument/didOpen""] = TextDocumentDidOpenHandler() (*handlers)[""textDocument/didChange""] = NoOpHandler() (*handlers)[""textDocument/didClose""] = NoOpHandler() (*handlers)[""textDocument/didSave""] = TextDocumentDidSaveHandler() (*handlers)[""textDocument/hover""] = TextDocumentHover() (*handlers)[""textDocument/codeAction""] = CodeActionHandler() (*handlers)[""textDocument/codeLens""] = CodeLensHandler() (*handlers)[""textDocument/willSave""] = NoOpHandler() (*handlers)[""textDocument/willSaveWaitUntil""] = NoOpHandler() (*handlers)[""shutdown""] = Shutdown() (*handlers)[""exit""] = Exit(srv) (*handlers)[""workspace/didChangeWorkspaceFolders""] = WorkspaceDidChangeWorkspaceFoldersHandler() (*handlers)[""workspace/didChangeConfiguration""] = WorkspaceDidChangeConfiguration(srv) (*handlers)[""window/workDoneProgress/cancel""] = WindowWorkDoneProgressCancelHandler() (*handlers)[""workspace/executeCommand""] = ExecuteCommandHandler(srv) }",True,Go,initHandlers,server.go,https://github.com/snyk/snyk-ls,snyk,GitHub,2022-11-29 13:17:08+01:00,feat: add trust management mechanism (#187),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24441,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2415,"func Test_textDocumentDidOpenHandler_shouldAcceptDocumentItemAndPublishDiagnostics(t *testing.T) { loc := setupServer(t) didOpenParams, dir := didOpenTextParams(t) clientParams := lsp.InitializeParams{ RootURI: uri.PathToUri(dir), InitializationOptions: lsp.Settings{ ActivateSnykCode: ""true"", ActivateSnykOpenSource: ""false"", ActivateSnykIac: ""false"", Organization: ""fancy org"", Token: ""xxx"", ManageBinariesAutomatically: ""true"", CliPath: """", }, } _, err := loc.Client.Call(ctx, ""initialize"", clientParams) if err != nil { t.Fatal(err, ""couldn't initialize"") } _, err = loc.Client.Call(ctx, ""textDocument/didOpen"", didOpenParams) if err != nil { t.Fatal(err) } assert.Eventually( t, checkForPublishedDiagnostics(workspace.Get(), uri.PathFromUri(didOpenParams.TextDocument.URI), -1), 2*time.Second, 10*time.Millisecond, ) }",True,Go,Test_textDocumentDidOpenHandler_shouldAcceptDocumentItemAndPublishDiagnostics,server_test.go,https://github.com/snyk/snyk-ls,snyk,GitHub,2022-11-29 13:17:08+01:00,feat: add trust management mechanism (#187),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24441,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2426,"func (f *Folder) scan(ctx context.Context, path string) { issuesSlice := f.DocumentDiagnosticsFromCache(path) if issuesSlice != nil { log.Info().Str(""method"", ""domain.ide.workspace.folder.scan"").Msgf(""Cached results found: Skipping scan for %s"", path) f.processResults(issuesSlice) return } f.scanner.Scan(ctx, path, f.processResults, f.path) }",True,Go,scan,folder.go,https://github.com/snyk/snyk-ls,snyk,GitHub,2022-11-29 13:17:08+01:00,feat: add trust management mechanism (#187),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24441,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2428,"func TestProcessResults_whenDifferentPaths_AccumulatesIssues(t *testing.T) { testutil.UnitTest(t) f := NewFolder(""dummy"", ""dummy"", snyk.NewTestScanner(), hover.NewFakeHoverService()) f.processResults([]snyk.Issue{ {ID: ""id1"", AffectedFilePath: ""path1""}, {ID: ""id2"", AffectedFilePath: ""path2""}, }) f.processResults([]snyk.Issue{{ID: ""id3"", AffectedFilePath: ""path3""}}) assert.Equal(t, 3, f.documentDiagnosticCache.Length()) assert.NotNil(t, f.documentDiagnosticCache.Get(""path1"")) assert.NotNil(t, f.documentDiagnosticCache.Get(""path2"")) assert.NotNil(t, f.documentDiagnosticCache.Get(""path3"")) }",True,Go,TestProcessResults_whenDifferentPaths_AccumulatesIssues,folder_test.go,https://github.com/snyk/snyk-ls,snyk,GitHub,2022-11-29 13:17:08+01:00,feat: add trust management mechanism (#187),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24441,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2430,"func TestProcessResults_whenDifferentPaths_AddsToCache(t *testing.T) { testutil.UnitTest(t) f := NewFolder(""dummy"", ""dummy"", snyk.NewTestScanner(), hover.NewFakeHoverService()) f.processResults([]snyk.Issue{ {ID: ""id1"", AffectedFilePath: ""path1""}, {ID: ""id2"", AffectedFilePath: ""path2""}, }) assert.Equal(t, 2, f.documentDiagnosticCache.Length()) assert.NotNil(t, f.documentDiagnosticCache.Get(""path1"")) assert.NotNil(t, f.documentDiagnosticCache.Get(""path2"")) assert.Len(t, f.documentDiagnosticCache.Get(""path1""), 1) assert.Len(t, f.documentDiagnosticCache.Get(""path2""), 1) }",True,Go,TestProcessResults_whenDifferentPaths_AddsToCache,folder_test.go,https://github.com/snyk/snyk-ls,snyk,GitHub,2022-11-29 13:17:08+01:00,feat: add trust management mechanism (#187),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24441,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2440,"func TestProcessResults_whenSamePaths_AddsToCache(t *testing.T) { testutil.UnitTest(t) f := NewFolder(""dummy"", ""dummy"", snyk.NewTestScanner(), hover.NewFakeHoverService()) f.processResults([]snyk.Issue{ {ID: ""id1"", AffectedFilePath: ""path1""}, {ID: ""id2"", AffectedFilePath: ""path1""}, }) assert.Equal(t, 1, f.documentDiagnosticCache.Length()) assert.NotNil(t, f.documentDiagnosticCache.Get(""path1"")) assert.Len(t, f.documentDiagnosticCache.Get(""path1""), 2) }",True,Go,TestProcessResults_whenSamePaths_AddsToCache,folder_test.go,https://github.com/snyk/snyk-ls,snyk,GitHub,2022-11-29 13:17:08+01:00,feat: add trust management mechanism (#187),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24441,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2453,"func (w *Workspace) ScanWorkspace(ctx context.Context) { for _, folder := range w.folders { go folder.ScanFolder(ctx) } }",True,Go,ScanWorkspace,workspace.go,https://github.com/snyk/snyk-ls,snyk,GitHub,2022-11-29 13:17:08+01:00,feat: add trust management mechanism (#187),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24441,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2454,"func (w *Workspace) ClearIssues(ctx context.Context) { for _, folder := range w.folders { folder.ClearScannedStatus() folder.ClearDiagnostics() } w.hoverService.ClearAllHovers() }",True,Go,ClearIssues,workspace.go,https://github.com/snyk/snyk-ls,snyk,GitHub,2022-11-29 13:17:08+01:00,feat: add trust management mechanism (#187),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24441,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2455,"func (w *Workspace) DeleteFolder(folder string) { w.mutex.Lock() defer w.mutex.Unlock() delete(w.folders, folder) }",True,Go,DeleteFolder,workspace.go,https://github.com/snyk/snyk-ls,snyk,GitHub,2022-11-29 13:17:08+01:00,feat: add trust management mechanism (#187),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-24441,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2466,"func (ea *ExternalAuth) AuthPlain(username, password string) ([]string, error) { accountName, ok := auth.CheckDomainAuth(username, ea.perDomain, ea.domains) if !ok { return nil, module.ErrUnknownCredentials } return []string{username}, AuthUsingHelper(ea.helperPath, accountName, password) }",True,Go,AuthPlain,externalauth.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2469,"func (a *Auth) AuthPlain(username, password string) ([]string, error) { if a.useHelper { if err := external.AuthUsingHelper(a.helperPath, username, password); err != nil { return nil, err } } err := runPAMAuth(username, password) if err != nil { return nil, err } return []string{username}, nil }",True,Go,AuthPlain,module.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2477,"func TestPlainSplit_NoUser_MultiPass(t *testing.T) { a := Auth{ passwd: []module.PlainAuth{ mockAuth{ db: map[string][]string{ ""user2"": []string{""user2a"", ""user2b""}, }, }, mockAuth{ db: map[string][]string{ ""user1"": []string{""user1a"", ""user1b""}, }, }, }, } ids, err := a.AuthPlain(""user1"", ""aaa"") if err != nil { t.Fatal(""Unexpected error:"", err) } if !reflect.DeepEqual(ids, []string{""user1a"", ""user1b""}) { t.Fatal(""Wrong ids returned:"", ids) } }",True,Go,TestPlainSplit_NoUser_MultiPass,plain_separate_test.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2478,"func TestPlainSplit_UserPass(t *testing.T) { a := Auth{ userTbls: []module.Table{ mockTable{ db: map[string]string{ ""user1"": ""user2"", }, }, }, passwd: []module.PlainAuth{ mockAuth{ db: map[string][]string{ ""user2"": []string{""user2a"", ""user2b""}, }, }, mockAuth{ db: map[string][]string{ ""user1"": []string{""user1a"", ""user1b""}, }, }, }, } ids, err := a.AuthPlain(""user1"", ""aaa"") if err != nil { t.Fatal(""Unexpected error:"", err) } if !reflect.DeepEqual(ids, []string{""user2""}) { t.Fatal(""Wrong ids returned:"", ids) } }",True,Go,TestPlainSplit_UserPass,plain_separate_test.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2479,"func TestPlainSplit_NoUser(t *testing.T) { a := Auth{ passwd: []module.PlainAuth{ mockAuth{ db: map[string][]string{ ""user1"": []string{""user1a"", ""user1b""}, }, }, }, } ids, err := a.AuthPlain(""user1"", ""aaa"") if err != nil { t.Fatal(""Unexpected error:"", err) } if !reflect.DeepEqual(ids, []string{""user1a"", ""user1b""}) { t.Fatal(""Wrong ids returned:"", ids) } }",True,Go,TestPlainSplit_NoUser,plain_separate_test.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2480,"func (m mockAuth) AuthPlain(username, _ string) ([]string, error) { ids, ok := m.db[username] if !ok { return nil, errors.New(""invalid creds"") } return ids, nil }",True,Go,AuthPlain,plain_separate_test.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2482,"func filterIdentity(accounts []string, identity string) ([]string, error) { if identity == """" { return accounts, nil } matchFound := false for _, acc := range accounts { if precis.UsernameCaseMapped.Compare(acc, identity) { accounts = []string{identity} matchFound = true break } } if !matchFound { return nil, errors.New(""auth: invalid credentials"") } return accounts, nil }",True,Go,filterIdentity,sasl.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2486,"return sasl.NewLoginServer(func(username, password string) error { accounts, err := s.AuthPlain(username, password) if err != nil { s.Log.Error(""authentication failed"", err, ""username"", username, ""src_ip"", remoteAddr) return errors.New(""auth: invalid credentials"") } return successCb(accounts) })",True,Go,error,sasl.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2489,"srv := a.CreateSASL(""PLAIN"", &net.TCPAddr{}, func(passed []string) error { ids = passed return nil })",True,Go,error,sasl_test.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2492,"func (m mockAuth) AuthPlain(username, _ string) ([]string, error) { ids, ok := m.db[username] if !ok { return nil, errors.New(""invalid creds"") } return ids, nil }",True,Go,AuthPlain,sasl_test.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2493,"srv := a.CreateSASL(""XWHATEVER"", &net.TCPAddr{}, func([]string) error { return nil })",True,Go,error,sasl_test.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2494,"func (a *Auth) AuthPlain(username, password string) ([]string, error) { if a.useHelper { return []string{username}, external.AuthUsingHelper(a.helperPath, username, password) } ent, err := Lookup(username) if err != nil { return nil, err } if !ent.IsAccountValid() { return nil, fmt.Errorf(""shadow: account is expired"") } if !ent.IsPasswordValid() { return nil, fmt.Errorf(""shadow: password is expired"") } if err := ent.VerifyPassword(password); err != nil { if err == ErrWrongPassword { return nil, module.ErrUnknownCredentials } return nil, err } return []string{username}, nil }",True,Go,AuthPlain,module.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2499,"func (d *Dummy) SASLMechanisms() []string { return []string{sasl.Plain, sasl.Login} }",True,Go,SASLMechanisms,dummy.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2501,"func (store *Storage) AuthPlain(username, password string) ([]string, error) { defer trace.StartRegion(context.Background(), ""sql/AuthPlain"").End() accountName, err := prepareUsername(username) if err != nil { return nil, err } password, err = precis.OpaqueString.CompareKey(password) if err != nil { return nil, err } if !store.Back.CheckPlain(accountName, password) { return nil, module.ErrUnknownCredentials } return []string{username}, nil }",True,Go,AuthPlain,sql.go,https://github.com/foxcpp/maddy,foxcpp,fox.cpp,2020-02-28 01:38:40+03:00,"Revert authorization/authentication split

Authentication provider module is responsible only for authentication.
Nothing more. Access control (authorization) should be kept separate.",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-27582,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2505,"func (k Keeper) OnRecvPacket( ctx sdk.Context, packet channeltypes.Packet, ack exported.Acknowledgement, ) exported.Acknowledgement { params := k.GetParams(ctx) if !params.IsClaimsActive(ctx.BlockTime()) { return ack } var data transfertypes.FungibleTokenPacketData if err := transfertypes.ModuleCdc.UnmarshalJSON(packet.GetData(), &data); err != nil { err = sdkerrors.Wrapf(sdkerrors.ErrUnknownRequest, ""cannot unmarshal ICS-20 transfer packet data"") return channeltypes.NewErrorAcknowledgement(err.Error()) } bech32Prefix := strings.Split(data.Sender, ""1"")[0] if bech32Prefix == data.Sender { return channeltypes.NewErrorAcknowledgement( sdkerrors.Wrapf(sdkerrors.ErrInvalidAddress, ""invalid sender: %s"", data.Sender).Error(), ) } senderBz, err := sdk.GetFromBech32(data.Sender, bech32Prefix) if err != nil { return channeltypes.NewErrorAcknowledgement( sdkerrors.Wrapf(sdkerrors.ErrInvalidAddress, ""invalid sender %s, %s"", data.Sender, err.Error()).Error(), ) } sender := sdk.AccAddress(senderBz) recipient, err := sdk.AccAddressFromBech32(data.Receiver) if err != nil { return channeltypes.NewErrorAcknowledgement( sdkerrors.Wrapf(sdkerrors.ErrInvalidAddress, ""invalid receiver address %s"", err.Error()).Error(), ) } senderClaimsRecord, senderRecordFound := k.GetClaimsRecord(ctx, sender) recipientClaimsRecord, recipientRecordFound := k.GetClaimsRecord(ctx, recipient) switch { case senderRecordFound && recipientRecordFound: recipientClaimsRecord, err = k.MergeClaimsRecords(ctx, recipient, senderClaimsRecord, recipientClaimsRecord, params) if err != nil { return channeltypes.NewErrorAcknowledgement(err.Error()) } k.SetClaimsRecord(ctx, recipient, recipientClaimsRecord) k.DeleteClaimsRecord(ctx, sender) case senderRecordFound && !recipientRecordFound: k.SetClaimsRecord(ctx, recipient, senderClaimsRecord) k.DeleteClaimsRecord(ctx, sender) _, err = k.ClaimCoinsForAction(ctx, recipient, senderClaimsRecord, types.ActionIBCTransfer, params) case !senderRecordFound && recipientRecordFound: _, err = k.ClaimCoinsForAction(ctx, recipient, recipientClaimsRecord, types.ActionIBCTransfer, params) case !senderRecordFound && !recipientRecordFound: return ack } if err != nil { return channeltypes.NewErrorAcknowledgement(err.Error()) } return ack }",True,Go,OnRecvPacket,ibc_callbacks.go,https://github.com/tharsis/evmos,tharsis,GitHub,2022-03-06 18:37:08+01:00,"Merge pull request from GHSA-5jgq-x857-p8xw

* fix: only enable claims from authorized channels

* changelog

* changelog 2

* fix tests

* rename to authorized

* update forks

* upgrade height

* check for EVM chains

* bonded ration adjustment

* update genesis

* fixes

* swagger",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-24738,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2506,"test func() }{ { ""params disabled"", func() { params := suite.app.ClaimsKeeper.GetParams(suite.ctx) params.EnableClaims = false suite.app.ClaimsKeeper.SetParams(suite.ctx, params) resAck := suite.app.ClaimsKeeper.OnRecvPacket(suite.ctx, mockpacket, ack) suite.Require().Equal(ack, resAck) }, }, { ""non ics20 packet"", func() { err := sdkerrors.Wrapf(sdkerrors.ErrUnknownRequest, ""cannot unmarshal ICS-20 transfer packet data"") expectedAck := channeltypes.NewErrorAcknowledgement(err.Error()) resAck := suite.app.ClaimsKeeper.OnRecvPacket(suite.ctx, mockpacket, ack) suite.Require().Equal(expectedAck, resAck) }, }, { ""invalid sender"", func() { transfer := transfertypes.NewFungibleTokenPacketData(""aevmos"", ""100"", ""evmos"", receiver) bz := transfertypes.ModuleCdc.MustMarshalJSON(&transfer) packet := channeltypes.NewPacket(bz, 1, ""port"", ""channel"", ""port2"", ""channel2"", timeoutHeight, 0) resAck := suite.app.ClaimsKeeper.OnRecvPacket(suite.ctx, packet, ack) suite.Require().False(resAck.Success()) }, }, { ""invalid sender"", func() { transfer := transfertypes.NewFungibleTokenPacketData(""aevmos"", ""100"", ""badba1sv9m0g7ycejwr3s369km58h5qe7xj77hvcxrms"", receiver) bz := transfertypes.ModuleCdc.MustMarshalJSON(&transfer) packet := channeltypes.NewPacket(bz, 1, ""port"", ""channel"", ""port2"", ""channel2"", timeoutHeight, 0) resAck := suite.app.ClaimsKeeper.OnRecvPacket(suite.ctx, packet, ack) suite.Require().False(resAck.Success()) }, }, { ""invalid recipient"", func() { transfer := transfertypes.NewFungibleTokenPacketData(""aevmos"", ""100"", receiver, ""badbadhf0468jjpe6m6vx38s97z2qqe8ldu0njdyf625"") bz := transfertypes.ModuleCdc.MustMarshalJSON(&transfer) packet := channeltypes.NewPacket(bz, 1, ""port"", ""channel"", ""port2"", ""channel2"", timeoutHeight, 0) resAck := suite.app.ClaimsKeeper.OnRecvPacket(suite.ctx, packet, ack) suite.Require().False(resAck.Success()) }, }, { ""correct"", func() { transfer := transfertypes.NewFungibleTokenPacketData(""aevmos"", ""100"", sender, receiver) bz := transfertypes.ModuleCdc.MustMarshalJSON(&transfer) packet := channeltypes.NewPacket(bz, 1, ""port"", ""channel"", ""port2"", ""channel2"", timeoutHeight, 0) resAck := suite.app.ClaimsKeeper.OnRecvPacket(suite.ctx, packet, ack) suite.Require().True(resAck.Success()) }, }, } for _, tc := range testCases { suite.Run(fmt.Sprintf(""Case %s"", tc.name), func() { suite.SetupClaimTest() tc.test() }) } }",True,Go,},ibc_callbacks_test.go,https://github.com/tharsis/evmos,tharsis,GitHub,2022-03-06 18:37:08+01:00,"Merge pull request from GHSA-5jgq-x857-p8xw

* fix: only enable claims from authorized channels

* changelog

* changelog 2

* fix tests

* rename to authorized

* update forks

* upgrade height

* check for EVM chains

* bonded ration adjustment

* update genesis

* fixes

* swagger",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-24738,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2509,func (AppModule) ConsensusVersion() uint64 { return 1 },True,Go,ConsensusVersion,module.go,https://github.com/tharsis/evmos,tharsis,GitHub,2022-03-06 18:37:08+01:00,"Merge pull request from GHSA-5jgq-x857-p8xw

* fix: only enable claims from authorized channels

* changelog

* changelog 2

* fix tests

* rename to authorized

* update forks

* upgrade height

* check for EVM chains

* bonded ration adjustment

* update genesis

* fixes

* swagger",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-24738,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2513,func (AppModuleBasic) ConsensusVersion() uint64 { return 1 },True,Go,ConsensusVersion,module.go,https://github.com/tharsis/evmos,tharsis,GitHub,2022-03-06 18:37:08+01:00,"Merge pull request from GHSA-5jgq-x857-p8xw

* fix: only enable claims from authorized channels

* changelog

* changelog 2

* fix tests

* rename to authorized

* update forks

* upgrade height

* check for EVM chains

* bonded ration adjustment

* update genesis

* fixes

* swagger",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-24738,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2514,"func InitGenesis( ctx sdk.Context, k keeper.Keeper, ak types.AccountKeeper, sk types.StakingKeeper, data types.GenesisState, ) { if acc := ak.GetModuleAccount(ctx, types.ModuleName); acc == nil { panic(""the inflation module account has not been set"") } params := data.Params k.SetParams(ctx, params) period := data.Period k.SetPeriod(ctx, period) epochIdentifier := data.EpochIdentifier k.SetEpochIdentifier(ctx, epochIdentifier) epochsPerPeriod := data.EpochsPerPeriod k.SetEpochsPerPeriod(ctx, epochsPerPeriod) bondedRatio := sk.BondedRatio(ctx) epochMintProvision := types.CalculateEpochMintProvision( params, period, epochsPerPeriod, bondedRatio, ) k.SetEpochMintProvision(ctx, epochMintProvision) }",True,Go,InitGenesis,genesis.go,https://github.com/tharsis/evmos,tharsis,GitHub,2022-03-06 18:37:08+01:00,"Merge pull request from GHSA-5jgq-x857-p8xw

* fix: only enable claims from authorized channels

* changelog

* changelog 2

* fix tests

* rename to authorized

* update forks

* upgrade height

* check for EVM chains

* bonded ration adjustment

* update genesis

* fixes

* swagger",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-24738,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2517,"func (k Keeper) AfterEpochEnd(ctx sdk.Context, epochIdentifier string, epochNumber int64) { params := k.GetParams(ctx) expEpochID := k.GetEpochIdentifier(ctx) if epochIdentifier != expEpochID { return } epochMintProvision, found := k.GetEpochMintProvision(ctx) if !found { panic(""the epochMintProvision was not found"") } mintedCoin := sdk.NewCoin(params.MintDenom, epochMintProvision.TruncateInt()) if err := k.MintAndAllocateInflation(ctx, mintedCoin); err != nil { panic(err) } period := k.GetPeriod(ctx) epochsPerPeriod := k.GetEpochsPerPeriod(ctx) newProvision := epochMintProvision if epochNumber-epochsPerPeriod*int64(period) > epochsPerPeriod { period++ k.SetPeriod(ctx, period) period = k.GetPeriod(ctx) bondedRatio := k.stakingKeeper.BondedRatio(ctx) newProvision = types.CalculateEpochMintProvision( params, period, epochsPerPeriod, bondedRatio, ) k.SetEpochMintProvision(ctx, newProvision) } ctx.EventManager().EmitEvent( sdk.NewEvent( types.EventTypeMint, sdk.NewAttribute(types.AttributeEpochNumber, fmt.Sprintf(""%d"", epochNumber)), sdk.NewAttribute(types.AttributeKeyEpochProvisions, newProvision.String()), sdk.NewAttribute(sdk.AttributeKeyAmount, mintedCoin.Amount.String()), ), ) }",True,Go,AfterEpochEnd,hooks.go,https://github.com/tharsis/evmos,tharsis,GitHub,2022-03-06 18:37:08+01:00,"Merge pull request from GHSA-5jgq-x857-p8xw

* fix: only enable claims from authorized channels

* changelog

* changelog 2

* fix tests

* rename to authorized

* update forks

* upgrade height

* check for EVM chains

* bonded ration adjustment

* update genesis

* fixes

* swagger",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-24738,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2528,"func TestBuilder_BuildBootstrapLayeredRuntime(t *testing.T) { b := New(""localhost:1111"", ""localhost:2222"", filemgr.NewManager(), nil) staticCfg, err := b.BuildBootstrapLayeredRuntime() assert.NoError(t, err) testutil.AssertProtoJSONEqual(t, ` { ""layers"": [{ ""name"": ""static_layer_0"", ""staticLayer"": { ""overload"": { ""global_downstream_max_connections"": 50000 } } }] } `, staticCfg) }",True,Go,TestBuilder_BuildBootstrapLayeredRuntime,bootstrap_test.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2530,"func TestBuilder_BuildBootstrapStaticResources(t *testing.T) { t.Run(""valid"", func(t *testing.T) { b := New(""localhost:1111"", ""localhost:2222"", filemgr.NewManager(), nil) staticCfg, err := b.BuildBootstrapStaticResources() assert.NoError(t, err) testutil.AssertProtoJSONEqual(t, ` { ""clusters"": [ { ""name"": ""pomerium-control-plane-grpc"", ""type"": ""STATIC"", ""connectTimeout"": ""5s"", ""http2ProtocolOptions"": {}, ""loadAssignment"": { ""clusterName"": ""pomerium-control-plane-grpc"", ""endpoints"": [{ ""lbEndpoints"": [{ ""endpoint"": { ""address"": { ""socketAddress"":{ ""address"": ""127.0.0.1"", ""portValue"": 1111 } } } }] }] } } ] } `, staticCfg) }) t.Run(""bad gRPC address"", func(t *testing.T) { b := New(""xyz:zyx"", ""localhost:2222"", filemgr.NewManager(), nil) _, err := b.BuildBootstrapStaticResources() assert.Error(t, err) }) }",True,Go,TestBuilder_BuildBootstrapStaticResources,bootstrap_test.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2534,"func New( localGRPCAddress string, localHTTPAddress string, fileManager *filemgr.Manager, reproxyHandler *reproxy.Handler, ) *Builder { return &Builder{ localGRPCAddress: localGRPCAddress, localHTTPAddress: localHTTPAddress, filemgr: fileManager, reproxy: reproxyHandler, } }",True,Go,New,builder.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2537,"func Test_bindConfig(t *testing.T) { ctx, clearTimeout := context.WithTimeout(context.Background(), time.Second*10) defer clearTimeout() b := New(""local-grpc"", ""local-http"", filemgr.NewManager(), nil) t.Run(""no bind config"", func(t *testing.T) { cluster, err := b.buildPolicyCluster(ctx, &config.Options{}, &config.Policy{ From: ""https: To: mustParseWeightedURLs(t, ""https: }) assert.NoError(t, err) assert.Nil(t, cluster.UpstreamBindConfig) }) t.Run(""freebind"", func(t *testing.T) { cluster, err := b.buildPolicyCluster(ctx, &config.Options{ EnvoyBindConfigFreebind: null.BoolFrom(true), }, &config.Policy{ From: ""https: To: mustParseWeightedURLs(t, ""https: }) assert.NoError(t, err) testutil.AssertProtoJSONEqual(t, ` { ""freebind"": true, ""sourceAddress"": { ""address"": ""0.0.0.0"", ""portValue"": 0 } } `, cluster.UpstreamBindConfig) }) t.Run(""source address"", func(t *testing.T) { cluster, err := b.buildPolicyCluster(ctx, &config.Options{ EnvoyBindConfigSourceAddress: ""192.168.0.1"", }, &config.Policy{ From: ""https: To: mustParseWeightedURLs(t, ""https: }) assert.NoError(t, err) testutil.AssertProtoJSONEqual(t, ` { ""sourceAddress"": { ""address"": ""192.168.0.1"", ""portValue"": 0 } } `, cluster.UpstreamBindConfig) }) }",True,Go,Test_bindConfig,clusters_test.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2543,"func (b *Builder) buildMetricsHTTPConnectionManagerFilter() (*envoy_config_listener_v3.Filter, error) { rc, err := b.buildRouteConfiguration(""metrics"", []*envoy_config_route_v3.VirtualHost{{ Name: ""metrics"", Domains: []string{""*""}, Routes: []*envoy_config_route_v3.Route{{ Name: ""metrics"", Match: &envoy_config_route_v3.RouteMatch{ PathSpecifier: &envoy_config_route_v3.RouteMatch_Prefix{Prefix: ""/""}, }, Action: &envoy_config_route_v3.Route_Route{ Route: &envoy_config_route_v3.RouteAction{ ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: ""pomerium-control-plane-http"", }, }, }, }}, }}) if err != nil { return nil, err } tc := marshalAny(&envoy_http_connection_manager.HttpConnectionManager{ CodecType: envoy_http_connection_manager.HttpConnectionManager_AUTO, StatPrefix: ""metrics"", RouteSpecifier: &envoy_http_connection_manager.HttpConnectionManager_RouteConfig{ RouteConfig: rc, }, HttpFilters: []*envoy_http_connection_manager.HttpFilter{{ Name: ""envoy.filters.http.router"", }}, }) return &envoy_config_listener_v3.Filter{ Name: ""envoy.filters.network.http_connection_manager"", ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ TypedConfig: tc, }, }, nil }",True,Go,buildMetricsHTTPConnectionManagerFilter,listeners.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2546,"func Test_buildDownstreamTLSContext(t *testing.T) { b := New(""local-grpc"", ""local-http"", filemgr.NewManager(), nil) cacheDir, _ := os.UserCacheDir() certFileName := filepath.Join(cacheDir, ""pomerium"", ""envoy"", ""files"", ""tls-crt-354e49305a5a39414a545530374e58454e48334148524c4e324258463837364355564c4e4532464b54355139495547514a38.pem"") keyFileName := filepath.Join(cacheDir, ""pomerium"", ""envoy"", ""files"", ""tls-key-3350415a38414e4e4a4655424e55393430474147324651433949384e485341334b5157364f424b4c5856365a545937383735.pem"") t.Run(""no-validation"", func(t *testing.T) { downstreamTLSContext := b.buildDownstreamTLSContext(context.Background(), &config.Config{Options: &config.Options{ Cert: aExampleComCert, Key: aExampleComKey, }}, ""a.example.com"") testutil.AssertProtoJSONEqual(t, `{ ""commonTlsContext"": { ""tlsParams"": { ""cipherSuites"": [ ""ECDHE-ECDSA-AES256-GCM-SHA384"", ""ECDHE-RSA-AES256-GCM-SHA384"", ""ECDHE-ECDSA-AES128-GCM-SHA256"", ""ECDHE-RSA-AES128-GCM-SHA256"", ""ECDHE-ECDSA-CHACHA20-POLY1305"", ""ECDHE-RSA-CHACHA20-POLY1305"" ], ""tlsMinimumProtocolVersion"": ""TLSv1_2"" }, ""alpnProtocols"": [""h2"", ""http/1.1""], ""tlsCertificates"": [ { ""certificateChain"": { ""filename"": ""`+certFileName+`"" }, ""privateKey"": { ""filename"": ""`+keyFileName+`"" } } ] } }`, downstreamTLSContext) }) t.Run(""client-ca"", func(t *testing.T) { downstreamTLSContext := b.buildDownstreamTLSContext(context.Background(), &config.Config{Options: &config.Options{ Cert: aExampleComCert, Key: aExampleComKey, ClientCA: ""TEST"", }}, ""a.example.com"") testutil.AssertProtoJSONEqual(t, `{ ""commonTlsContext"": { ""tlsParams"": { ""cipherSuites"": [ ""ECDHE-ECDSA-AES256-GCM-SHA384"", ""ECDHE-RSA-AES256-GCM-SHA384"", ""ECDHE-ECDSA-AES128-GCM-SHA256"", ""ECDHE-RSA-AES128-GCM-SHA256"", ""ECDHE-ECDSA-CHACHA20-POLY1305"", ""ECDHE-RSA-CHACHA20-POLY1305"" ], ""tlsMinimumProtocolVersion"": ""TLSv1_2"" }, ""alpnProtocols"": [""h2"", ""http/1.1""], ""tlsCertificates"": [ { ""certificateChain"": { ""filename"": ""`+certFileName+`"" }, ""privateKey"": { ""filename"": ""`+keyFileName+`"" } } ], ""validationContext"": { ""trustChainVerification"": ""ACCEPT_UNTRUSTED"" } } }`, downstreamTLSContext) }) t.Run(""policy-client-ca"", func(t *testing.T) { downstreamTLSContext := b.buildDownstreamTLSContext(context.Background(), &config.Config{Options: &config.Options{ Cert: aExampleComCert, Key: aExampleComKey, Policies: []config.Policy{ { Source: &config.StringURL{URL: mustParseURL(t, ""https: TLSDownstreamClientCA: ""TEST"", }, }, }}, ""a.example.com"") testutil.AssertProtoJSONEqual(t, `{ ""commonTlsContext"": { ""tlsParams"": { ""cipherSuites"": [ ""ECDHE-ECDSA-AES256-GCM-SHA384"", ""ECDHE-RSA-AES256-GCM-SHA384"", ""ECDHE-ECDSA-AES128-GCM-SHA256"", ""ECDHE-RSA-AES128-GCM-SHA256"", ""ECDHE-ECDSA-CHACHA20-POLY1305"", ""ECDHE-RSA-CHACHA20-POLY1305"" ], ""tlsMinimumProtocolVersion"": ""TLSv1_2"" }, ""alpnProtocols"": [""h2"", ""http/1.1""], ""tlsCertificates"": [ { ""certificateChain"": { ""filename"": ""`+certFileName+`"" }, ""privateKey"": { ""filename"": ""`+keyFileName+`"" } } ], ""validationContext"": { ""trustChainVerification"": ""ACCEPT_UNTRUSTED"" } } }`, downstreamTLSContext) }) t.Run(""http1"", func(t *testing.T) { downstreamTLSContext := b.buildDownstreamTLSContext(context.Background(), &config.Config{Options: &config.Options{ Cert: aExampleComCert, Key: aExampleComKey, CodecType: config.CodecTypeHTTP1, }}, ""a.example.com"") testutil.AssertProtoJSONEqual(t, `{ ""commonTlsContext"": { ""tlsParams"": { ""cipherSuites"": [ ""ECDHE-ECDSA-AES256-GCM-SHA384"", ""ECDHE-RSA-AES256-GCM-SHA384"", ""ECDHE-ECDSA-AES128-GCM-SHA256"", ""ECDHE-RSA-AES128-GCM-SHA256"", ""ECDHE-ECDSA-CHACHA20-POLY1305"", ""ECDHE-RSA-CHACHA20-POLY1305"" ], ""tlsMinimumProtocolVersion"": ""TLSv1_2"" }, ""alpnProtocols"": [""http/1.1""], ""tlsCertificates"": [ { ""certificateChain"": { ""filename"": ""`+certFileName+`"" }, ""privateKey"": { ""filename"": ""`+keyFileName+`"" } } ] } }`, downstreamTLSContext) }) t.Run(""http2"", func(t *testing.T) { downstreamTLSContext := b.buildDownstreamTLSContext(context.Background(), &config.Config{Options: &config.Options{ Cert: aExampleComCert, Key: aExampleComKey, CodecType: config.CodecTypeHTTP2, }}, ""a.example.com"") testutil.AssertProtoJSONEqual(t, `{ ""commonTlsContext"": { ""tlsParams"": { ""cipherSuites"": [ ""ECDHE-ECDSA-AES256-GCM-SHA384"", ""ECDHE-RSA-AES256-GCM-SHA384"", ""ECDHE-ECDSA-AES128-GCM-SHA256"", ""ECDHE-RSA-AES128-GCM-SHA256"", ""ECDHE-ECDSA-CHACHA20-POLY1305"", ""ECDHE-RSA-CHACHA20-POLY1305"" ], ""tlsMinimumProtocolVersion"": ""TLSv1_2"" }, ""alpnProtocols"": [""h2""], ""tlsCertificates"": [ { ""certificateChain"": { ""filename"": ""`+certFileName+`"" }, ""privateKey"": { ""filename"": ""`+keyFileName+`"" } } ] } }`, downstreamTLSContext) }) }",True,Go,Test_buildDownstreamTLSContext,listeners_test.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2552,"func Test_buildMetricsHTTPConnectionManagerFilter(t *testing.T) { cacheDir, _ := os.UserCacheDir() certFileName := filepath.Join(cacheDir, ""pomerium"", ""envoy"", ""files"", ""tls-crt-354e49305a5a39414a545530374e58454e48334148524c4e324258463837364355564c4e4532464b54355139495547514a38.pem"") keyFileName := filepath.Join(cacheDir, ""pomerium"", ""envoy"", ""files"", ""tls-key-3350415a38414e4e4a4655424e55393430474147324651433949384e485341334b5157364f424b4c5856365a545937383735.pem"") b := New(""local-grpc"", ""local-http"", filemgr.NewManager(), nil) li, err := b.buildMetricsListener(&config.Config{ Options: &config.Options{ MetricsAddr: ""127.0.0.1:9902"", MetricsCertificate: aExampleComCert, MetricsCertificateKey: aExampleComKey, }, }) require.NoError(t, err) testutil.AssertProtoJSONEqual(t, ` { ""name"": ""metrics-ingress-1566242852377945326"", ""perConnectionBufferLimitBytes"": 32768, ""address"": { ""socketAddress"": { ""address"": ""127.0.0.1"", ""ipv4Compat"": true, ""portValue"": 9902 } }, ""filterChains"": [{ ""filters"": [{ ""name"": ""envoy.filters.network.http_connection_manager"", ""typedConfig"": { ""@type"": ""type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"", ""httpFilters"": [{ ""name"": ""envoy.filters.http.router"" }], ""routeConfig"": { ""name"": ""metrics"", ""validateClusters"": false, ""virtualHosts"": [{ ""name"": ""metrics"", ""domains"": [""*""], ""routes"": [{ ""name"": ""metrics"", ""match"": { ""prefix"": ""/"" }, ""route"": { ""cluster"": ""pomerium-control-plane-http"" } }] }] }, ""statPrefix"": ""metrics"" } }], ""transportSocket"": { ""name"": ""tls"", ""typedConfig"": { ""@type"": ""type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext"", ""commonTlsContext"": { ""tlsParams"": { ""cipherSuites"": [ ""ECDHE-ECDSA-AES256-GCM-SHA384"", ""ECDHE-RSA-AES256-GCM-SHA384"", ""ECDHE-ECDSA-AES128-GCM-SHA256"", ""ECDHE-RSA-AES128-GCM-SHA256"", ""ECDHE-ECDSA-CHACHA20-POLY1305"", ""ECDHE-RSA-CHACHA20-POLY1305"" ], ""tlsMinimumProtocolVersion"": ""TLSv1_2"" }, ""alpnProtocols"": [""h2"", ""http/1.1""], ""tlsCertificates"": [ { ""certificateChain"": { ""filename"": ""`+certFileName+`"" }, ""privateKey"": { ""filename"": ""`+keyFileName+`"" } } ] } } } }] }`, li) }",True,Go,Test_buildMetricsHTTPConnectionManagerFilter,listeners_test.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2554,"func (b *Builder) buildControlPlanePathRoute(path string, protected bool) (*envoy_config_route_v3.Route, error) { r := &envoy_config_route_v3.Route{ Name: ""pomerium-path-"" + path, Match: &envoy_config_route_v3.RouteMatch{ PathSpecifier: &envoy_config_route_v3.RouteMatch_Path{Path: path}, }, Action: &envoy_config_route_v3.Route_Route{ Route: &envoy_config_route_v3.RouteAction{ ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: httpCluster, }, }, }, } if !protected { r.TypedPerFilterConfig = map[string]*any.Any{ ""envoy.filters.http.ext_authz"": disableExtAuthz, } } return r, nil }",True,Go,buildControlPlanePathRoute,routes.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2557,"func (b *Builder) buildPomeriumHTTPRoutes(options *config.Options, domain string) ([]*envoy_config_route_v3.Route, error) { var routes []*envoy_config_route_v3.Route isFrontingAuthenticate, err := isProxyFrontingAuthenticate(options, domain) if err != nil { return nil, err } if !isFrontingAuthenticate { r, err := b.buildControlPlanePathRoute(""/.pomerium/jwt"", true) if err != nil { return nil, err } routes = append(routes, r) r, err = b.buildControlPlanePathRoute(""/ping"", false) if err != nil { return nil, err } routes = append(routes, r) r, err = b.buildControlPlanePathRoute(""/healthz"", false) if err != nil { return nil, err } routes = append(routes, r) r, err = b.buildControlPlanePathRoute(""/.pomerium"", false) if err != nil { return nil, err } routes = append(routes, r) r, err = b.buildControlPlanePrefixRoute(""/.pomerium/"", false) if err != nil { return nil, err } routes = append(routes, r) r, err = b.buildControlPlanePathRoute(""/.well-known/pomerium"", false) if err != nil { return nil, err } routes = append(routes, r) r, err = b.buildControlPlanePrefixRoute(""/.well-known/pomerium/"", false) if err != nil { return nil, err } routes = append(routes, r) if !hasPublicPolicyMatchingURL(options, url.URL{Scheme: ""https"", Host: domain, Path: ""/robots.txt""}) { r, err := b.buildControlPlanePathRoute(""/robots.txt"", false) if err != nil { return nil, err } routes = append(routes, r) } } authenticateURL, err := options.GetInternalAuthenticateURL() if err != nil { return nil, err } if config.IsAuthenticate(options.Services) && hostMatchesDomain(authenticateURL, domain) { r, err := b.buildControlPlanePrefixRoute(""/"", false) if err != nil { return nil, err } routes = append(routes, r) } forwardAuthURL, err := options.GetForwardAuthURL() if err != nil { return nil, err } if config.IsProxy(options.Services) && hostMatchesDomain(forwardAuthURL, domain) { r, err := b.buildControlPlanePathAndQueryRoute(""/verify"", []string{urlutil.QueryForwardAuthURI, urlutil.QuerySessionEncrypted, urlutil.QueryRedirectURI}) if err != nil { return nil, err } routes = append(routes, r) r, err = b.buildControlPlanePathAndQueryRoute(""/"", []string{urlutil.QueryForwardAuthURI, urlutil.QuerySessionEncrypted, urlutil.QueryRedirectURI}) if err != nil { return nil, err } routes = append(routes, r) r, err = b.buildControlPlanePathAndQueryRoute(""/"", []string{urlutil.QueryForwardAuthURI}) if err != nil { return nil, err } routes = append(routes, r) r, err = b.buildControlPlaneProtectedPrefixRoute(""/"") if err != nil { return nil, err } routes = append(routes, r) } return routes, nil }",True,Go,buildPomeriumHTTPRoutes,routes.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2559,"func (b *Builder) buildControlPlanePrefixRoute(prefix string, protected bool) (*envoy_config_route_v3.Route, error) { r := &envoy_config_route_v3.Route{ Name: ""pomerium-prefix-"" + prefix, Match: &envoy_config_route_v3.RouteMatch{ PathSpecifier: &envoy_config_route_v3.RouteMatch_Prefix{Prefix: prefix}, }, Action: &envoy_config_route_v3.Route_Route{ Route: &envoy_config_route_v3.RouteAction{ ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: httpCluster, }, }, }, } if !protected { r.TypedPerFilterConfig = map[string]*any.Any{ ""envoy.filters.http.ext_authz"": disableExtAuthz, } } return r, nil }",True,Go,buildControlPlanePrefixRoute,routes.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2562,"func Test_buildControlPlanePathRoute(t *testing.T) { b := &Builder{filemgr: filemgr.NewManager()} route, err := b.buildControlPlanePathRoute(""/hello/world"", false) require.NoError(t, err) testutil.AssertProtoJSONEqual(t, ` { ""name"": ""pomerium-path-/hello/world"", ""match"": { ""path"": ""/hello/world"" }, ""route"": { ""cluster"": ""pomerium-control-plane-http"" }, ""typedPerFilterConfig"": { ""envoy.filters.http.ext_authz"": { ""@type"": ""type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute"", ""disabled"": true } } } `, route) }",True,Go,Test_buildControlPlanePathRoute,routes_test.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2564,"routeString := func(typ, name string, protected bool) string { str := `{ ""name"": ""pomerium-` + typ + `-` + name + `"", ""match"": { ""` + typ + `"": ""` + name + `"" }, ""route"": { ""cluster"": ""pomerium-control-plane-http"" } ` if !protected { str += `, ""typedPerFilterConfig"": { ""envoy.filters.http.ext_authz"": { ""@type"": ""type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute"", ""disabled"": true } } ` } str += ""}"" return str } t.Run(""authenticate"", func(t *testing.T) { options := &config.Options{ Services: ""all"", AuthenticateURLString: ""https: AuthenticateCallbackPath: ""/oauth2/callback"", ForwardAuthURLString: ""https: } routes, err := b.buildPomeriumHTTPRoutes(options, ""authenticate.example.com"") require.NoError(t, err) testutil.AssertProtoJSONEqual(t, `[ `+routeString(""path"", ""/.pomerium/jwt"", true)+`, `+routeString(""path"", ""/ping"", false)+`, `+routeString(""path"", ""/healthz"", false)+`, `+routeString(""path"", ""/.pomerium"", false)+`, `+routeString(""prefix"", ""/.pomerium/"", false)+`, `+routeString(""path"", ""/.well-known/pomerium"", false)+`, `+routeString(""prefix"", ""/.well-known/pomerium/"", false)+`, `+routeString(""path"", ""/robots.txt"", false)+`, `+routeString(""prefix"", ""/"", false)+` ]`, routes) }) t.Run(""proxy fronting authenticate"", func(t *testing.T) { options := &config.Options{ Services: ""proxy"", AuthenticateURLString: ""https: AuthenticateCallbackPath: ""/oauth2/callback"", } routes, err := b.buildPomeriumHTTPRoutes(options, ""authenticate.example.com"") require.NoError(t, err) testutil.AssertProtoJSONEqual(t, ""null"", routes) }) t.Run(""with robots"", func(t *testing.T) { options := &config.Options{ Services: ""all"", AuthenticateURLString: ""https: AuthenticateCallbackPath: ""/oauth2/callback"", ForwardAuthURLString: ""https: Policies: []config.Policy{{ From: ""https: To: mustParseWeightedURLs(t, ""https: }}, } _ = options.Policies[0].Validate() routes, err := b.buildPomeriumHTTPRoutes(options, ""from.example.com"") require.NoError(t, err) testutil.AssertProtoJSONEqual(t, `[ `+routeString(""path"", ""/.pomerium/jwt"", true)+`, `+routeString(""path"", ""/ping"", false)+`, `+routeString(""path"", ""/healthz"", false)+`, `+routeString(""path"", ""/.pomerium"", false)+`, `+routeString(""prefix"", ""/.pomerium/"", false)+`, `+routeString(""path"", ""/.well-known/pomerium"", false)+`, `+routeString(""prefix"", ""/.well-known/pomerium/"", false)+`, `+routeString(""path"", ""/robots.txt"", false)+` ]`, routes) }) t.Run(""without robots"", func(t *testing.T) { options := &config.Options{ Services: ""all"", AuthenticateURLString: ""https: AuthenticateCallbackPath: ""/oauth2/callback"", ForwardAuthURLString: ""https: Policies: []config.Policy{{ From: ""https: To: mustParseWeightedURLs(t, ""https: AllowPublicUnauthenticatedAccess: true, }}, } _ = options.Policies[0].Validate() routes, err := b.buildPomeriumHTTPRoutes(options, ""from.example.com"") require.NoError(t, err) testutil.AssertProtoJSONEqual(t, `[ `+routeString(""path"", ""/.pomerium/jwt"", true)+`, `+routeString(""path"", ""/ping"", false)+`, `+routeString(""path"", ""/healthz"", false)+`, `+routeString(""path"", ""/.pomerium"", false)+`, `+routeString(""prefix"", ""/.pomerium/"", false)+`, `+routeString(""path"", ""/.well-known/pomerium"", false)+`, `+routeString(""prefix"", ""/.well-known/pomerium/"", false)+` ]`, routes) }) }",True,Go,string,routes_test.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2566,"func (mgr *MetricsManager) updateInfo(cfg *Config) { serviceName := telemetry.ServiceName(cfg.Options.Services) if serviceName == mgr.serviceName { return } hostname, err := os.Hostname() if err != nil { log.Error(context.TODO()).Err(err).Msg(""telemetry/metrics: failed to get OS hostname"") hostname = ""__unknown__"" } metrics.SetBuildInfo(serviceName, hostname, cfg.EnvoyVersion) mgr.serviceName = serviceName }",True,Go,updateInfo,metrics.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2022-03-30 09:37:37-06:00,authenticate: fix debug and metrics endpoints (#3212),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-24797,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2576,"func NewHeadersRequestFromPolicy(policy *config.Policy, hostname string) *HeadersRequest { input := new(HeadersRequest) input.EnableGoogleCloudServerlessAuthentication = policy.EnableGoogleCloudServerlessAuthentication input.EnableRoutingKey = policy.EnvoyOpts.GetLbPolicy() == envoy_config_cluster_v3.Cluster_RING_HASH || policy.EnvoyOpts.GetLbPolicy() == envoy_config_cluster_v3.Cluster_MAGLEV input.Issuer = hostname input.KubernetesServiceAccountToken = policy.KubernetesServiceAccountToken for _, wu := range policy.To { input.ToAudience = ""https: } input.PassAccessToken = policy.GetSetAuthorizationHeader() == configpb.Route_ACCESS_TOKEN input.PassIDToken = policy.GetSetAuthorizationHeader() == configpb.Route_ID_TOKEN return input }",True,Go,NewHeadersRequestFromPolicy,headers_evaluator.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2023-05-26 13:34:21-07:00,"Merge pull request from GHSA-pvrc-wvj2-f59p

* authorize: use route id from envoy for policy evaluation

* authorize: normalize URL query params

* config: enable envoy normalize_path option

* fix tests

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2023-33189,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2580,"func (a *Authorize) getMatchingPolicy(requestURL url.URL) *config.Policy { options := a.currentOptions.Load() for _, p := range options.GetAllPolicies() { if p.Matches(requestURL) { return &p } } return nil }",True,Go,getMatchingPolicy,grpc.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2023-05-26 13:34:21-07:00,"Merge pull request from GHSA-pvrc-wvj2-f59p

* authorize: use route id from envoy for policy evaluation

* authorize: normalize URL query params

* config: enable envoy normalize_path option

* fix tests

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2023-33189,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2582,"func (a *Authorize) getEvaluatorRequestFromCheckRequest( in *envoy_service_auth_v3.CheckRequest, sessionState *sessions.State, ) (*evaluator.Request, error) { requestURL := getCheckRequestURL(in) req := &evaluator.Request{ HTTP: evaluator.NewRequestHTTP( in.GetAttributes().GetRequest().GetHttp().GetMethod(), requestURL, getCheckRequestHeaders(in), getPeerCertificate(in), in.GetAttributes().GetSource().GetAddress().GetSocketAddress().GetAddress(), ), } if sessionState != nil { req.Session = evaluator.RequestSession{ ID: sessionState.ID, } } req.Policy = a.getMatchingPolicy(requestURL) return req, nil }",True,Go,getEvaluatorRequestFromCheckRequest,grpc.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2023-05-26 13:34:21-07:00,"Merge pull request from GHSA-pvrc-wvj2-f59p

* authorize: use route id from envoy for policy evaluation

* authorize: normalize URL query params

* config: enable envoy normalize_path option

* fix tests

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2023-33189,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2585,"func init() { disableExtAuthz = marshalAny(&envoy_extensions_filters_http_ext_authz_v3.ExtAuthzPerRoute{ Override: &envoy_extensions_filters_http_ext_authz_v3.ExtAuthzPerRoute_Disabled{ Disabled: true, }, }) }",True,Go,init,listeners.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2023-05-26 13:34:21-07:00,"Merge pull request from GHSA-pvrc-wvj2-f59p

* authorize: use route id from envoy for policy evaluation

* authorize: normalize URL query params

* config: enable envoy normalize_path option

* fix tests

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2023-33189,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2592,"func TestBuilder_buildMainRouteConfiguration(t *testing.T) { t.Parallel() ctx := context.Background() cfg := &config.Config{Options: &config.Options{ CookieName: ""pomerium"", DefaultUpstreamTimeout: time.Second * 3, SharedKey: cryptutil.NewBase64Key(), Services: ""proxy"", Policies: []config.Policy{ { From: ""https: }, }, }} b := New(""grpc"", ""http"", ""metrics"", filemgr.NewManager(), nil) routeConfiguration, err := b.buildMainRouteConfiguration(ctx, cfg) assert.NoError(t, err) testutil.AssertProtoJSONEqual(t, `{ ""name"": ""main"", ""validateClusters"": false, ""virtualHosts"": [ { ""name"": ""catch-all"", ""domains"": [""*""], ""routes"": [ `+protojson.Format(b.buildControlPlanePathRoute(cfg.Options, ""/.pomerium/jwt"", true, false))+`, `+protojson.Format(b.buildControlPlanePathRoute(cfg.Options, ""/.pomerium/webauthn"", true, false))+`, `+protojson.Format(b.buildControlPlanePathRoute(cfg.Options, ""/ping"", false, false))+`, `+protojson.Format(b.buildControlPlanePathRoute(cfg.Options, ""/healthz"", false, false))+`, `+protojson.Format(b.buildControlPlanePathRoute(cfg.Options, ""/.pomerium"", false, false))+`, `+protojson.Format(b.buildControlPlanePrefixRoute(cfg.Options, ""/.pomerium/"", false, false))+`, `+protojson.Format(b.buildControlPlanePathRoute(cfg.Options, ""/.well-known/pomerium"", false, false))+`, `+protojson.Format(b.buildControlPlanePrefixRoute(cfg.Options, ""/.well-known/pomerium/"", false, false))+`, `+protojson.Format(b.buildControlPlanePathRoute(cfg.Options, ""/robots.txt"", false, false))+`, { ""name"": ""policy-0"", ""match"": { ""headers"": [ { ""name"": "":authority"", ""stringMatch"": { ""safeRegex"": { ""regex"": ""^(.*)\\.example\\.com$"" } }} ], ""prefix"": ""/"" }, ""metadata"": { ""filterMetadata"": { ""envoy.filters.http.lua"": { ""remove_impersonate_headers"": false, ""remove_pomerium_authorization"": true, ""remove_pomerium_cookie"": ""pomerium"", ""rewrite_response_headers"": [] } } }, ""requestHeadersToRemove"": [ ""x-pomerium-jwt-assertion"", ""x-pomerium-jwt-assertion-for"", ""x-pomerium-reproxy-policy"", ""x-pomerium-reproxy-policy-hmac"" ], ""responseHeadersToAdd"": [ { ""appendAction"": ""OVERWRITE_IF_EXISTS_OR_ADD"", ""header"": { ""key"": ""X-Frame-Options"", ""value"": ""SAMEORIGIN"" } }, { ""appendAction"": ""OVERWRITE_IF_EXISTS_OR_ADD"", ""header"": { ""key"": ""X-XSS-Protection"", ""value"": ""1; mode=block"" } } ], ""route"": { ""autoHostRewrite"": true, ""cluster"": ""route-0"", ""hashPolicy"": [ { ""header"": { ""headerName"": ""x-pomerium-routing-key"" }, ""terminal"": true }, { ""connectionProperties"": { ""sourceIp"": true }, ""terminal"": true } ], ""timeout"": ""3s"", ""upgradeConfigs"": [ { ""enabled"": false, ""upgradeType"": ""websocket"" }, { ""enabled"": false, ""upgradeType"": ""spdy/3.1"" } ] } }, { ""name"": ""policy-0"", ""match"": { ""headers"": [ { ""name"": "":authority"", ""stringMatch"": { ""safeRegex"": { ""regex"": ""^(.*)\\.example\\.com:443$"" } }} ], ""prefix"": ""/"" }, ""metadata"": { ""filterMetadata"": { ""envoy.filters.http.lua"": { ""remove_impersonate_headers"": false, ""remove_pomerium_authorization"": true, ""remove_pomerium_cookie"": ""pomerium"", ""rewrite_response_headers"": [] } } }, ""requestHeadersToRemove"": [ ""x-pomerium-jwt-assertion"", ""x-pomerium-jwt-assertion-for"", ""x-pomerium-reproxy-policy"", ""x-pomerium-reproxy-policy-hmac"" ], ""responseHeadersToAdd"": [ { ""appendAction"": ""OVERWRITE_IF_EXISTS_OR_ADD"", ""header"": { ""key"": ""X-Frame-Options"", ""value"": ""SAMEORIGIN"" } }, { ""appendAction"": ""OVERWRITE_IF_EXISTS_OR_ADD"", ""header"": { ""key"": ""X-XSS-Protection"", ""value"": ""1; mode=block"" } } ], ""route"": { ""autoHostRewrite"": true, ""cluster"": ""route-0"", ""hashPolicy"": [ { ""header"": { ""headerName"": ""x-pomerium-routing-key"" }, ""terminal"": true }, { ""connectionProperties"": { ""sourceIp"": true }, ""terminal"": true } ], ""timeout"": ""3s"", ""upgradeConfigs"": [ { ""enabled"": false, ""upgradeType"": ""websocket"" }, { ""enabled"": false, ""upgradeType"": ""spdy/3.1"" } ] } } ] } ] }`, routeConfiguration) }",True,Go,TestBuilder_buildMainRouteConfiguration,route_configurations_test.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2023-05-26 13:34:21-07:00,"Merge pull request from GHSA-pvrc-wvj2-f59p

* authorize: use route id from envoy for policy evaluation

* authorize: normalize URL query params

* config: enable envoy normalize_path option

* fix tests

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2023-33189,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2593,"func (b *Builder) buildPomeriumAuthenticateHTTPRoutes( options *config.Options, host string, requireStrictTransportSecurity bool, ) ([]*envoy_config_route_v3.Route, error) { if !config.IsAuthenticate(options.Services) { return nil, nil } for _, fn := range []func() (*url.URL, error){ options.GetAuthenticateURL, options.GetInternalAuthenticateURL, } { u, err := fn() if err != nil { return nil, err } if urlMatchesHost(u, host) { return []*envoy_config_route_v3.Route{ b.buildControlPlanePathRoute(options, options.AuthenticateCallbackPath, false, requireStrictTransportSecurity), b.buildControlPlanePathRoute(options, ""/"", false, requireStrictTransportSecurity), }, nil } } return nil, nil }",True,Go,buildPomeriumAuthenticateHTTPRoutes,routes.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2023-05-26 13:34:21-07:00,"Merge pull request from GHSA-pvrc-wvj2-f59p

* authorize: use route id from envoy for policy evaluation

* authorize: normalize URL query params

* config: enable envoy normalize_path option

* fix tests

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2023-33189,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2600,"func (b *Builder) buildPomeriumHTTPRoutes( options *config.Options, host string, requireStrictTransportSecurity bool, ) ([]*envoy_config_route_v3.Route, error) { var routes []*envoy_config_route_v3.Route isFrontingAuthenticate, err := isProxyFrontingAuthenticate(options, host) if err != nil { return nil, err } if !isFrontingAuthenticate { routes = append(routes, b.buildControlPlanePathRoute(options, ""/.pomerium/jwt"", true, requireStrictTransportSecurity), b.buildControlPlanePathRoute(options, urlutil.WebAuthnURLPath, true, requireStrictTransportSecurity), b.buildControlPlanePathRoute(options, ""/ping"", false, requireStrictTransportSecurity), b.buildControlPlanePathRoute(options, ""/healthz"", false, requireStrictTransportSecurity), b.buildControlPlanePathRoute(options, ""/.pomerium"", false, requireStrictTransportSecurity), b.buildControlPlanePrefixRoute(options, ""/.pomerium/"", false, requireStrictTransportSecurity), b.buildControlPlanePathRoute(options, ""/.well-known/pomerium"", false, requireStrictTransportSecurity), b.buildControlPlanePrefixRoute(options, ""/.well-known/pomerium/"", false, requireStrictTransportSecurity), ) if !hasPublicPolicyMatchingURL(options, url.URL{Scheme: ""https"", Host: host, Path: ""/robots.txt""}) { routes = append(routes, b.buildControlPlanePathRoute(options, ""/robots.txt"", false, requireStrictTransportSecurity)) } } authRoutes, err := b.buildPomeriumAuthenticateHTTPRoutes(options, host, requireStrictTransportSecurity) if err != nil { return nil, err } routes = append(routes, authRoutes...) return routes, nil }",True,Go,buildPomeriumHTTPRoutes,routes.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2023-05-26 13:34:21-07:00,"Merge pull request from GHSA-pvrc-wvj2-f59p

* authorize: use route id from envoy for policy evaluation

* authorize: normalize URL query params

* config: enable envoy normalize_path option

* fix tests

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2023-33189,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2605,"func Test_buildControlPlanePrefixRoute(t *testing.T) { options := config.NewDefaultOptions() b := &Builder{filemgr: filemgr.NewManager()} route := b.buildControlPlanePrefixRoute(options, ""/hello/world/"", false, false) testutil.AssertProtoJSONEqual(t, ` { ""name"": ""pomerium-prefix-/hello/world/"", ""match"": { ""prefix"": ""/hello/world/"" }, ""responseHeadersToAdd"": [ { ""appendAction"": ""OVERWRITE_IF_EXISTS_OR_ADD"", ""header"": { ""key"": ""X-Frame-Options"", ""value"": ""SAMEORIGIN"" } }, { ""appendAction"": ""OVERWRITE_IF_EXISTS_OR_ADD"", ""header"": { ""key"": ""X-XSS-Protection"", ""value"": ""1; mode=block"" } } ], ""route"": { ""cluster"": ""pomerium-control-plane-http"" }, ""typedPerFilterConfig"": { ""envoy.filters.http.ext_authz"": { ""@type"": ""type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute"", ""disabled"": true } } } `, route) }",True,Go,Test_buildControlPlanePrefixRoute,routes_test.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2023-05-26 13:34:21-07:00,"Merge pull request from GHSA-pvrc-wvj2-f59p

* authorize: use route id from envoy for policy evaluation

* authorize: normalize URL query params

* config: enable envoy normalize_path option

* fix tests

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2023-33189,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2606,"func Test_buildControlPlanePathRoute(t *testing.T) { options := config.NewDefaultOptions() b := &Builder{filemgr: filemgr.NewManager()} route := b.buildControlPlanePathRoute(options, ""/hello/world"", false, false) testutil.AssertProtoJSONEqual(t, ` { ""name"": ""pomerium-path-/hello/world"", ""match"": { ""path"": ""/hello/world"" }, ""responseHeadersToAdd"": [ { ""appendAction"": ""OVERWRITE_IF_EXISTS_OR_ADD"", ""header"": { ""key"": ""X-Frame-Options"", ""value"": ""SAMEORIGIN"" } }, { ""appendAction"": ""OVERWRITE_IF_EXISTS_OR_ADD"", ""header"": { ""key"": ""X-XSS-Protection"", ""value"": ""1; mode=block"" } } ], ""route"": { ""cluster"": ""pomerium-control-plane-http"" }, ""typedPerFilterConfig"": { ""envoy.filters.http.ext_authz"": { ""@type"": ""type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute"", ""disabled"": true } } } `, route) }",True,Go,Test_buildControlPlanePathRoute,routes_test.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2023-05-26 13:34:21-07:00,"Merge pull request from GHSA-pvrc-wvj2-f59p

* authorize: use route id from envoy for policy evaluation

* authorize: normalize URL query params

* config: enable envoy normalize_path option

* fix tests

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2023-33189,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2607,"func (p *Policy) ToPPL() *parser.Policy { ppl := &parser.Policy{} allowRule := parser.Rule{Action: parser.ActionAllow} allowRule.Or = append(allowRule.Or, parser.Criterion{ Name: ""pomerium_routes"", }) if p.AllowPublicUnauthenticatedAccess { allowRule.Or = append(allowRule.Or, parser.Criterion{ Name: ""accept"", Data: parser.Boolean(true), }) } if p.CORSAllowPreflight { allowRule.Or = append(allowRule.Or, parser.Criterion{ Name: ""cors_preflight"", Data: parser.Boolean(true), }) } if p.AllowAnyAuthenticatedUser { allowRule.Or = append(allowRule.Or, parser.Criterion{ Name: ""authenticated_user"", Data: parser.Boolean(true), }) } for _, ad := range p.AllAllowedDomains() { allowRule.Or = append(allowRule.Or, parser.Criterion{ Name: ""domain"", Data: parser.Object{ ""is"": parser.String(ad), }, }) } for _, aic := range p.AllAllowedIDPClaims() { var ks []string for k := range aic { ks = append(ks, k) } sort.Strings(ks) for _, k := range ks { for _, v := range aic[k] { bs, _ := json.Marshal(v) data, _ := parser.ParseValue(bytes.NewReader(bs)) allowRule.Or = append(allowRule.Or, parser.Criterion{ Name: ""claim"", SubPath: k, Data: data, }) } } } for _, au := range p.AllAllowedUsers() { allowRule.Or = append(allowRule.Or, parser.Criterion{ Name: ""user"", Data: parser.Object{ ""is"": parser.String(au), }, }, parser.Criterion{ Name: ""email"", Data: parser.Object{ ""is"": parser.String(au), }, }) } ppl.Rules = append(ppl.Rules, allowRule) denyRule := parser.Rule{Action: parser.ActionDeny} denyRule.Or = append(denyRule.Or, parser.Criterion{ Name: ""invalid_client_certificate"", }) ppl.Rules = append(ppl.Rules, denyRule) if p.Policy != nil && p.Policy.Policy != nil { ppl.Rules = append(ppl.Rules, p.Policy.Policy.Rules...) } return ppl }",True,Go,ToPPL,policy_ppl.go,https://github.com/pomerium/pomerium,pomerium,GitHub,2023-05-26 13:34:21-07:00,"Merge pull request from GHSA-pvrc-wvj2-f59p

* authorize: use route id from envoy for policy evaluation

* authorize: normalize URL query params

* config: enable envoy normalize_path option

* fix tests

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2023-33189,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2611,"func Handler(configFns ...func(*Config)) http.HandlerFunc { var once sync.Once config := &Config{ URL: ""doc.json"", DeepLinking: true, DocExpansion: ""list"", DomID: ""#swagger-ui"", } for _, configFn := range configFns { configFn(config) } t := template.New(""swagger_index.html"") index, _ := t.Parse(indexTempl) var re = regexp.MustCompile(`^(.*/)([^?].*)?[?|.]*$`) return func(w http.ResponseWriter, r *http.Request) { matches := re.FindStringSubmatch(r.RequestURI) path := matches[2] h := swaggerFiles.Handler once.Do(func() { h.Prefix = matches[1] }) switch filepath.Ext(path) { case "".html"": w.Header().Set(""Content-Type"", ""text/html; charset=utf-8"") case "".css"": w.Header().Set(""Content-Type"", ""text/css; charset=utf-8"") case "".js"": w.Header().Set(""Content-Type"", ""application/javascript"") case "".png"": w.Header().Set(""Content-Type"", ""image/png"") case "".json"": w.Header().Set(""Content-Type"", ""application/json; charset=utf-8"") } switch path { case ""index.html"": _ = index.Execute(w, config) case ""doc.json"": doc, err := swag.ReadDoc() if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } _, _ = w.Write([]byte(doc)) case """": http.Redirect(w, r, h.Prefix+""index.html"", 301) default: h.ServeHTTP(w, r) } } }",True,Go,Handler,swagger.go,https://github.com/swaggo/http-swagger,swaggo,GitHub,2022-04-16 09:23:47+03:00,fix: security improvement (#62),CWE-755,Improper Handling of Exceptional Conditions,The product does not handle or incorrectly handles an exceptional condition.,https://cwe.mitre.org/data/definitions/755.html,CVE-2022-24863,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2619,"func (builder gcmContentCipherBuilder) ContentCipherWithContext(ctx aws.Context) (ContentCipher, error) { var cd CipherData var err error if v, ok := builder.generator.(CipherDataGeneratorWithContext); ok { cd, err = v.GenerateCipherDataWithContext(ctx, gcmKeySize, gcmNonceSize) } else { cd, err = builder.generator.GenerateCipherData(gcmKeySize, gcmNonceSize) } if err != nil { return nil, err } return newAESGCMContentCipher(cd) }",True,Go,ContentCipherWithContext,aes_gcm_content_cipher.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2623,"func TestAES_GCM_NIST_gcmEncryptExtIV256_PTLen_408_Test_8(t *testing.T) { iv, _ := hex.DecodeString(""92f258071d79af3e63672285"") key, _ := hex.DecodeString(""595f259c55abe00ae07535ca5d9b09d6efb9f7e9abb64605c337acbd6b14fc7e"") plaintext, _ := hex.DecodeString(""a6fee33eb110a2d769bbc52b0f36969c287874f665681477a25fc4c48015c541fbe2394133ba490a34ee2dd67b898177849a91"") expected, _ := hex.DecodeString(""bbca4a9e09ae9690c0f6f8d405e53dccd666aa9c5fa13c8758bc30abe1ddd1bcce0d36a1eaaaaffef20cd3c5970b9673f8a65c26ccecb9976fd6ac9c2c0f372c52c821"") tag, _ := hex.DecodeString(""26ccecb9976fd6ac9c2c0f372c52c821"") aesgcmTest(t, iv, key, plaintext, expected, tag) }",True,Go,TestAES_GCM_NIST_gcmEncryptExtIV256_PTLen_408_Test_8,aes_gcm_test.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2624,"func TestAES_GCM_NIST_gcmEncryptExtIV256_PTLen_128_Test_0(t *testing.T) { iv, _ := hex.DecodeString(""0d18e06c7c725ac9e362e1ce"") key, _ := hex.DecodeString(""31bdadd96698c204aa9ce1448ea94ae1fb4a9a0b3c9d773b51bb1822666b8f22"") plaintext, _ := hex.DecodeString(""2db5168e932556f8089a0622981d017d"") expected, _ := hex.DecodeString(""fa4362189661d163fcd6a56d8bf0405ad636ac1bbedd5cc3ee727dc2ab4a9489"") tag, _ := hex.DecodeString(""d636ac1bbedd5cc3ee727dc2ab4a9489"") aesgcmTest(t, iv, key, plaintext, expected, tag) }",True,Go,TestAES_GCM_NIST_gcmEncryptExtIV256_PTLen_128_Test_0,aes_gcm_test.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2626,"func TestAES_GCM_NIST_gcmEncryptExtIV256_PTLen_256_Test_6(t *testing.T) { iv, _ := hex.DecodeString(""a291484c3de8bec6b47f525f"") key, _ := hex.DecodeString(""37f39137416bafde6f75022a7a527cc593b6000a83ff51ec04871a0ff5360e4e"") plaintext, _ := hex.DecodeString(""fafd94cede8b5a0730394bec68a8e77dba288d6ccaa8e1563a81d6e7ccc7fc97"") expected, _ := hex.DecodeString(""44dc868006b21d49284016565ffb3979cc4271d967628bf7cdaf86db888e92e501a2b578aa2f41ec6379a44a31cc019c"") tag, _ := hex.DecodeString(""01a2b578aa2f41ec6379a44a31cc019c"") aesgcmTest(t, iv, key, plaintext, expected, tag) }",True,Go,TestAES_GCM_NIST_gcmEncryptExtIV256_PTLen_256_Test_6,aes_gcm_test.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2631,"func aesgcmTest(t *testing.T, iv, key, plaintext, expected, tag []byte) { cd := CipherData{ Key: key, IV: iv, } gcm, err := newAESGCM(cd) if err != nil { t.Errorf(""expected no error, but received %v"", err) } cipherdata := gcm.Encrypt(bytes.NewReader(plaintext)) ciphertext, err := ioutil.ReadAll(cipherdata) if err != nil { t.Errorf(""expected no error, but received %v"", err) } etag := ciphertext[len(ciphertext)-16:] if !bytes.Equal(etag, tag) { t.Errorf(""expected tags to be equivalent"") } if !bytes.Equal(ciphertext, expected) { t.Errorf(""expected ciphertext to be equivalent"") } data := gcm.Decrypt(bytes.NewReader(ciphertext)) text, err := ioutil.ReadAll(data) if err != nil { t.Errorf(""expected no error, but received %v"", err) } if !bytes.Equal(plaintext, text) { t.Errorf(""expected ciphertext to be equivalent"") } }",True,Go,aesgcmTest,aes_gcm_test.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2634,"func (client *DecryptionClient) getPadder(cekAlg string) Padder { padder, ok := client.PadderRegistry[cekAlg] if !ok { padder, ok = client.PadderRegistry[cekAlg[strings.LastIndex(cekAlg, ""/"")+1:]] if !ok { return NoPadder } } return padder }",True,Go,getPadder,cipher_util.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2636,"func (client *DecryptionClient) contentCipherFromEnvelope(ctx aws.Context, env Envelope) (ContentCipher, error) { wrap, err := client.wrapFromEnvelope(env) if err != nil { return nil, err } return client.cekFromEnvelope(ctx, env, wrap) }",True,Go,contentCipherFromEnvelope,cipher_util.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2638,"func TestWrapFactoryErrorNoWrap(t *testing.T) { c := DecryptionClient{ WrapRegistry: map[string]WrapEntry{ KMSWrap: (kmsKeyHandler{ kms: kms.New(unit.Session), }).decryptHandler, }, CEKRegistry: map[string]CEKEntry{ AESGCMNoPadding: newAESGCMContentCipher, }, } env := Envelope{ WrapAlg: ""none"", MatDesc: `{""kms_cmk_id"":""""}`, } wrap, err := c.wrapFromEnvelope(env) if err == nil { t.Error(""expected error, but received none"") } if wrap != nil { t.Errorf(""expected nil wrap value, received %v"", wrap) } }",True,Go,TestWrapFactoryErrorNoWrap,cipher_util_test.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2639,"func TestCEKFactory(t *testing.T) { key, _ := hex.DecodeString(""31bdadd96698c204aa9ce1448ea94ae1fb4a9a0b3c9d773b51bb1822666b8f22"") keyB64 := base64.URLEncoding.EncodeToString(key) ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { fmt.Fprintln(w, fmt.Sprintf(""%s%s%s"", `{""KeyId"":""test-key-id"",""Plaintext"":""`, keyB64, `""}`)) })) defer ts.Close() sess := unit.Session.Copy(&aws.Config{ MaxRetries: aws.Int(0), Endpoint: aws.String(ts.URL), DisableSSL: aws.Bool(true), S3ForcePathStyle: aws.Bool(true), Region: aws.String(""us-west-2""), }) c := DecryptionClient{ WrapRegistry: map[string]WrapEntry{ KMSWrap: (kmsKeyHandler{ kms: kms.New(sess), }).decryptHandler, }, CEKRegistry: map[string]CEKEntry{ AESGCMNoPadding: newAESGCMContentCipher, }, PadderRegistry: map[string]Padder{ NoPadder.Name(): NoPadder, }, } iv, err := hex.DecodeString(""0d18e06c7c725ac9e362e1ce"") if err != nil { t.Errorf(""expected no error, but received %v"", err) } ivB64 := base64.URLEncoding.EncodeToString(iv) cipherKey, err := hex.DecodeString(""31bdadd96698c204aa9ce1448ea94ae1fb4a9a0b3c9d773b51bb1822666b8f22"") if err != nil { t.Errorf(""expected no error, but received %v"", err) } cipherKeyB64 := base64.URLEncoding.EncodeToString(cipherKey) env := Envelope{ WrapAlg: KMSWrap, CEKAlg: AESGCMNoPadding, CipherKey: cipherKeyB64, IV: ivB64, MatDesc: `{""kms_cmk_id"":""""}`, } wrap, err := c.wrapFromEnvelope(env) cek, err := c.cekFromEnvelope(aws.BackgroundContext(), env, wrap) if err != nil { t.Errorf(""expected no error, but received %v"", err) } if cek == nil { t.Errorf(""expected non-nil cek"") } }",True,Go,TestCEKFactory,cipher_util_test.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2644,"func TestCEKFactoryCustomEntry(t *testing.T) { key, _ := hex.DecodeString(""31bdadd96698c204aa9ce1448ea94ae1fb4a9a0b3c9d773b51bb1822666b8f22"") keyB64 := base64.URLEncoding.EncodeToString(key) ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { fmt.Fprintln(w, fmt.Sprintf(""%s%s%s"", `{""KeyId"":""test-key-id"",""Plaintext"":""`, keyB64, `""}`)) })) defer ts.Close() sess := unit.Session.Copy(&aws.Config{ MaxRetries: aws.Int(0), Endpoint: aws.String(ts.URL), DisableSSL: aws.Bool(true), S3ForcePathStyle: aws.Bool(true), Region: aws.String(""us-west-2""), }) c := DecryptionClient{ WrapRegistry: map[string]WrapEntry{ KMSWrap: (kmsKeyHandler{ kms: kms.New(sess), }).decryptHandler, }, CEKRegistry: map[string]CEKEntry{ ""custom"": newAESGCMContentCipher, }, PadderRegistry: map[string]Padder{}, } iv, err := hex.DecodeString(""0d18e06c7c725ac9e362e1ce"") if err != nil { t.Errorf(""expected no error, but received %v"", err) } ivB64 := base64.URLEncoding.EncodeToString(iv) cipherKey, err := hex.DecodeString(""31bdadd96698c204aa9ce1448ea94ae1fb4a9a0b3c9d773b51bb1822666b8f22"") if err != nil { t.Errorf(""expected no error, but received %v"", err) } cipherKeyB64 := base64.URLEncoding.EncodeToString(cipherKey) env := Envelope{ WrapAlg: KMSWrap, CEKAlg: ""custom"", CipherKey: cipherKeyB64, IV: ivB64, MatDesc: `{""kms_cmk_id"":""""}`, } wrap, err := c.wrapFromEnvelope(env) cek, err := c.cekFromEnvelope(aws.BackgroundContext(), env, wrap) if err != nil { t.Errorf(""expected no error, but received %v"", err) } if cek == nil { t.Errorf(""expected non-nil cek"") } }",True,Go,TestCEKFactoryCustomEntry,cipher_util_test.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2648,"func TestWrapFactory(t *testing.T) { c := DecryptionClient{ WrapRegistry: map[string]WrapEntry{ KMSWrap: (kmsKeyHandler{ kms: kms.New(unit.Session), }).decryptHandler, }, CEKRegistry: map[string]CEKEntry{ AESGCMNoPadding: newAESGCMContentCipher, }, } env := Envelope{ WrapAlg: KMSWrap, MatDesc: `{""kms_cmk_id"":""""}`, } wrap, err := c.wrapFromEnvelope(env) w, ok := wrap.(*kmsKeyHandler) if err != nil { t.Errorf(""expected no error, but received %v"", err) } if wrap == nil { t.Error(""expected non-nil value"") } if !ok { t.Errorf(""expected kmsKeyHandler, but received %v"", *w) } }",True,Go,TestWrapFactory,cipher_util_test.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2649,"func (c *DecryptionClient) GetObject(input *s3.GetObjectInput) (*s3.GetObjectOutput, error) { req, out := c.GetObjectRequest(input) return out, req.Send() }",True,Go,GetObject,decryption_client.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2654,"func (c *DecryptionClient) GetObjectRequest(input *s3.GetObjectInput) (*request.Request, *s3.GetObjectOutput) { req, out := c.S3Client.GetObjectRequest(input) req.Handlers.Unmarshal.PushBack(func(r *request.Request) { env, err := c.LoadStrategy.Load(r) if err != nil { r.Error = err out.Body.Close() return } cipher, err := c.contentCipherFromEnvelope(r.Context(), env) if err != nil { r.Error = err out.Body.Close() return } reader, err := cipher.DecryptContents(out.Body) if err != nil { r.Error = err out.Body.Close() return } out.Body = reader }) return req, out }",True,Go,GetObjectRequest,decryption_client.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2665,"func (c *EncryptionClient) PutObjectWithContext(ctx aws.Context, input *s3.PutObjectInput, opts ...request.Option) (*s3.PutObjectOutput, error) { req, out := c.PutObjectRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() }",True,Go,PutObjectWithContext,encryption_client.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2667,"func (c *EncryptionClient) PutObjectRequest(input *s3.PutObjectInput) (*request.Request, *s3.PutObjectOutput) { req, out := c.S3Client.PutObjectRequest(input) n, err := aws.SeekerLen(input.Body) if err != nil { req.Error = err return req, out } dst, err := getWriterStore(req, c.TempFolderPath, n >= c.MinFileSize) if err != nil { req.Error = err return req, out } req.Handlers.Build.PushFront(func(r *request.Request) { if err != nil { r.Error = err return } var encryptor ContentCipher if v, ok := c.ContentCipherBuilder.(ContentCipherBuilderWithContext); ok { encryptor, err = v.ContentCipherWithContext(r.Context()) } else { encryptor, err = c.ContentCipherBuilder.ContentCipher() } if err != nil { r.Error = err return } md5 := newMD5Reader(input.Body) sha := newSHA256Writer(dst) reader, err := encryptor.EncryptContents(md5) if err != nil { r.Error = err return } _, err = io.Copy(sha, reader) if err != nil { r.Error = err return } data := encryptor.GetCipherData() env, err := encodeMeta(md5, data) if err != nil { r.Error = err return } shaHex := hex.EncodeToString(sha.GetValue()) req.HTTPRequest.Header.Set(""X-Amz-Content-Sha256"", shaHex) dst.Seek(0, sdkio.SeekStart) input.Body = dst err = c.SaveStrategy.Save(env, r) r.Error = err }) return req, out }",True,Go,PutObjectRequest,encryption_client.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2668,"func (c *EncryptionClient) PutObject(input *s3.PutObjectInput) (*s3.PutObjectOutput, error) { req, out := c.PutObjectRequest(input) return out, req.Send() }",True,Go,PutObject,encryption_client.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2682,"func generateBytes(n int) []byte { b := make([]byte, n) rand.Read(b) return b }",True,Go,generateBytes,key_handler.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2684,"func TestGenerateBytes(t *testing.T) { b := generateBytes(5) if e, a := 5, len(b); e != a { t.Errorf(""expected %d, but received %d"", e, a) } b = generateBytes(0) if e, a := 0, len(b); e != a { t.Errorf(""expected %d, but received %d"", e, a) } b = generateBytes(1024) if e, a := 1024, len(b); e != a { t.Errorf(""expected %d, but received %d"", e, a) } }",True,Go,TestGenerateBytes,key_handler_test.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2691,"func NewKMSKeyGeneratorWithMatDesc(kmsClient kmsiface.KMSAPI, cmkID string, matdesc MaterialDescription) CipherDataGenerator { if matdesc == nil { matdesc = MaterialDescription{} } matdesc[""kms_cmk_id""] = &cmkID kp := &kmsKeyHandler{ kms: kmsClient, cmkID: &cmkID, } kp.CipherData.WrapAlgorithm = KMSWrap kp.CipherData.MaterialDescription = matdesc return kp }",True,Go,NewKMSKeyGeneratorWithMatDesc,kms_key_handler.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2715,"func (strat HeaderV2SaveStrategy) Save(env Envelope, req *request.Request) error { input := req.Params.(*s3.PutObjectInput) if input.Metadata == nil { input.Metadata = map[string]*string{} } input.Metadata[http.CanonicalHeaderKey(keyV2Header)] = &env.CipherKey input.Metadata[http.CanonicalHeaderKey(ivHeader)] = &env.IV input.Metadata[http.CanonicalHeaderKey(matDescHeader)] = &env.MatDesc input.Metadata[http.CanonicalHeaderKey(wrapAlgorithmHeader)] = &env.WrapAlg input.Metadata[http.CanonicalHeaderKey(cekAlgorithmHeader)] = &env.CEKAlg input.Metadata[http.CanonicalHeaderKey(unencryptedMD5Header)] = &env.UnencryptedMD5 input.Metadata[http.CanonicalHeaderKey(unencryptedContentLengthHeader)] = &env.UnencryptedContentLen if len(env.TagLen) > 0 { input.Metadata[http.CanonicalHeaderKey(tagLengthHeader)] = &env.TagLen } return nil }",True,Go,Save,strategy.go,https://github.com/aws/aws-sdk-go,aws,GitHub,2020-07-01 10:35:02-07:00,service/s3/s3crypto: V2 Client Release (#3403),CWE-326,Inadequate Encryption Strength,"The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",https://cwe.mitre.org/data/definitions/326.html,CVE-2022-2582,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2718,"func middleware(config Config) *server { if config.CredentialChecker == nil { log.Fatal(""github.com/ntbosscher/gobase/auth/authhttp.Middleware(config): config requires CredentialChecker"") } return &server{ perRequestFilter: config.PerRequestFilter, ignoreRoutesWithPrefixes: config.PublicRoutePrefixes, ignoreRoutes: config.IgnoreRoutes, authHandler: authHandler(&config), } }",True,Go,middleware,main.go,https://github.com/ntbosscher/gobase,ntbosscher,Nathan Bosscher,2020-11-05 16:49:43-05:00,fix race condition in httpauth where the incorrect handler could be called for some calls,CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2022-2583,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2724,"func DecodeBytes(na ipld.NodeAssembler, src []byte) error { remaining := src ma, err := na.BeginMap(2) if err != nil { return err } var links ipld.ListAssembler haveData := false haveLinks := false for { if len(remaining) == 0 { break } fieldNum, wireType, n := protowire.ConsumeTag(remaining) if n < 0 { return protowire.ParseError(n) } remaining = remaining[n:] if wireType != 2 { return fmt.Errorf(""protobuf: (PBNode) invalid wireType, expected 2, got %d"", wireType) } switch fieldNum { case 1: if haveData { return fmt.Errorf(""protobuf: (PBNode) duplicate Data section"") } chunk, n := protowire.ConsumeBytes(remaining) if n < 0 { return protowire.ParseError(n) } remaining = remaining[n:] if links != nil { if err := links.Finish(); err != nil { return err } links = nil } if err := ma.AssembleKey().AssignString(""Data""); err != nil { return err } if err := ma.AssembleValue().AssignBytes(chunk); err != nil { return err } haveData = true case 2: bytesLen, n := protowire.ConsumeVarint(remaining) if n < 0 { return protowire.ParseError(n) } remaining = remaining[n:] if links == nil { if haveLinks { return fmt.Errorf(""protobuf: (PBNode) duplicate Links section"") } if err := ma.AssembleKey().AssignString(""Links""); err != nil { return err } links, err = ma.AssembleValue().BeginList(0) if err != nil { return err } } curLink, err := links.AssembleValue().BeginMap(3) if err != nil { return err } if err := unmarshalLink(remaining[:bytesLen], curLink); err != nil { return err } remaining = remaining[bytesLen:] if err := curLink.Finish(); err != nil { return err } haveLinks = true default: return fmt.Errorf(""protobuf: (PBNode) invalid fieldNumber, expected 1 or 2, got %d"", fieldNum) } } if links != nil { if err := links.Finish(); err != nil { return err } } else if !haveLinks { if err := ma.AssembleKey().AssignString(""Links""); err != nil { return err } links, err := ma.AssembleValue().BeginList(0) if err != nil { return err } if err := links.Finish(); err != nil { return err } } return ma.Finish() }",True,Go,DecodeBytes,unmarshal.go,https://github.com/ipld/go-codec-dagpb,ipld,Rod Vagg,2022-03-16 20:11:00+11:00,fix: use protowire for Links bytes decoding,CWE-119,Improper Restriction of Operations within the Bounds of a Memory Buffer,"The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.",https://cwe.mitre.org/data/definitions/119.html,CVE-2022-2584,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2731,"func (service *Service) Send(message string, params *types.Params) error { if service.config.JSON { postURL := CreateAPIURLFromConfig(service.config) return doSend([]byte(message), postURL) } items, omitted := CreateItemsFromPlain(message, service.config.SplitLines) return service.sendItems(items, params, omitted) }",True,Go,Send,discord.go,https://github.com/containrrr/shoutrrr,containrrr,GitHub,2022-05-21 14:48:37+02:00,"fix(discord): message size fixes (#242)

* fix(discord): handle empty messages without panic
* fix: off by one error when partitioning messages
* test(discord): add tests for Send failures
* fix(discord): typo in meta message

Co-authored-by: Justin Steven <justin@justinsteven.com>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2022-25891,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2736,"func CreatePayloadFromItems(items []types.MessageItem, title string, colors [types.MessageLevelCount]uint, omitted int) (WebhookPayload, error) { metaCount := 1 if omitted < 1 && len(title) < 1 { metaCount = 0 } itemCount := util.Min(9, len(items)) embeds := make([]embedItem, metaCount, itemCount+metaCount) for _, item := range items { color := uint(0) if item.Level >= types.Unknown && int(item.Level) < len(colors) { color = colors[item.Level] } ei := embedItem{ Content: item.Text, Color: color, } if item.Level != types.Unknown { ei.Footer = &embedFooter{ Text: item.Level.String(), } } if !item.Timestamp.IsZero() { ei.Timestamp = item.Timestamp.UTC().Format(time.RFC3339) } embeds = append(embeds, ei) } embeds[0].Title = title if omitted > 0 { embeds[0].Footer = &embedFooter{ Text: fmt.Sprintf(""... (%v character(s) where omitted)"", omitted), } } return WebhookPayload{ Embeds: embeds, }, nil }",True,Go,CreatePayloadFromItems,discord_json.go,https://github.com/containrrr/shoutrrr,containrrr,GitHub,2022-05-21 14:48:37+02:00,"fix(discord): message size fixes (#242)

* fix(discord): handle empty messages without panic
* fix: off by one error when partitioning messages
* test(discord): add tests for Send failures
* fix(discord): typo in meta message

Co-authored-by: Justin Steven <justin@justinsteven.com>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2022-25891,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2741,"func (upsert SystemSettingUpsert) Validate() error { if upsert.Name == SystemSettingAllowSignUpName { value := false err := json.Unmarshal([]byte(upsert.Value), &value) if err != nil { return fmt.Errorf(""failed to unmarshal system setting allow signup value"") } invalid := true for _, v := range SystemSettingAllowSignUpValue { if value == v { invalid = false break } } if invalid { return fmt.Errorf(""invalid system setting allow signup value"") } } else if upsert.Name == SystemSettingAdditionalStyleName { value := """" err := json.Unmarshal([]byte(upsert.Value), &value) if err != nil { return fmt.Errorf(""failed to unmarshal system setting additional style value"") } } else if upsert.Name == SystemSettingAdditionalScriptName { value := """" err := json.Unmarshal([]byte(upsert.Value), &value) if err != nil { return fmt.Errorf(""failed to unmarshal system setting additional script value"") } } else if upsert.Name == SystemSettingCustomizedProfileName { value := CustomizedProfile{ Name: ""memos"", IconURL: """", ExternalURL: """", } err := json.Unmarshal([]byte(upsert.Value), &value) if err != nil { return fmt.Errorf(""failed to unmarshal system setting customized profile value"") } } else { return fmt.Errorf(""invalid system setting name"") } return nil }",True,Go,Validate,system_setting.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-22 19:48:44+08:00,feat: customize system profile (#828),CWE-311,Missing Encryption of Sensitive Data,The product does not encrypt sensitive or critical information before storage or transmission.,https://cwe.mitre.org/data/definitions/311.html,CVE-2022-4683,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2743,"func (upsert UserSettingUpsert) Validate() error { if upsert.Key == UserSettingLocaleKey { localeValue := ""en"" err := json.Unmarshal([]byte(upsert.Value), &localeValue) if err != nil { return fmt.Errorf(""failed to unmarshal user setting locale value"") } invalid := true for _, value := range UserSettingLocaleValue { if localeValue == value { invalid = false break } } if invalid { return fmt.Errorf(""invalid user setting locale value"") } } else if upsert.Key == UserSettingAppearanceKey { appearanceValue := ""light"" err := json.Unmarshal([]byte(upsert.Value), &appearanceValue) if err != nil { return fmt.Errorf(""failed to unmarshal user setting appearance value"") } invalid := true for _, value := range UserSettingAppearanceValue { if appearanceValue == value { invalid = false break } } if invalid { return fmt.Errorf(""invalid user setting appearance value"") } } else if upsert.Key == UserSettingMemoVisibilityKey { memoVisibilityValue := Private err := json.Unmarshal([]byte(upsert.Value), &memoVisibilityValue) if err != nil { return fmt.Errorf(""failed to unmarshal user setting memo visibility value"") } invalid := true for _, value := range UserSettingMemoVisibilityValue { if memoVisibilityValue == value { invalid = false break } } if invalid { return fmt.Errorf(""invalid user setting memo visibility value"") } } else if upsert.Key == UserSettingMemoDisplayTsOptionKey { memoDisplayTsOption := ""created_ts"" err := json.Unmarshal([]byte(upsert.Value), &memoDisplayTsOption) if err != nil { return fmt.Errorf(""failed to unmarshal user setting memo display ts option"") } invalid := true for _, value := range UserSettingMemoDisplayTsOptionKeyValue { if memoDisplayTsOption == value { invalid = false break } } if invalid { return fmt.Errorf(""invalid user setting memo display ts option value"") } } else { return fmt.Errorf(""invalid user setting key"") } return nil }",True,Go,Validate,user_setting.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-22 19:48:44+08:00,feat: customize system profile (#828),CWE-311,Missing Encryption of Sensitive Data,The product does not encrypt sensitive or critical information before storage or transmission.,https://cwe.mitre.org/data/definitions/311.html,CVE-2022-4683,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2747,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-648,Incorrect Use of Privileged APIs,The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.,https://cwe.mitre.org/data/definitions/648.html,CVE-2022-4796,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2748,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2022-4797,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2749,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4798,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2750,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4799,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2751,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-940,Improper Verification of Source of a Communication Channel,"The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.",https://cwe.mitre.org/data/definitions/940.html,CVE-2022-4800,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2753,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4802,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2757,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4806,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2759,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-4808,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2760,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-284,Improper Access Control,The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.,https://cwe.mitre.org/data/definitions/284.html,CVE-2022-4809,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2761,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-284,Improper Access Control,The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.,https://cwe.mitre.org/data/definitions/284.html,CVE-2022-4810,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2762,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4811,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2763,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4812,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2766,"g.POST(""/memo"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } memoCreate := &api.MemoCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post memo request"").SetInternal(err) } if memoCreate.Content == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Memo content shouldn't be empty"") } if memoCreate.Visibility == """" { userSettingMemoVisibilityKey := api.UserSettingMemoVisibilityKey userMemoVisibilitySetting, err := s.Store.FindUserSetting(ctx, &api.UserSettingFind{ UserID: userID, Key: &userSettingMemoVisibilityKey, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user setting"").SetInternal(err) } if userMemoVisibilitySetting != nil { memoVisibility := api.Private err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to unmarshal user setting value"").SetInternal(err) } memoCreate.Visibility = memoVisibility } else { memoCreate.Visibility = api.Private } } memo, err := s.Store.CreateMemo(ctx, memoCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create memo"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""memo created"", }) for _, resourceID := range memoCreate.ResourceIDList { if _, err := s.Store.UpsertMemoResource(ctx, &api.MemoResourceUpsert{ MemoID: memo.ID, ResourceID: resourceID, }); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert memo resource"").SetInternal(err) } } memo, err = s.Store.ComposeMemo(ctx, memo) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to compose memo"").SetInternal(err) } c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode memo response"").SetInternal(err) } return nil })",True,Go,error,memo.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-229,Improper Handling of Values,"The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.",https://cwe.mitre.org/data/definitions/229.html,CVE-2022-4851,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2811,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2022-4797,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2812,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4798,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2813,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4799,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2814,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-940,Improper Verification of Source of a Communication Channel,"The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.",https://cwe.mitre.org/data/definitions/940.html,CVE-2022-4800,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2815,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-1220,Insufficient Granularity of Access Control,"The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.",https://cwe.mitre.org/data/definitions/1220.html,CVE-2022-4801,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2817,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4803,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2818,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-285,Improper Authorization,The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/285.html,CVE-2022-4804,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2819,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-648,Incorrect Use of Privileged APIs,The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.,https://cwe.mitre.org/data/definitions/648.html,CVE-2022-4805,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2820,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4806,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2822,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-4808,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2824,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-284,Improper Access Control,The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.,https://cwe.mitre.org/data/definitions/284.html,CVE-2022-4810,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2826,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4812,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2827,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-1220,Insufficient Granularity of Access Control,"The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.",https://cwe.mitre.org/data/definitions/1220.html,CVE-2022-4813,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2828,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-284,Improper Access Control,The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.,https://cwe.mitre.org/data/definitions/284.html,CVE-2022-4814,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2829,"g.POST(""/resource"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } if err := c.Request().ParseMultipartForm(maxFileSize); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file overload max size"").SetInternal(err) } file, err := c.FormFile(""file"") if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to get uploading file"").SetInternal(err) } if file == nil { return echo.NewHTTPError(http.StatusBadRequest, ""Upload file not found"").SetInternal(err) } filename := file.Filename filetype := file.Header.Get(""Content-Type"") size := file.Size src, err := file.Open() if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to open file"").SetInternal(err) } defer src.Close() fileBytes, err := io.ReadAll(src) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to read file"").SetInternal(err) } resourceCreate := &api.ResourceCreate{ Filename: filename, Type: filetype, Size: size, Blob: fileBytes, CreatorID: userID, } resource, err := s.Store.CreateResource(ctx, resourceCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create resource"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""resource created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode resource response"").SetInternal(err) } return nil })",True,Go,error,resource.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-229,Improper Handling of Values,"The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.",https://cwe.mitre.org/data/definitions/229.html,CVE-2022-4851,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2853,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2022-4797,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2854,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4798,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2856,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-940,Improper Verification of Source of a Communication Channel,"The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.",https://cwe.mitre.org/data/definitions/940.html,CVE-2022-4800,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2857,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-1220,Insufficient Granularity of Access Control,"The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.",https://cwe.mitre.org/data/definitions/1220.html,CVE-2022-4801,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2858,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4802,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2859,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4803,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2860,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-285,Improper Authorization,The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/285.html,CVE-2022-4804,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2861,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-648,Incorrect Use of Privileged APIs,The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.,https://cwe.mitre.org/data/definitions/648.html,CVE-2022-4805,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2864,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-4808,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2866,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-284,Improper Access Control,The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.,https://cwe.mitre.org/data/definitions/284.html,CVE-2022-4810,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2868,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4812,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2870,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-284,Improper Access Control,The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.,https://cwe.mitre.org/data/definitions/284.html,CVE-2022-4814,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2872,"g.POST(""/shortcut"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } shortcutCreate := &api.ShortcutCreate{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(shortcutCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post shortcut request"").SetInternal(err) } shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create shortcut"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""shortcut created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(shortcut)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode shortcut response"").SetInternal(err) } return nil })",True,Go,error,shortcut.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-280,Improper Handling of Insufficient Permissions or Privileges ,The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.,https://cwe.mitre.org/data/definitions/280.html,CVE-2022-4863,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2874,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2022-4797,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2876,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4799,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2877,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-940,Improper Verification of Source of a Communication Channel,"The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.",https://cwe.mitre.org/data/definitions/940.html,CVE-2022-4800,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2878,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-1220,Insufficient Granularity of Access Control,"The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.",https://cwe.mitre.org/data/definitions/1220.html,CVE-2022-4801,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2879,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4802,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2880,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4803,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2881,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-285,Improper Authorization,The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/285.html,CVE-2022-4804,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2882,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-648,Incorrect Use of Privileged APIs,The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.,https://cwe.mitre.org/data/definitions/648.html,CVE-2022-4805,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2884,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-284,Improper Access Control,The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.,https://cwe.mitre.org/data/definitions/284.html,CVE-2022-4807,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2888,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4811,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2890,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-1220,Insufficient Granularity of Access Control,"The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.",https://cwe.mitre.org/data/definitions/1220.html,CVE-2022-4813,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2891,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-284,Improper Access Control,The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.,https://cwe.mitre.org/data/definitions/284.html,CVE-2022-4814,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2892,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-229,Improper Handling of Values,"The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.",https://cwe.mitre.org/data/definitions/229.html,CVE-2022-4851,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2893,"g.POST(""/tag"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing user in session"") } tagUpsert := &api.TagUpsert{ CreatorID: userID, } if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post tag request"").SetInternal(err) } if tagUpsert.Name == """" { return echo.NewHTTPError(http.StatusBadRequest, ""Tag name shouldn't be empty"") } tag, err := s.Store.UpsertTag(ctx, tagUpsert) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to upsert tag"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""tag created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tag.Name)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode tag response"").SetInternal(err) } return nil })",True,Go,error,tag.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-280,Improper Handling of Insufficient Permissions or Privileges ,The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.,https://cwe.mitre.org/data/definitions/280.html,CVE-2022-4863,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2915,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-648,Incorrect Use of Privileged APIs,The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.,https://cwe.mitre.org/data/definitions/648.html,CVE-2022-4796,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2918,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4799,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2921,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4802,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2922,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4803,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2923,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-285,Improper Authorization,The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/285.html,CVE-2022-4804,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2924,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-648,Incorrect Use of Privileged APIs,The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.,https://cwe.mitre.org/data/definitions/648.html,CVE-2022-4805,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2925,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4806,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2927,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-4808,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2928,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-284,Improper Access Control,The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.,https://cwe.mitre.org/data/definitions/284.html,CVE-2022-4809,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2929,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-284,Improper Access Control,The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.,https://cwe.mitre.org/data/definitions/284.html,CVE-2022-4810,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2930,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2022-4811,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2932,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-1220,Insufficient Granularity of Access Control,"The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.",https://cwe.mitre.org/data/definitions/1220.html,CVE-2022-4813,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2934,"g.POST(""/user"", func(c echo.Context) error { ctx := c.Request().Context() userID, ok := c.Get(getUserIDContextKey()).(int) if !ok { return echo.NewHTTPError(http.StatusUnauthorized, ""Missing auth session"") } currentUser, err := s.Store.FindUser(ctx, &api.UserFind{ ID: &userID, }) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to find user by id"").SetInternal(err) } if currentUser.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, ""Only Host user can create member."") } userCreate := &api.UserCreate{ OpenID: common.GenUUID(), } if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Malformatted post user request"").SetInternal(err) } if err := userCreate.Validate(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, ""Invalid user create format."").SetInternal(err) } passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to generate password hash"").SetInternal(err) } userCreate.PasswordHash = string(passwordHash) user, err := s.Store.CreateUser(ctx, userCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to create user"").SetInternal(err) } s.Collector.Collect(ctx, &metric.Metric{ Name: ""user created"", }) c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { return echo.NewHTTPError(http.StatusInternalServerError, ""Failed to encode user response"").SetInternal(err) } return nil })",True,Go,error,user.go,https://github.com/usememos/memos,usememos,GitHub,2022-12-28 20:22:52+08:00,fix: access control (#870),CWE-229,Improper Handling of Values,"The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.",https://cwe.mitre.org/data/definitions/229.html,CVE-2022-4851,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2968,"func GetSchemaVersion(version string) string { minorVersion := GetMinorVersion(version) return minorVersion + "".0"" }",True,Go,GetSchemaVersion,version.go,https://github.com/usememos/memos,usememos,GitHub,2023-01-07 10:51:34+08:00,chore: add skipper for secure (#913),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0108,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2969,"func GetSchemaVersion(version string) string { minorVersion := GetMinorVersion(version) return minorVersion + "".0"" }",True,Go,GetSchemaVersion,version.go,https://github.com/usememos/memos,usememos,GitHub,2023-01-07 10:51:34+08:00,chore: add skipper for secure (#913),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0110,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2970,"func GetSchemaVersion(version string) string { minorVersion := GetMinorVersion(version) return minorVersion + "".0"" }",True,Go,GetSchemaVersion,version.go,https://github.com/usememos/memos,usememos,GitHub,2023-01-07 10:51:34+08:00,chore: add skipper for secure (#913),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0111,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2971,"func GetSchemaVersion(version string) string { minorVersion := GetMinorVersion(version) return minorVersion + "".0"" }",True,Go,GetSchemaVersion,version.go,https://github.com/usememos/memos,usememos,GitHub,2023-01-07 10:51:34+08:00,chore: add skipper for secure (#913),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0112,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2981,"func (as *argoServer) newHTTPServer(ctx context.Context, port int, artifactServer *artifacts.ArtifactServer) *http.Server { endpoint := fmt.Sprintf(""localhost:%d"", port) mux := http.NewServeMux() httpServer := http.Server{ Addr: endpoint, Handler: accesslog.Interceptor(mux), TLSConfig: as.tlsConfig, } dialOpts := []grpc.DialOption{ grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(MaxGRPCMessageSize)), } if as.tlsConfig != nil { dialOpts = append(dialOpts, grpc.WithTransportCredentials(credentials.NewTLS(as.tlsConfig))) } else { dialOpts = append(dialOpts, grpc.WithTransportCredentials(insecure.NewCredentials())) } webhookInterceptor := webhook.Interceptor(as.clients.Kubernetes) gwMuxOpts := runtime.WithMarshalerOption(runtime.MIMEWildcard, new(json.JSONMarshaler)) gwmux := runtime.NewServeMux(gwMuxOpts, runtime.WithIncomingHeaderMatcher(func(key string) (string, bool) { return key, true }), runtime.WithProtoErrorHandler(runtime.DefaultHTTPProtoErrorHandler), ) mustRegisterGWHandler(infopkg.RegisterInfoServiceHandlerFromEndpoint, ctx, gwmux, endpoint, dialOpts) mustRegisterGWHandler(eventpkg.RegisterEventServiceHandlerFromEndpoint, ctx, gwmux, endpoint, dialOpts) mustRegisterGWHandler(eventsourcepkg.RegisterEventSourceServiceHandlerFromEndpoint, ctx, gwmux, endpoint, dialOpts) mustRegisterGWHandler(sensorpkg.RegisterSensorServiceHandlerFromEndpoint, ctx, gwmux, endpoint, dialOpts) mustRegisterGWHandler(pipelinepkg.RegisterPipelineServiceHandlerFromEndpoint, ctx, gwmux, endpoint, dialOpts) mustRegisterGWHandler(workflowpkg.RegisterWorkflowServiceHandlerFromEndpoint, ctx, gwmux, endpoint, dialOpts) mustRegisterGWHandler(workflowtemplatepkg.RegisterWorkflowTemplateServiceHandlerFromEndpoint, ctx, gwmux, endpoint, dialOpts) mustRegisterGWHandler(cronworkflowpkg.RegisterCronWorkflowServiceHandlerFromEndpoint, ctx, gwmux, endpoint, dialOpts) mustRegisterGWHandler(workflowarchivepkg.RegisterArchivedWorkflowServiceHandlerFromEndpoint, ctx, gwmux, endpoint, dialOpts) mustRegisterGWHandler(clusterwftemplatepkg.RegisterClusterWorkflowTemplateServiceHandlerFromEndpoint, ctx, gwmux, endpoint, dialOpts) mux.HandleFunc(""/api/"", func(w http.ResponseWriter, r *http.Request) { r.Header.Del(""Connection"") webhookInterceptor(w, r, gwmux) }) mux.HandleFunc(""/artifacts/"", artifactServer.GetOutputArtifact) mux.HandleFunc(""/input-artifacts/"", artifactServer.GetInputArtifact) mux.HandleFunc(""/artifacts-by-uid/"", artifactServer.GetOutputArtifactByUID) mux.HandleFunc(""/input-artifacts-by-uid/"", artifactServer.GetInputArtifactByUID) mux.HandleFunc(""/artifact-files/"", artifactServer.GetArtifactFile) mux.Handle(""/oauth2/redirect"", handlers.ProxyHeaders(http.HandlerFunc(as.oAuth2Service.HandleRedirect))) mux.Handle(""/oauth2/callback"", handlers.ProxyHeaders(http.HandlerFunc(as.oAuth2Service.HandleCallback))) mux.HandleFunc(""/metrics"", func(w http.ResponseWriter, r *http.Request) { if os.Getenv(""ARGO_SERVER_METRICS_AUTH"") != ""false"" { header := metadata.New(map[string]string{""authorization"": r.Header.Get(""Authorization"")}) ctx := metadata.NewIncomingContext(context.Background(), header) if _, err := as.gatekeeper.Context(ctx); err != nil { log.WithError(err).Error(""failed to authenticate /metrics endpoint"") w.WriteHeader(403) return } } promhttp.Handler().ServeHTTP(w, r) }) mux.HandleFunc(""/"", static.NewFilesServer(as.baseHRef, as.tlsConfig != nil && as.hsts, as.xframeOptions, as.accessControlAllowOrigin).ServerFiles) return &httpServer }",True,Go,newHTTPServer,argoserver.go,https://github.com/argoproj/argo-workflows,argoproj,GitHub,2022-05-03 17:52:48+00:00,"fix: Added artifact Content-Security-Policy (#8585)

Signed-off-by: Alex Collins <alex_collins@intuit.com>",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2022-29164,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2985,"func (c *Client) Update() (data.TargetFiles, error) { if err := c.UpdateRoots(); err != nil { if _, ok := err.(verify.ErrExpired); ok { return nil, ErrDecodeFailed{""root.json"", err} } return nil, err } timestampJSON, err := c.downloadMetaUnsafe(""timestamp.json"", defaultTimestampDownloadLimit) if err != nil { return nil, err } snapshotMeta, err := c.decodeTimestamp(timestampJSON) if err != nil { return nil, err } if err := c.local.SetMeta(""timestamp.json"", timestampJSON); err != nil { return nil, err } snapshotJSON, err := c.downloadMetaFromTimestamp(""snapshot.json"", snapshotMeta) if err != nil { return nil, err } snapshotMetas, err := c.decodeSnapshot(snapshotJSON) if err != nil { return nil, err } if err := c.local.SetMeta(""snapshot.json"", snapshotJSON); err != nil { return nil, err } var updatedTargets data.TargetFiles targetsMeta := snapshotMetas[""targets.json""] if !c.hasMetaFromSnapshot(""targets.json"", targetsMeta) { targetsJSON, err := c.downloadMetaFromSnapshot(""targets.json"", targetsMeta) if err != nil { return nil, err } updatedTargets, err = c.decodeTargets(targetsJSON) if err != nil { return nil, err } if err := c.local.SetMeta(""targets.json"", targetsJSON); err != nil { return nil, err } } return updatedTargets, nil }",True,Go,Update,client.go,https://github.com/theupdateframework/go-tuf,theupdateframework,GitHub,2022-05-05 16:49:25+01:00,"Merge pull request from GHSA-66x3-6cw3-v5gj

* Remove obsolete snapshot error check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Add a dedicated error for missing target metadata file

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Fix protection against metadata rollback attacks

The go-tuf client now loads any previously trusted metadata before
proceeding with the update process. This is mandatory for the
protection against rollback attacks. It also fixes the detailed order
of operations necessary to implement such protection.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Don't abort the update process if loading trusted metadata fails

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Update getLocalMeta so it tries loading every verified metadata file

If some of the metadata files fail to load, getLocalMeta will proceed
with trying to load the rest, but still return an error at the end,
if such occurred.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Revert the preliminary targets.json download check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Use current instead of old when addressing metadata

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Timestamp metadata do not require hashes and lenght being present

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: reload local meta based on the latest root

Clear the in-memory copy of the local metadata. The goal is to reload
and take into account only the metadata files that are verified by
the latest root. Otherwise, their content should be ignored.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: update client unit tests for cases where metadata is now invalidated

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: clarify the case where targets rollback verification will be skipped

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: update getLocalMeta() description

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: simplify getLocalMeta() so it wraps the inner error upon failure

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: remove unused ErrLoadLocalFailed error type

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: improve code layout for decodeSnapshot()

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>",CWE-354,Improper Validation of Integrity Check Value,"The product does not validate or incorrectly validates the integrity check values or ""checksums"" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.",https://cwe.mitre.org/data/definitions/354.html,CVE-2022-29173,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2987,"func (e ErrLatestSnapshot) Error() string { return fmt.Sprintf(""tuf: the local snapshot version (%d) is the latest"", e.Version) }",True,Go,Error,errors.go,https://github.com/theupdateframework/go-tuf,theupdateframework,GitHub,2022-05-05 16:49:25+01:00,"Merge pull request from GHSA-66x3-6cw3-v5gj

* Remove obsolete snapshot error check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Add a dedicated error for missing target metadata file

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Fix protection against metadata rollback attacks

The go-tuf client now loads any previously trusted metadata before
proceeding with the update process. This is mandatory for the
protection against rollback attacks. It also fixes the detailed order
of operations necessary to implement such protection.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Don't abort the update process if loading trusted metadata fails

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Update getLocalMeta so it tries loading every verified metadata file

If some of the metadata files fail to load, getLocalMeta will proceed
with trying to load the rest, but still return an error at the end,
if such occurred.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Revert the preliminary targets.json download check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Use current instead of old when addressing metadata

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Timestamp metadata do not require hashes and lenght being present

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: reload local meta based on the latest root

Clear the in-memory copy of the local metadata. The goal is to reload
and take into account only the metadata files that are verified by
the latest root. Otherwise, their content should be ignored.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: update client unit tests for cases where metadata is now invalidated

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: clarify the case where targets rollback verification will be skipped

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: update getLocalMeta() description

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: simplify getLocalMeta() so it wraps the inner error upon failure

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: remove unused ErrLoadLocalFailed error type

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: improve code layout for decodeSnapshot()

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>",CWE-354,Improper Validation of Integrity Check Value,"The product does not validate or incorrectly validates the integrity check values or ""checksums"" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.",https://cwe.mitre.org/data/definitions/354.html,CVE-2022-29173,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2989,"func cmdGet(args *docopt.Args, client *tuf.Client) error { if _, err := client.Update(); err != nil && !tuf.IsLatestSnapshot(err) { return err } target := util.NormalizeTarget(args.String[""<target>""]) file, err := ioutil.TempFile("""", ""go-tuf"") if err != nil { return err } tmp := tmpFile{file} if err := client.Download(target, &tmp); err != nil { return err } defer tmp.Delete() if _, err := tmp.Seek(0, io.SeekStart); err != nil { return err } _, err = io.Copy(os.Stdout, file) return err }",True,Go,cmdGet,get.go,https://github.com/theupdateframework/go-tuf,theupdateframework,GitHub,2022-05-05 16:49:25+01:00,"Merge pull request from GHSA-66x3-6cw3-v5gj

* Remove obsolete snapshot error check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Add a dedicated error for missing target metadata file

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Fix protection against metadata rollback attacks

The go-tuf client now loads any previously trusted metadata before
proceeding with the update process. This is mandatory for the
protection against rollback attacks. It also fixes the detailed order
of operations necessary to implement such protection.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Don't abort the update process if loading trusted metadata fails

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Update getLocalMeta so it tries loading every verified metadata file

If some of the metadata files fail to load, getLocalMeta will proceed
with trying to load the rest, but still return an error at the end,
if such occurred.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Revert the preliminary targets.json download check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Use current instead of old when addressing metadata

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Timestamp metadata do not require hashes and lenght being present

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: reload local meta based on the latest root

Clear the in-memory copy of the local metadata. The goal is to reload
and take into account only the metadata files that are verified by
the latest root. Otherwise, their content should be ignored.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: update client unit tests for cases where metadata is now invalidated

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: clarify the case where targets rollback verification will be skipped

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: update getLocalMeta() description

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: simplify getLocalMeta() so it wraps the inner error upon failure

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: remove unused ErrLoadLocalFailed error type

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: improve code layout for decodeSnapshot()

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>",CWE-354,Improper Validation of Integrity Check Value,"The product does not validate or incorrectly validates the integrity check values or ""checksums"" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.",https://cwe.mitre.org/data/definitions/354.html,CVE-2022-29173,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2991,"func cmdList(args *docopt.Args, client *tuf.Client) error { if _, err := client.Update(); err != nil && !tuf.IsLatestSnapshot(err) { return err } targets, err := client.Targets() if err != nil { return err } w := tabwriter.NewWriter(os.Stdout, 1, 2, 2, ' ', 0) defer w.Flush() fmt.Fprintln(w, ""PATH\tSIZE"") for path, meta := range targets { fmt.Fprintf(w, ""%s\t%s\n"", path, humanize.Bytes(uint64(meta.Length))) } return nil }",True,Go,cmdList,list.go,https://github.com/theupdateframework/go-tuf,theupdateframework,GitHub,2022-05-05 16:49:25+01:00,"Merge pull request from GHSA-66x3-6cw3-v5gj

* Remove obsolete snapshot error check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Add a dedicated error for missing target metadata file

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Fix protection against metadata rollback attacks

The go-tuf client now loads any previously trusted metadata before
proceeding with the update process. This is mandatory for the
protection against rollback attacks. It also fixes the detailed order
of operations necessary to implement such protection.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Don't abort the update process if loading trusted metadata fails

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Update getLocalMeta so it tries loading every verified metadata file

If some of the metadata files fail to load, getLocalMeta will proceed
with trying to load the rest, but still return an error at the end,
if such occurred.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Revert the preliminary targets.json download check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Use current instead of old when addressing metadata

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Timestamp metadata do not require hashes and lenght being present

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: reload local meta based on the latest root

Clear the in-memory copy of the local metadata. The goal is to reload
and take into account only the metadata files that are verified by
the latest root. Otherwise, their content should be ignored.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: update client unit tests for cases where metadata is now invalidated

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: clarify the case where targets rollback verification will be skipped

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: update getLocalMeta() description

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: simplify getLocalMeta() so it wraps the inner error upon failure

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: remove unused ErrLoadLocalFailed error type

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: improve code layout for decodeSnapshot()

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>",CWE-354,Improper Validation of Integrity Check Value,"The product does not validate or incorrectly validates the integrity check values or ""checksums"" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.",https://cwe.mitre.org/data/definitions/354.html,CVE-2022-29173,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2994,"func SnapshotFileMetaEqual(actual data.SnapshotFileMeta, expected data.SnapshotFileMeta) error { if expected.Length != 0 && actual.Length != expected.Length { return ErrWrongLength{expected.Length, actual.Length} } if len(expected.Hashes) != 0 { if err := hashEqual(actual.Hashes, expected.Hashes); err != nil { return err } } if err := versionEqual(actual.Version, expected.Version); err != nil { return err } return nil }",True,Go,SnapshotFileMetaEqual,util.go,https://github.com/theupdateframework/go-tuf,theupdateframework,GitHub,2022-05-05 16:49:25+01:00,"Merge pull request from GHSA-66x3-6cw3-v5gj

* Remove obsolete snapshot error check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Add a dedicated error for missing target metadata file

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Fix protection against metadata rollback attacks

The go-tuf client now loads any previously trusted metadata before
proceeding with the update process. This is mandatory for the
protection against rollback attacks. It also fixes the detailed order
of operations necessary to implement such protection.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Don't abort the update process if loading trusted metadata fails

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Update getLocalMeta so it tries loading every verified metadata file

If some of the metadata files fail to load, getLocalMeta will proceed
with trying to load the rest, but still return an error at the end,
if such occurred.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Revert the preliminary targets.json download check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Use current instead of old when addressing metadata

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Timestamp metadata do not require hashes and lenght being present

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: reload local meta based on the latest root

Clear the in-memory copy of the local metadata. The goal is to reload
and take into account only the metadata files that are verified by
the latest root. Otherwise, their content should be ignored.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: update client unit tests for cases where metadata is now invalidated

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: clarify the case where targets rollback verification will be skipped

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: update getLocalMeta() description

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: simplify getLocalMeta() so it wraps the inner error upon failure

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: remove unused ErrLoadLocalFailed error type

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: improve code layout for decodeSnapshot()

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>",CWE-354,Improper Validation of Integrity Check Value,"The product does not validate or incorrectly validates the integrity check values or ""checksums"" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.",https://cwe.mitre.org/data/definitions/354.html,CVE-2022-29173,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2995,"func TimestampFileMetaEqual(actual data.TimestampFileMeta, expected data.TimestampFileMeta) error { if err := FileMetaEqual(actual.FileMeta, expected.FileMeta); err != nil { return err } if err := versionEqual(actual.Version, expected.Version); err != nil { return err } return nil }",True,Go,TimestampFileMetaEqual,util.go,https://github.com/theupdateframework/go-tuf,theupdateframework,GitHub,2022-05-05 16:49:25+01:00,"Merge pull request from GHSA-66x3-6cw3-v5gj

* Remove obsolete snapshot error check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Add a dedicated error for missing target metadata file

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Fix protection against metadata rollback attacks

The go-tuf client now loads any previously trusted metadata before
proceeding with the update process. This is mandatory for the
protection against rollback attacks. It also fixes the detailed order
of operations necessary to implement such protection.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Don't abort the update process if loading trusted metadata fails

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Update getLocalMeta so it tries loading every verified metadata file

If some of the metadata files fail to load, getLocalMeta will proceed
with trying to load the rest, but still return an error at the end,
if such occurred.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Revert the preliminary targets.json download check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Use current instead of old when addressing metadata

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Timestamp metadata do not require hashes and lenght being present

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: reload local meta based on the latest root

Clear the in-memory copy of the local metadata. The goal is to reload
and take into account only the metadata files that are verified by
the latest root. Otherwise, their content should be ignored.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: update client unit tests for cases where metadata is now invalidated

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: clarify the case where targets rollback verification will be skipped

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: update getLocalMeta() description

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: simplify getLocalMeta() so it wraps the inner error upon failure

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: remove unused ErrLoadLocalFailed error type

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: improve code layout for decodeSnapshot()

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>",CWE-354,Improper Validation of Integrity Check Value,"The product does not validate or incorrectly validates the integrity check values or ""checksums"" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.",https://cwe.mitre.org/data/definitions/354.html,CVE-2022-29173,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
2997,"func (db *DB) Verify(s *data.Signed, role string, minVersion int64) error { err := db.VerifyIgnoreExpiredCheck(s, role, minVersion) if err != nil { return err } sm := &signedMeta{} if err := json.Unmarshal(s.Signed, sm); err != nil { return err } if IsExpired(sm.Expires) { return ErrExpired{sm.Expires} } return nil }",True,Go,Verify,verify.go,https://github.com/theupdateframework/go-tuf,theupdateframework,GitHub,2022-05-05 16:49:25+01:00,"Merge pull request from GHSA-66x3-6cw3-v5gj

* Remove obsolete snapshot error check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Add a dedicated error for missing target metadata file

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Fix protection against metadata rollback attacks

The go-tuf client now loads any previously trusted metadata before
proceeding with the update process. This is mandatory for the
protection against rollback attacks. It also fixes the detailed order
of operations necessary to implement such protection.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Don't abort the update process if loading trusted metadata fails

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Update getLocalMeta so it tries loading every verified metadata file

If some of the metadata files fail to load, getLocalMeta will proceed
with trying to load the rest, but still return an error at the end,
if such occurred.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Revert the preliminary targets.json download check

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Use current instead of old when addressing metadata

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* Timestamp metadata do not require hashes and lenght being present

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: reload local meta based on the latest root

Clear the in-memory copy of the local metadata. The goal is to reload
and take into account only the metadata files that are verified by
the latest root. Otherwise, their content should be ignored.

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* fix: update client unit tests for cases where metadata is now invalidated

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: clarify the case where targets rollback verification will be skipped

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: update getLocalMeta() description

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: simplify getLocalMeta() so it wraps the inner error upon failure

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: remove unused ErrLoadLocalFailed error type

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: improve code layout for decodeSnapshot()

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>",CWE-354,Improper Validation of Integrity Check Value,"The product does not validate or incorrectly validates the integrity check values or ""checksums"" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.",https://cwe.mitre.org/data/definitions/354.html,CVE-2022-29173,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3007,"func (u *SessionUtil) changeModeOfSudoersFile(log log.T) error { fileMode := os.FileMode(sudoersFileMode) if err := os.Chmod(sudoersFile, fileMode); err != nil { log.Errorf(""Failed to change mode of %s to %d: %v"", sudoersFile, sudoersFileMode, err) return err } log.Infof(""Successfully changed mode of %s to %d"", sudoersFile, sudoersFileMode) return nil }",True,Go,changeModeOfSudoersFile,utility_unix.go,https://github.com/aws/amazon-ssm-agent,aws,Michael McGovern,2022-04-05 19:09:56+00:00,"Create ssm-agent-users sudoer file with constrained file permission

cr: https://code.amazon.com/reviews/CR-67315538",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2022-29527,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3009,"func (u *SessionUtil) createSudoersFileIfNotPresent(log log.T) error { if _, err := os.Stat(sudoersFile); err == nil { log.Infof(""File %s already exists"", sudoersFile) _ = u.changeModeOfSudoersFile(log) return err } file, err := os.Create(sudoersFile) if err != nil { log.Errorf(""Failed to add %s to sudoers file: %v"", appconfig.DefaultRunAsUserName, err) return err } defer func() { if closeErr := file.Close(); closeErr != nil { log.Warnf(""error occurred while closing file, %v"", closeErr) } }() if _, err := file.WriteString(fmt.Sprintf(""# User rules for %s\n"", appconfig.DefaultRunAsUserName)); err != nil { return err } if _, err := file.WriteString(fmt.Sprintf(""%s ALL=(ALL) NOPASSWD:ALL\n"", appconfig.DefaultRunAsUserName)); err != nil { return err } log.Infof(""Successfully created file %s"", sudoersFile) _ = u.changeModeOfSudoersFile(log) return nil }",True,Go,createSudoersFileIfNotPresent,utility_unix.go,https://github.com/aws/amazon-ssm-agent,aws,Michael McGovern,2022-04-05 19:09:56+00:00,"Create ssm-agent-users sudoer file with constrained file permission

cr: https://code.amazon.com/reviews/CR-67315538",CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2022-29527,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3011,"func RedactURL(u *url.URL) string { if u == nil { return """" } ru := *u if _, has := ru.User.Password(); has { ru.User = url.UserPassword(ru.User.Username(), ""xxxxx"") } return ru.String() }",True,Go,RedactURL,url.go,https://github.com/hashicorp/go-getter,hashicorp,Guilherme Macedo,2022-01-03 11:22:04+01:00,"Redact SSH key from URL query parameter

Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>",CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2022-29810,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3015,"func (param *MySQLConnectParam) Connect() (*sql.DB, error) { db, err := ConnectMySQL(param.ToDSN()) if err != nil { return nil, errors.Trace(err) } return db, nil }",True,Go,Connect,util.go,https://github.com/pingcap/tidb,pingcap,GitHub,2022-10-19 10:27:52+08:00,*: don't use DSN to avoid some security problems (#38342),CWE-134,Use of Externally-Controlled Format String,"The product uses a function that accepts a format string as an argument, but the format string originates from an external source.",https://cwe.mitre.org/data/definitions/134.html,CVE-2022-3023,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3021,"func tryConnectMySQL(dsn string) (*sql.DB, error) { driverName := ""mysql"" failpoint.Inject(""MockMySQLDriver"", func(val failpoint.Value) { driverName = val.(string) }) db, err := sql.Open(driverName, dsn) if err != nil { return nil, errors.Trace(err) } if err = db.Ping(); err != nil { _ = db.Close() return nil, errors.Trace(err) } return db, nil }",True,Go,tryConnectMySQL,util.go,https://github.com/pingcap/tidb,pingcap,GitHub,2022-10-19 10:27:52+08:00,*: don't use DSN to avoid some security problems (#38342),CWE-134,Use of Externally-Controlled Format String,"The product uses a function that accepts a format string as an argument, but the format string originates from an external source.",https://cwe.mitre.org/data/definitions/134.html,CVE-2022-3023,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3023,func (c *mockConn) Close() error { return nil },True,Go,Close,util_test.go,https://github.com/pingcap/tidb,pingcap,GitHub,2022-10-19 10:27:52+08:00,*: don't use DSN to avoid some security problems (#38342),CWE-134,Use of Externally-Controlled Format String,"The product uses a function that accepts a format string as an argument, but the format string originates from an external source.",https://cwe.mitre.org/data/definitions/134.html,CVE-2022-3023,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3025,"func TestToDSN(t *testing.T) { param := common.MySQLConnectParam{ Host: ""127.0.0.1"", Port: 4000, User: ""root"", Password: ""123456"", SQLMode: ""strict"", MaxAllowedPacket: 1234, TLS: ""cluster"", Vars: map[string]string{ ""tidb_distsql_scan_concurrency"": ""1"", }, } require.Equal(t, ""root:123456@tcp(127.0.0.1:4000)/?charset=utf8mb4&sql_mode='strict'&maxAllowedPacket=1234&tls=cluster&tidb_distsql_scan_concurrency='1'"", param.ToDSN()) param.Host = ""::1"" require.Equal(t, ""root:123456@tcp([::1]:4000)/?charset=utf8mb4&sql_mode='strict'&maxAllowedPacket=1234&tls=cluster&tidb_distsql_scan_concurrency='1'"", param.ToDSN()) }",True,Go,TestToDSN,util_test.go,https://github.com/pingcap/tidb,pingcap,GitHub,2022-10-19 10:27:52+08:00,*: don't use DSN to avoid some security problems (#38342),CWE-134,Use of Externally-Controlled Format String,"The product uses a function that accepts a format string as an argument, but the format string originates from an external source.",https://cwe.mitre.org/data/definitions/134.html,CVE-2022-3023,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3026,"func (m *mockDriver) Open(dsn string) (driver.Conn, error) { cfg, err := mysql.ParseDSN(dsn) if err != nil { return nil, err } accessDenied := cfg.Passwd != m.plainPsw return &mockConn{accessDenied: accessDenied}, nil }",True,Go,Open,util_test.go,https://github.com/pingcap/tidb,pingcap,GitHub,2022-10-19 10:27:52+08:00,*: don't use DSN to avoid some security problems (#38342),CWE-134,Use of Externally-Controlled Format String,"The product uses a function that accepts a format string as an argument, but the format string originates from an external source.",https://cwe.mitre.org/data/definitions/134.html,CVE-2022-3023,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3028,"func TestConnect(t *testing.T) { plainPsw := ""dQAUoDiyb1ucWZk7"" driverName := ""mysql-mock-"" + strconv.Itoa(rand.Int()) sql.Register(driverName, &mockDriver{plainPsw: plainPsw}) require.NoError(t, failpoint.Enable( ""github.com/pingcap/tidb/br/pkg/lightning/common/MockMySQLDriver"", fmt.Sprintf(""return(\""%s\"")"", driverName))) defer func() { require.NoError(t, failpoint.Disable(""github.com/pingcap/tidb/br/pkg/lightning/common/MockMySQLDriver"")) }() param := common.MySQLConnectParam{ Host: ""127.0.0.1"", Port: 4000, User: ""root"", Password: plainPsw, SQLMode: ""strict"", MaxAllowedPacket: 1234, } db, err := param.Connect() require.NoError(t, err) require.NoError(t, db.Close()) param.Password = base64.StdEncoding.EncodeToString([]byte(plainPsw)) db, err = param.Connect() require.NoError(t, err) require.NoError(t, db.Close()) }",True,Go,TestConnect,util_test.go,https://github.com/pingcap/tidb,pingcap,GitHub,2022-10-19 10:27:52+08:00,*: don't use DSN to avoid some security problems (#38342),CWE-134,Use of Externally-Controlled Format String,"The product uses a function that accepts a format string as an argument, but the format string originates from an external source.",https://cwe.mitre.org/data/definitions/134.html,CVE-2022-3023,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3035,"func createDB(cfg DBConfig) (*sql.DB, error) { dbDSN := fmt.Sprintf(""%s:%s@tcp(%s:%d)/%s?charset=utf8"", cfg.User, cfg.Password, cfg.Host, cfg.Port, cfg.Name) db, err := sql.Open(""mysql"", dbDSN) if err != nil { return nil, errors.Trace(err) } return db, nil }",True,Go,createDB,db.go,https://github.com/pingcap/tidb,pingcap,GitHub,2022-10-19 10:27:52+08:00,*: don't use DSN to avoid some security problems (#38342),CWE-134,Use of Externally-Controlled Format String,"The product uses a function that accepts a format string as an argument, but the format string originates from an external source.",https://cwe.mitre.org/data/definitions/134.html,CVE-2022-3023,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3041,"func OpenDB(cfg DBConfig, vars map[string]string) (*sql.DB, error) { var dbDSN string if len(cfg.Snapshot) != 0 { log.Info(""create connection with snapshot"", zap.String(""snapshot"", cfg.Snapshot)) dbDSN = fmt.Sprintf(""%s:%s@tcp(%s:%d)/?charset=utf8mb4&tidb_snapshot=%s"", cfg.User, cfg.Password, cfg.Host, cfg.Port, cfg.Snapshot) } else { dbDSN = fmt.Sprintf(""%s:%s@tcp(%s:%d)/?charset=utf8mb4"", cfg.User, cfg.Password, cfg.Host, cfg.Port) } for key, val := range vars { dbDSN += fmt.Sprintf(""&%s=%%27%s%%27"", key, url.QueryEscape(val)) } dbConn, err := sql.Open(""mysql"", dbDSN) if err != nil { return nil, errors.Trace(err) } err = dbConn.Ping() return dbConn, errors.Trace(err) }",True,Go,OpenDB,common.go,https://github.com/pingcap/tidb,pingcap,GitHub,2022-10-19 10:27:52+08:00,*: don't use DSN to avoid some security problems (#38342),CWE-134,Use of Externally-Controlled Format String,"The product uses a function that accepts a format string as an argument, but the format string originates from an external source.",https://cwe.mitre.org/data/definitions/134.html,CVE-2022-3023,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3050,"func (r ResourceServer) ValidateAccessToken(ctx context.Context, expectedAudience, tokenStr string) (interfaces.IdentityContext, error) { raw, err := r.signatureVerifier.VerifySignature(ctx, tokenStr) if err != nil { return nil, err } claimsRaw := map[string]interface{}{} if err = json.Unmarshal(raw, &claimsRaw); err != nil { return nil, fmt.Errorf(""failed to unmarshal user info claim into UserInfo type. Error: %w"", err) } return verifyClaims(sets.NewString(append(r.allowedAudience, expectedAudience)...), claimsRaw) }",True,Go,ValidateAccessToken,resource_server.go,https://github.com/flyteorg/flyteadmin,flyteorg,GitHub,2022-07-13 10:37:06-07:00,"Merge pull request from GHSA-qwrj-9hmp-gpxh

* Fix claims verification for access tokens in external IdP setup

Signed-off-by: Haytham Abuelfutuh <haytham@afutuh.com>

* Add another test case for no signature

Signed-off-by: Haytham Abuelfutuh <haytham@afutuh.com>",CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-31145,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3053,"func TestResourceServer_ValidateAccessToken(t *testing.T) { r := newMockResourceServer(t) _, err := r.ValidateAccessToken(context.Background(), ""myserver"", sampleIDToken) assert.Error(t, err) }",True,Go,TestResourceServer_ValidateAccessToken,resource_server_test.go,https://github.com/flyteorg/flyteadmin,flyteorg,GitHub,2022-07-13 10:37:06-07:00,"Merge pull request from GHSA-qwrj-9hmp-gpxh

* Fix claims verification for access tokens in external IdP setup

Signed-off-by: Haytham Abuelfutuh <haytham@afutuh.com>

* Add another test case for no signature

Signed-off-by: Haytham Abuelfutuh <haytham@afutuh.com>",CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-31145,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3054,func TestNewOAuth2ResourceServer(t *testing.T) { newMockResourceServer(t) },True,Go,TestNewOAuth2ResourceServer,resource_server_test.go,https://github.com/flyteorg/flyteadmin,flyteorg,GitHub,2022-07-13 10:37:06-07:00,"Merge pull request from GHSA-qwrj-9hmp-gpxh

* Fix claims verification for access tokens in external IdP setup

Signed-off-by: Haytham Abuelfutuh <haytham@afutuh.com>

* Add another test case for no signature

Signed-off-by: Haytham Abuelfutuh <haytham@afutuh.com>",CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-31145,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3057,"func NewPowerLevelContentFromEvent(event *Event) (c PowerLevelContent, err error) { c.Defaults() var strict bool if strict, err = event.roomVersion.RequireIntegerPowerLevels(); err != nil { return } else if strict { if err = json.Unmarshal(event.Content(), &c); err != nil { err = errorf(""unparsable power_levels event content: %s"", err.Error()) return } } else { var content struct { InviteLevel levelJSONValue `json:""invite""` BanLevel levelJSONValue `json:""ban""` KickLevel levelJSONValue `json:""kick""` RedactLevel levelJSONValue `json:""redact""` UserLevels map[string]levelJSONValue `json:""users""` UsersDefaultLevel levelJSONValue `json:""users_default""` EventLevels map[string]levelJSONValue `json:""events""` StateDefaultLevel levelJSONValue `json:""state_default""` EventDefaultLevel levelJSONValue `json:""event_default""` NotificationLevels map[string]levelJSONValue `json:""notifications""` } if err = json.Unmarshal(event.Content(), &content); err != nil { err = errorf(""unparsable power_levels event content: %s"", err.Error()) return } content.InviteLevel.assignIfExists(&c.Invite) content.BanLevel.assignIfExists(&c.Ban) content.KickLevel.assignIfExists(&c.Kick) content.RedactLevel.assignIfExists(&c.Redact) content.UsersDefaultLevel.assignIfExists(&c.UsersDefault) content.StateDefaultLevel.assignIfExists(&c.StateDefault) content.EventDefaultLevel.assignIfExists(&c.EventsDefault) for k, v := range content.UserLevels { if c.Users == nil { c.Users = make(map[string]int64) } c.Users[k] = v.value } for k, v := range content.EventLevels { if c.Events == nil { c.Events = make(map[string]int64) } c.Events[k] = v.value } for k, v := range content.NotificationLevels { if c.Notifications == nil { c.Notifications = make(map[string]int64) } c.Notifications[k] = v.value } } return }",True,Go,NewPowerLevelContentFromEvent,eventcontent.go,https://github.com/matrix-org/gomatrixserverlib,matrix-org,Neil Alexander,2022-08-15 10:19:47+01:00,"Fix parsing of `""events_default""` level in `m.room.power_levels` events",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-36009,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3059,"func (r *Registrator) Certificate(ctx context.Context, in *securityapi.CertificateRequest) (resp *securityapi.CertificateResponse, err error) { osRoot, err := safe.StateGet[*secrets.OSRoot](ctx, r.Resources, resource.NewMetadata(secrets.NamespaceName, secrets.OSRootType, secrets.OSRootID, resource.VersionUndefined)) if err != nil { return nil, err } signed, err := x509.NewCertificateFromCSRBytes(osRoot.TypedSpec().CA.Crt, osRoot.TypedSpec().CA.Key, in.Csr) if err != nil { return } resp = &securityapi.CertificateResponse{ Ca: osRoot.TypedSpec().CA.Crt, Crt: signed.X509CertificatePEM, } return resp, nil }",True,Go,Certificate,reg.go,https://github.com/siderolabs/talos,siderolabs,Andrey Smirnov,2022-09-13 15:06:09+04:00,"fix: never sign client certificate requests in trustd

Talos worker nodes use `trustd` API on control plane nodes to issue
certificates for `apid` service. Access to the API is protected with the
Talos join token specified in the machine configuration.

There was no validation on what kind of request is requested, so
`trustd` could issue a certificate which is valid for client
authentication with any set of Talos API RBAC roles, including
`os:admin` role allowing full access to the Talos API on control plane
nodes.

See: GHSA-7hgc-php5-77qq
CVE: CVE-2022-36103

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-36103,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3061,func TestEmpty(t *testing.T) { },True,Go,TestEmpty,reg_test.go,https://github.com/siderolabs/talos,siderolabs,Andrey Smirnov,2022-09-13 15:06:09+04:00,"fix: never sign client certificate requests in trustd

Talos worker nodes use `trustd` API on control plane nodes to issue
certificates for `apid` service. Access to the API is protected with the
Talos join token specified in the machine configuration.

There was no validation on what kind of request is requested, so
`trustd` could issue a certificate which is valid for client
authentication with any set of Talos API RBAC roles, including
`os:admin` role allowing full access to the Talos API on control plane
nodes.

See: GHSA-7hgc-php5-77qq
CVE: CVE-2022-36103

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-36103,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3068,func getChat(query string) []interface{} {,True,Go,getChat,persistence.go,https://github.com/owncast/owncast,owncast,GitHub,2022-10-28 12:32:42-07:00,"Using prepared statements for SQL queries. (#2257)

* using prepared statements for sql query for fixing sql injection

* returning error in getChat instead of logging",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-3751,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3072,"func (cvss20 CVSS20) Get(abv string) (string, error) { switch abv { case ""AV"": return cvss20.AccessVector, nil case ""AC"": return cvss20.AccessComplexity, nil case ""Au"": return cvss20.Authentication, nil case ""C"": return cvss20.ConfidentialityImpact, nil case ""I"": return cvss20.IntegrityImpact, nil case ""A"": return cvss20.AvailabilityImpact, nil case ""E"": return cvss20.Exploitability, nil case ""RL"": return cvss20.RemediationLevel, nil case ""RC"": return cvss20.ReportConfidence, nil case ""CDP"": return cvss20.CollateralDamagePotential, nil case ""TD"": return cvss20.TargetDistribution, nil case ""CR"": return cvss20.ConfidentialityRequirement, nil case ""IR"": return cvss20.IntegrityRequirement, nil case ""AR"": return cvss20.AvailabilityRequirement, nil default: return """", &ErrInvalidMetric{Abv: abv} } }",True,Go,Get,cvss20.go,https://github.com/pandatix/go-cvss,pandatix,TESSON Lucas,2022-09-13 19:46:05+02:00,Improve CVSS v2.0 implementation (0/1 allocs/op),CWE-125,Out-of-bounds Read,"The product reads data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/125.html,CVE-2022-39213,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3073,func (cvss20 CVSS20) BaseScore() float64 { impact := 10.41 * (1 - (1-cia(cvss20.ConfidentialityImpact))*(1-cia(cvss20.IntegrityImpact))*(1-cia(cvss20.AvailabilityImpact))) fimpact := 0.0 if impact != 0 { fimpact = 1.176 } exploitability := 20 * accessVector(cvss20.AccessVector) * accessComplexity(cvss20.AccessComplexity) * authentication(cvss20.Authentication) return roundTo1Decimal(((0.6 * impact) + (0.4 * exploitability) - 1.5) * fimpact) },True,Go,BaseScore,cvss20.go,https://github.com/pandatix/go-cvss,pandatix,TESSON Lucas,2022-09-13 19:46:05+02:00,Improve CVSS v2.0 implementation (0/1 allocs/op),CWE-125,Out-of-bounds Read,"The product reads data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/125.html,CVE-2022-39213,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3074,func (cvss20 CVSS20) TemporalScore() float64 { return roundTo1Decimal(cvss20.BaseScore() * exploitability(cvss20.Exploitability) * remediationLevel(cvss20.RemediationLevel) * reportConfidence(cvss20.ReportConfidence)) },True,Go,TemporalScore,cvss20.go,https://github.com/pandatix/go-cvss,pandatix,TESSON Lucas,2022-09-13 19:46:05+02:00,Improve CVSS v2.0 implementation (0/1 allocs/op),CWE-125,Out-of-bounds Read,"The product reads data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/125.html,CVE-2022-39213,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3075,"func (cvss20 CVSS20) EnvironmentalScore() float64 { adjustedImpact := math.Min(10, 10.41*(1-(1-cia(cvss20.ConfidentialityImpact)*ciar(cvss20.ConfidentialityRequirement))*(1-cia(cvss20.IntegrityImpact)*ciar(cvss20.IntegrityRequirement))*(1-cia(cvss20.AvailabilityImpact)*ciar(cvss20.AvailabilityRequirement)))) fimpactBase := 0.0 if adjustedImpact != 0 { fimpactBase = 1.176 } expltBase := 20 * accessVector(cvss20.AccessVector) * accessComplexity(cvss20.AccessComplexity) * authentication(cvss20.Authentication) recBase := roundTo1Decimal(((0.6 * adjustedImpact) + (0.4 * expltBase) - 1.5) * fimpactBase) adjustedTemporal := roundTo1Decimal(recBase * exploitability(cvss20.Exploitability) * remediationLevel(cvss20.RemediationLevel) * reportConfidence(cvss20.ReportConfidence)) return roundTo1Decimal((adjustedTemporal + (10-adjustedTemporal)*collateralDamagePotential(cvss20.CollateralDamagePotential)) * targetDistribution(cvss20.TargetDistribution)) }",True,Go,EnvironmentalScore,cvss20.go,https://github.com/pandatix/go-cvss,pandatix,TESSON Lucas,2022-09-13 19:46:05+02:00,Improve CVSS v2.0 implementation (0/1 allocs/op),CWE-125,Out-of-bounds Read,"The product reads data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/125.html,CVE-2022-39213,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3077,"func (cvss20 CVSS20) Vector() string { s := """" s += ""AV:"" + cvss20.AccessVector s += ""/AC:"" + cvss20.AccessComplexity s += ""/Au:"" + cvss20.Authentication s += ""/C:"" + cvss20.ConfidentialityImpact s += ""/I:"" + cvss20.IntegrityImpact s += ""/A:"" + cvss20.AvailabilityImpact if cvss20.Exploitability != ""ND"" || cvss20.RemediationLevel != ""ND"" || cvss20.ReportConfidence != ""ND"" { s += ""/E:"" + cvss20.Exploitability s += ""/RL:"" + cvss20.RemediationLevel s += ""/RC:"" + cvss20.ReportConfidence } if cvss20.CollateralDamagePotential != ""ND"" || cvss20.TargetDistribution != ""ND"" || cvss20.ConfidentialityRequirement != ""ND"" || cvss20.IntegrityRequirement != ""ND"" || cvss20.AvailabilityRequirement != ""ND"" { s += ""/CDP:"" + cvss20.CollateralDamagePotential s += ""/TD:"" + cvss20.TargetDistribution s += ""/CR:"" + cvss20.ConfidentialityRequirement s += ""/IR:"" + cvss20.IntegrityRequirement s += ""/AR:"" + cvss20.AvailabilityRequirement } return s }",True,Go,Vector,cvss20.go,https://github.com/pandatix/go-cvss,pandatix,TESSON Lucas,2022-09-13 19:46:05+02:00,Improve CVSS v2.0 implementation (0/1 allocs/op),CWE-125,Out-of-bounds Read,"The product reads data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/125.html,CVE-2022-39213,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3090,"func (err ErrDefinedN) Error() string { return fmt.Sprintf(""given CVSS v3.1 vector has %v metric abbreviations defined multiple times"", err.Abv) }",True,Go,Error,errors.go,https://github.com/pandatix/go-cvss,pandatix,TESSON Lucas,2022-09-13 19:46:05+02:00,Improve CVSS v2.0 implementation (0/1 allocs/op),CWE-125,Out-of-bounds Read,"The product reads data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/125.html,CVE-2022-39213,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3091,"func (err ErrBaseScore) Error() string { return fmt.Sprintf(""base score is missing metrics %v"", err.Missings) }",True,Go,Error,errors.go,https://github.com/pandatix/go-cvss,pandatix,TESSON Lucas,2022-09-13 19:46:05+02:00,Improve CVSS v2.0 implementation (0/1 allocs/op),CWE-125,Out-of-bounds Read,"The product reads data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/125.html,CVE-2022-39213,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3093,"func (t *Transport) refreshToken(ctx context.Context) error { body, err := GetReadWriter(t.InstallationTokenOptions) if err != nil { return fmt.Errorf(""could not convert installation token parameters into json: %s"", err) } req, err := http.NewRequest(""POST"", fmt.Sprintf(""%s/app/installations/%v/access_tokens"", t.BaseURL, t.installationID), body) if err != nil { return fmt.Errorf(""could not create request: %s"", err) } if body != nil { req.Header.Set(""Content-Type"", ""application/json"") } req.Header.Set(""Accept"", acceptHeader) if ctx != nil { req = req.WithContext(ctx) } t.appsTransport.BaseURL = t.BaseURL t.appsTransport.Client = t.Client resp, err := t.appsTransport.RoundTrip(req) if err != nil { return fmt.Errorf(""could not get access_tokens from GitHub API for installation ID %v: %v"", t.installationID, err) } defer resp.Body.Close() if resp.StatusCode/100 != 2 { return fmt.Errorf(""request %+v received non 2xx response status %q with body %+v and TLS %+v"", resp.Request, resp.Body, resp.Request, resp.TLS) } return json.NewDecoder(resp.Body).Decode(&t.token) }",True,Go,refreshToken,transport.go,https://github.com/bradleyfalzon/ghinstallation,bradleyfalzon,GitHub,2021-03-08 13:28:58-05:00,"Add StatusCode to error message if refreshToken() fails due to an suspended app (#44)

Add StatusCode to error message if refreshToken() fails due to an suspended app",CWE-209,Generation of Error Message Containing Sensitive Information,"The product generates an error message that includes sensitive information about its environment, users, or associated data.",https://cwe.mitre.org/data/definitions/209.html,CVE-2022-39304,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3095,"func ValidateAllAuthorizationModels(ctx context.Context, db storage.OpenFGADatastore) ([]validationResult, error) { validationResults := make([]validationResult, 0) continuationTokenStores := """" for { stores, tokenStores, err := db.ListStores(ctx, storage.PaginationOptions{ PageSize: 100, From: continuationTokenStores, }) if err != nil { return nil, fmt.Errorf(""error reading stores: %w"", err) } for _, store := range stores { latestModelID, err := db.FindLatestAuthorizationModelID(ctx, store.Id) if err != nil { fmt.Printf(""no models in store %s \n"", store.Id) } continuationTokenModels := """" for { models, tokenModels, err := db.ReadAuthorizationModels(ctx, store.Id, storage.PaginationOptions{ PageSize: 100, From: continuationTokenModels, }) if err != nil { return nil, fmt.Errorf(""error reading authorization models: %w"", err) } for _, model := range models { _, err := typesystem.NewAndValidate(model) validationResult := validationResult{ StoreID: store.Id, ModelID: model.Id, IsLatestModel: model.Id == latestModelID, } if err != nil { validationResult.Error = err.Error() } validationResults = append(validationResults, validationResult) } continuationTokenModels = string(tokenModels) if continuationTokenModels == """" { break } } } continuationTokenStores = string(tokenStores) if continuationTokenStores == """" { break } } return validationResults, nil }",True,Go,ValidateAllAuthorizationModels,validate_models.go,https://github.com/openfga/openfga,openfga,GitHub,2023-06-26 12:12:07-06:00,"Merge pull request from GHSA-hr9r-8phq-5x8j

* fix: validate models with no entrypoints correctly

* chore: fix map clone on union case

* fix: clone visited map for base and subtract set in exclusion

* fix: tidy up godoc and resolve issues with tests

* test: drop duplicate test cases

* test: add another valid model to the WriteAuthorizationModel test cases

* fix: add more model validations on empty type name and relations

* fix: add in model validation for check, list object and expand

* chore: fix linter warnings

* chore: fix usage of NewAndValidate

---------

Co-authored-by: Adrian Tam <adrian.tam@okta.com>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2023-35933,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3099,"func (w *WriteAuthorizationModelCommand) Execute(ctx context.Context, req *openfgapb.WriteAuthorizationModelRequest) (*openfgapb.WriteAuthorizationModelResponse, error) { if len(req.GetTypeDefinitions()) > w.backend.MaxTypesPerAuthorizationModel() { return nil, serverErrors.ExceededEntityLimit(""type definitions in an authorization model"", w.backend.MaxTypesPerAuthorizationModel()) } if req.SchemaVersion == """" { req.SchemaVersion = typesystem.SchemaVersion1_1 } model := &openfgapb.AuthorizationModel{ Id: ulid.Make().String(), SchemaVersion: req.GetSchemaVersion(), TypeDefinitions: req.GetTypeDefinitions(), } _, err := typesystem.NewAndValidate(model) if err != nil { return nil, serverErrors.InvalidAuthorizationModelInput(err) } err = w.backend.WriteAuthorizationModel(ctx, req.GetStoreId(), model) if err != nil { return nil, serverErrors.NewInternalError(""Error writing authorization model configuration"", err) } return &openfgapb.WriteAuthorizationModelResponse{ AuthorizationModelId: model.Id, }, nil }",True,Go,Execute,write_authzmodel.go,https://github.com/openfga/openfga,openfga,GitHub,2023-06-26 12:12:07-06:00,"Merge pull request from GHSA-hr9r-8phq-5x8j

* fix: validate models with no entrypoints correctly

* chore: fix map clone on union case

* fix: clone visited map for base and subtract set in exclusion

* fix: tidy up godoc and resolve issues with tests

* test: drop duplicate test cases

* test: add another valid model to the WriteAuthorizationModel test cases

* fix: add more model validations on empty type name and relations

* fix: add in model validation for check, list object and expand

* chore: fix linter warnings

* chore: fix usage of NewAndValidate

---------

Co-authored-by: Adrian Tam <adrian.tam@okta.com>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2023-35933,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3104,"func (s *Server) Check(ctx context.Context, req *openfgapb.CheckRequest) (*openfgapb.CheckResponse, error) { tk := req.GetTupleKey() ctx, span := tracer.Start(ctx, ""Check"", trace.WithAttributes( attribute.KeyValue{Key: ""object"", Value: attribute.StringValue(tk.GetObject())}, attribute.KeyValue{Key: ""relation"", Value: attribute.StringValue(tk.GetRelation())}, attribute.KeyValue{Key: ""user"", Value: attribute.StringValue(tk.GetUser())}, )) defer span.End() if tk.GetUser() == """" || tk.GetRelation() == """" || tk.GetObject() == """" { return nil, serverErrors.InvalidCheckInput } storeID := req.GetStoreId() modelID, err := s.resolveAuthorizationModelID(ctx, storeID, req.GetAuthorizationModelId()) if err != nil { return nil, err } model, err := s.datastore.ReadAuthorizationModel(ctx, storeID, modelID) if err != nil { if errors.Is(err, storage.ErrNotFound) { return nil, serverErrors.AuthorizationModelNotFound(modelID) } return nil, err } if !typesystem.IsSchemaVersionSupported(model.GetSchemaVersion()) { return nil, serverErrors.ValidationError(typesystem.ErrInvalidSchemaVersion) } typesys := typesystem.New(model) if err := validation.ValidateUserObjectRelation(typesys, tk); err != nil { return nil, serverErrors.ValidationError(err) } for _, ctxTuple := range req.GetContextualTuples().GetTupleKeys() { if err := validation.ValidateTuple(typesys, ctxTuple); err != nil { return nil, serverErrors.HandleTupleValidateError(err) } } ctx = typesystem.ContextWithTypesystem(ctx, typesys) checkResolver := graph.NewLocalChecker( storage.NewCombinedTupleReader(s.datastore, req.ContextualTuples.GetTupleKeys()), checkConcurrencyLimit) resp, err := checkResolver.ResolveCheck(ctx, &graph.ResolveCheckRequest{ StoreID: req.GetStoreId(), AuthorizationModelID: req.GetAuthorizationModelId(), TupleKey: req.GetTupleKey(), ContextualTuples: req.ContextualTuples.GetTupleKeys(), ResolutionMetadata: &graph.ResolutionMetadata{ Depth: s.config.ResolveNodeLimit, }, }) if err != nil { if errors.Is(err, graph.ErrResolutionDepthExceeded) { return nil, serverErrors.AuthorizationModelResolutionTooComplex } return nil, serverErrors.HandleError("""", err) } res := &openfgapb.CheckResponse{ Allowed: resp.Allowed, } span.SetAttributes(attribute.KeyValue{Key: ""allowed"", Value: attribute.BoolValue(res.GetAllowed())}) return res, nil }",True,Go,Check,server.go,https://github.com/openfga/openfga,openfga,GitHub,2023-06-26 12:12:07-06:00,"Merge pull request from GHSA-hr9r-8phq-5x8j

* fix: validate models with no entrypoints correctly

* chore: fix map clone on union case

* fix: clone visited map for base and subtract set in exclusion

* fix: tidy up godoc and resolve issues with tests

* test: drop duplicate test cases

* test: add another valid model to the WriteAuthorizationModel test cases

* fix: add more model validations on empty type name and relations

* fix: add in model validation for check, list object and expand

* chore: fix linter warnings

* chore: fix usage of NewAndValidate

---------

Co-authored-by: Adrian Tam <adrian.tam@okta.com>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2023-35933,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3109,"func BenchmarkListObjectsNoRaceCondition(b *testing.B) { ctx := context.Background() logger := logger.NewNoopLogger() transport := gateway.NewNoopTransport() store := ulid.Make().String() modelID := ulid.Make().String() mockController := gomock.NewController(b) defer mockController.Finish() typedefs := parser.MustParse(` type user type repo relations define allowed: [user] as self define viewer: [user] as self and allowed `) mockDatastore := mockstorage.NewMockOpenFGADatastore(mockController) mockDatastore.EXPECT().ReadAuthorizationModel(gomock.Any(), store, modelID).AnyTimes().Return(&openfgapb.AuthorizationModel{ SchemaVersion: typesystem.SchemaVersion1_1, TypeDefinitions: typedefs, }, nil) mockDatastore.EXPECT().ListObjectsByType(gomock.Any(), store, ""repo"").AnyTimes().Return(nil, errors.New(""error reading from storage"")) s := New(&Dependencies{ Datastore: mockDatastore, Transport: transport, Logger: logger, }, &Config{ ResolveNodeLimit: 25, ListObjectsDeadline: 5 * time.Second, ListObjectsMaxResults: 1000, }) b.ResetTimer() for i := 0; i < b.N; i++ { _, err := s.ListObjects(ctx, &openfgapb.ListObjectsRequest{ StoreId: store, AuthorizationModelId: modelID, Type: ""repo"", Relation: ""viewer"", User: ""user:bob"", }) require.ErrorIs(b, err, serverErrors.NewInternalError("""", errors.New(""error reading from storage""))) err = s.StreamedListObjects(&openfgapb.StreamedListObjectsRequest{ StoreId: store, AuthorizationModelId: modelID, Type: ""repo"", Relation: ""viewer"", User: ""user:bob"", }, NewMockStreamServer()) require.ErrorIs(b, err, serverErrors.NewInternalError("""", errors.New(""error reading from storage""))) } }",True,Go,BenchmarkListObjectsNoRaceCondition,server_test.go,https://github.com/openfga/openfga,openfga,GitHub,2023-06-26 12:12:07-06:00,"Merge pull request from GHSA-hr9r-8phq-5x8j

* fix: validate models with no entrypoints correctly

* chore: fix map clone on union case

* fix: clone visited map for base and subtract set in exclusion

* fix: tidy up godoc and resolve issues with tests

* test: drop duplicate test cases

* test: add another valid model to the WriteAuthorizationModel test cases

* fix: add more model validations on empty type name and relations

* fix: add in model validation for check, list object and expand

* chore: fix linter warnings

* chore: fix usage of NewAndValidate

---------

Co-authored-by: Adrian Tam <adrian.tam@okta.com>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2023-35933,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3111,"func TestListObjects_Unoptimized_UnhappyPaths(t *testing.T) { ctx := context.Background() logger := logger.NewNoopLogger() transport := gateway.NewNoopTransport() store := ulid.Make().String() modelID := ulid.Make().String() mockController := gomock.NewController(t) defer mockController.Finish() mockDatastore := mockstorage.NewMockOpenFGADatastore(mockController) mockDatastore.EXPECT().ReadAuthorizationModel(gomock.Any(), store, modelID).AnyTimes().Return(&openfgapb.AuthorizationModel{ SchemaVersion: typesystem.SchemaVersion1_1, TypeDefinitions: parser.MustParse(` type user type repo relations define allowed: [user] as self define viewer: [user] as self and allowed `), }, nil) mockDatastore.EXPECT().ListObjectsByType(gomock.Any(), store, ""repo"").AnyTimes().Return(nil, errors.New(""error reading from storage"")) s := New(&Dependencies{ Datastore: mockDatastore, Transport: transport, Logger: logger, }, &Config{ ResolveNodeLimit: 25, ListObjectsDeadline: 5 * time.Second, ListObjectsMaxResults: 1000, }) t.Run(""error_listing_objects_from_storage_in_non-streaming_version"", func(t *testing.T) { res, err := s.ListObjects(ctx, &openfgapb.ListObjectsRequest{ StoreId: store, AuthorizationModelId: modelID, Type: ""repo"", Relation: ""viewer"", User: ""user:bob"", }) require.Nil(t, res) require.ErrorIs(t, err, serverErrors.NewInternalError("""", errors.New(""error reading from storage""))) }) t.Run(""error_listing_objects_from_storage_in_streaming_version"", func(t *testing.T) { err := s.StreamedListObjects(&openfgapb.StreamedListObjectsRequest{ StoreId: store, AuthorizationModelId: modelID, Type: ""repo"", Relation: ""viewer"", User: ""user:bob"", }, NewMockStreamServer()) require.ErrorIs(t, err, serverErrors.NewInternalError("""", errors.New(""error reading from storage""))) }) }",True,Go,TestListObjects_Unoptimized_UnhappyPaths,server_test.go,https://github.com/openfga/openfga,openfga,GitHub,2023-06-26 12:12:07-06:00,"Merge pull request from GHSA-hr9r-8phq-5x8j

* fix: validate models with no entrypoints correctly

* chore: fix map clone on union case

* fix: clone visited map for base and subtract set in exclusion

* fix: tidy up godoc and resolve issues with tests

* test: drop duplicate test cases

* test: add another valid model to the WriteAuthorizationModel test cases

* fix: add more model validations on empty type name and relations

* fix: add in model validation for check, list object and expand

* chore: fix linter warnings

* chore: fix usage of NewAndValidate

---------

Co-authored-by: Adrian Tam <adrian.tam@okta.com>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2023-35933,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3112,"func TestCheckDoesNotThrowBecauseDirectTupleWasFound(t *testing.T) { ctx := context.Background() storeID := ulid.Make().String() modelID := ulid.Make().String() typedefs := parser.MustParse(` type user type repo relations define reader: [user] as self `) tk := tuple.NewTupleKey(""repo:openfga"", ""reader"", ""user:anne"") tuple := &openfgapb.Tuple{Key: tk} mockController := gomock.NewController(t) defer mockController.Finish() mockDatastore := mockstorage.NewMockOpenFGADatastore(mockController) mockDatastore.EXPECT(). ReadAuthorizationModel(gomock.Any(), storeID, modelID). AnyTimes(). Return(&openfgapb.AuthorizationModel{ SchemaVersion: typesystem.SchemaVersion1_1, TypeDefinitions: typedefs, }, nil) mockDatastore.EXPECT(). ReadUserTuple(gomock.Any(), storeID, gomock.Any()). AnyTimes(). Return(tuple, nil) mockDatastore.EXPECT(). ReadUsersetTuples(gomock.Any(), storeID, gomock.Any()). AnyTimes(). DoAndReturn( func(_ context.Context, _ string, _ storage.ReadUsersetTuplesFilter) (storage.TupleIterator, error) { time.Sleep(50 * time.Millisecond) return nil, errors.New(""some error"") }) s := New(&Dependencies{ Datastore: mockDatastore, Logger: logger.NewNoopLogger(), Transport: gateway.NewNoopTransport(), }, &Config{ ResolveNodeLimit: 25, }) checkResponse, err := s.Check(ctx, &openfgapb.CheckRequest{ StoreId: storeID, TupleKey: tk, AuthorizationModelId: modelID, }) require.NoError(t, err) require.Equal(t, true, checkResponse.Allowed) }",True,Go,TestCheckDoesNotThrowBecauseDirectTupleWasFound,server_test.go,https://github.com/openfga/openfga,openfga,GitHub,2023-06-26 12:12:07-06:00,"Merge pull request from GHSA-hr9r-8phq-5x8j

* fix: validate models with no entrypoints correctly

* chore: fix map clone on union case

* fix: clone visited map for base and subtract set in exclusion

* fix: tidy up godoc and resolve issues with tests

* test: drop duplicate test cases

* test: add another valid model to the WriteAuthorizationModel test cases

* fix: add more model validations on empty type name and relations

* fix: add in model validation for check, list object and expand

* chore: fix linter warnings

* chore: fix usage of NewAndValidate

---------

Co-authored-by: Adrian Tam <adrian.tam@okta.com>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2023-35933,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3114,"func TestShortestPathToSolutionWins(t *testing.T) { ctx := context.Background() storeID := ulid.Make().String() modelID := ulid.Make().String() typedefs := parser.MustParse(` type user type repo relations define reader: [user:*] as self `) tk := tuple.NewTupleKey(""repo:openfga"", ""reader"", ""user:*"") tuple := &openfgapb.Tuple{Key: tk} mockController := gomock.NewController(t) defer mockController.Finish() mockDatastore := mockstorage.NewMockOpenFGADatastore(mockController) mockDatastore.EXPECT(). ReadAuthorizationModel(gomock.Any(), storeID, modelID). AnyTimes(). Return(&openfgapb.AuthorizationModel{ SchemaVersion: typesystem.SchemaVersion1_1, TypeDefinitions: typedefs, }, nil) mockDatastore.EXPECT(). ReadUserTuple(gomock.Any(), storeID, gomock.Any()). AnyTimes(). DoAndReturn( func(ctx context.Context, _ string, _ *openfgapb.TupleKey) (storage.TupleIterator, error) { select { case <-ctx.Done(): return nil, ctx.Err() case <-time.After(500 * time.Millisecond): return nil, storage.ErrNotFound } }) mockDatastore.EXPECT(). ReadUsersetTuples(gomock.Any(), storeID, gomock.Any()). AnyTimes(). DoAndReturn( func(_ context.Context, _ string, _ storage.ReadUsersetTuplesFilter) (storage.TupleIterator, error) { time.Sleep(100 * time.Millisecond) return storage.NewStaticTupleIterator([]*openfgapb.Tuple{tuple}), nil }) s := New(&Dependencies{ Datastore: mockDatastore, Logger: logger.NewNoopLogger(), Transport: gateway.NewNoopTransport(), }, &Config{ ResolveNodeLimit: 25, }) start := time.Now() checkResponse, err := s.Check(ctx, &openfgapb.CheckRequest{ StoreId: storeID, TupleKey: tk, AuthorizationModelId: modelID, }) end := time.Since(start) require.Truef(t, end < 200*time.Millisecond, fmt.Sprintf(""end was %s"", end)) require.NoError(t, err) require.Equal(t, true, checkResponse.Allowed) }",True,Go,TestShortestPathToSolutionWins,server_test.go,https://github.com/openfga/openfga,openfga,GitHub,2023-06-26 12:12:07-06:00,"Merge pull request from GHSA-hr9r-8phq-5x8j

* fix: validate models with no entrypoints correctly

* chore: fix map clone on union case

* fix: clone visited map for base and subtract set in exclusion

* fix: tidy up godoc and resolve issues with tests

* test: drop duplicate test cases

* test: add another valid model to the WriteAuthorizationModel test cases

* fix: add more model validations on empty type name and relations

* fix: add in model validation for check, list object and expand

* chore: fix linter warnings

* chore: fix usage of NewAndValidate

---------

Co-authored-by: Adrian Tam <adrian.tam@okta.com>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2023-35933,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3126,"func BenchmarkListObjectsWithConcurrentChecks(b *testing.B, ds storage.OpenFGADatastore) { ctx := context.Background() store := ulid.Make().String() typedefs := parser.MustParse(` type user type document relations define allowed: [user] as self define viewer: [user] as self and allowed `) model := &openfgapb.AuthorizationModel{ Id: ulid.Make().String(), SchemaVersion: typesystem.SchemaVersion1_1, TypeDefinitions: typedefs, } err := ds.WriteAuthorizationModel(ctx, store, model) require.NoError(b, err) n := 0 for i := 0; i < 100; i++ { var tuples []*openfgapb.TupleKey for j := 0; j < ds.MaxTuplesPerWrite()/2; j++ { obj := fmt.Sprintf(""document:%s"", strconv.Itoa(n)) user := fmt.Sprintf(""user:%s"", strconv.Itoa(n)) tuples = append( tuples, tuple.NewTupleKey(obj, ""viewer"", user), tuple.NewTupleKey(obj, ""allowed"", user), ) n += 1 } err = ds.Write(ctx, store, nil, tuples) require.NoError(b, err) } listObjectsQuery := commands.ListObjectsQuery{ Datastore: ds, Logger: logger.NewNoopLogger(), ResolveNodeLimit: defaultResolveNodeLimit, } var r *openfgapb.ListObjectsResponse ctx = typesystem.ContextWithTypesystem(ctx, typesystem.New(model)) b.ResetTimer() for i := 0; i < b.N; i++ { r, _ = listObjectsQuery.Execute(ctx, &openfgapb.ListObjectsRequest{ StoreId: store, AuthorizationModelId: model.Id, Type: ""document"", Relation: ""viewer"", User: ""user:999"", }) } listObjectsResponse = r }",True,Go,BenchmarkListObjectsWithConcurrentChecks,list_objects.go,https://github.com/openfga/openfga,openfga,GitHub,2023-06-26 12:12:07-06:00,"Merge pull request from GHSA-hr9r-8phq-5x8j

* fix: validate models with no entrypoints correctly

* chore: fix map clone on union case

* fix: clone visited map for base and subtract set in exclusion

* fix: tidy up godoc and resolve issues with tests

* test: drop duplicate test cases

* test: add another valid model to the WriteAuthorizationModel test cases

* fix: add more model validations on empty type name and relations

* fix: add in model validation for check, list object and expand

* chore: fix linter warnings

* chore: fix usage of NewAndValidate

---------

Co-authored-by: Adrian Tam <adrian.tam@okta.com>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2023-35933,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3128,"func BenchmarkListObjectsWithReverseExpand(b *testing.B, ds storage.OpenFGADatastore) { ctx := context.Background() store := ulid.Make().String() model := &openfgapb.AuthorizationModel{ Id: ulid.Make().String(), SchemaVersion: typesystem.SchemaVersion1_1, TypeDefinitions: []*openfgapb.TypeDefinition{ { Type: ""user"", }, { Type: ""document"", Relations: map[string]*openfgapb.Userset{ ""viewer"": typesystem.This(), }, Metadata: &openfgapb.Metadata{ Relations: map[string]*openfgapb.RelationMetadata{ ""viewer"": { DirectlyRelatedUserTypes: []*openfgapb.RelationReference{ typesystem.DirectRelationReference(""user"", """"), }, }, }, }, }, }, } err := ds.WriteAuthorizationModel(ctx, store, model) require.NoError(b, err) n := 0 for i := 0; i < 100; i++ { var tuples []*openfgapb.TupleKey for j := 0; j < ds.MaxTuplesPerWrite(); j++ { obj := fmt.Sprintf(""document:%s"", strconv.Itoa(n)) user := fmt.Sprintf(""user:%s"", strconv.Itoa(n)) tuples = append(tuples, tuple.NewTupleKey(obj, ""viewer"", user)) n += 1 } err = ds.Write(ctx, store, nil, tuples) require.NoError(b, err) } listObjectsQuery := commands.ListObjectsQuery{ Datastore: ds, Logger: logger.NewNoopLogger(), ResolveNodeLimit: defaultResolveNodeLimit, } var r *openfgapb.ListObjectsResponse ctx = typesystem.ContextWithTypesystem(ctx, typesystem.New(model)) b.ResetTimer() for i := 0; i < b.N; i++ { r, _ = listObjectsQuery.Execute(ctx, &openfgapb.ListObjectsRequest{ StoreId: store, AuthorizationModelId: model.Id, Type: ""document"", Relation: ""viewer"", User: ""user:999"", }) } listObjectsResponse = r }",True,Go,BenchmarkListObjectsWithReverseExpand,list_objects.go,https://github.com/openfga/openfga,openfga,GitHub,2023-06-26 12:12:07-06:00,"Merge pull request from GHSA-hr9r-8phq-5x8j

* fix: validate models with no entrypoints correctly

* chore: fix map clone on union case

* fix: clone visited map for base and subtract set in exclusion

* fix: tidy up godoc and resolve issues with tests

* test: drop duplicate test cases

* test: add another valid model to the WriteAuthorizationModel test cases

* fix: add more model validations on empty type name and relations

* fix: add in model validation for check, list object and expand

* chore: fix linter warnings

* chore: fix usage of NewAndValidate

---------

Co-authored-by: Adrian Tam <adrian.tam@okta.com>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2023-35933,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3129,"func RunQueryTests(t *testing.T, ds storage.OpenFGADatastore) { t.Run(""TestReadAuthorizationModelQueryErrors"", func(t *testing.T) { TestReadAuthorizationModelQueryErrors(t, ds) }) t.Run(""TestSuccessfulReadAuthorizationModelQuery"", func(t *testing.T) { TestSuccessfulReadAuthorizationModelQuery(t, ds) }) t.Run(""TestReadAuthorizationModel"", func(t *testing.T) { ReadAuthorizationModelTest(t, ds) }) t.Run(""TestExpandQuery"", func(t *testing.T) { TestExpandQuery(t, ds) }) t.Run(""TestExpandQueryErrors"", func(t *testing.T) { TestExpandQueryErrors(t, ds) }) t.Run(""TestGetStoreQuery"", func(t *testing.T) { TestGetStoreQuery(t, ds) }) t.Run(""TestGetStoreSucceeds"", func(t *testing.T) { TestGetStoreSucceeds(t, ds) }) t.Run(""TestListStores"", func(t *testing.T) { TestListStores(t, ds) }) t.Run(""TestReadAssertionQuery"", func(t *testing.T) { TestReadAssertionQuery(t, ds) }) t.Run(""TestReadQuerySuccess"", func(t *testing.T) { ReadQuerySuccessTest(t, ds) }) t.Run(""TestReadQueryError"", func(t *testing.T) { ReadQueryErrorTest(t, ds) }) t.Run(""TestReadAllTuples"", func(t *testing.T) { ReadAllTuplesTest(t, ds) }) t.Run(""TestReadAllTuplesInvalidContinuationToken"", func(t *testing.T) { ReadAllTuplesInvalidContinuationTokenTest(t, ds) }) t.Run(""TestReadAuthorizationModelsWithoutPaging"", func(t *testing.T) { TestReadAuthorizationModelsWithoutPaging(t, ds) }, ) t.Run(""TestReadAuthorizationModelsWithPaging"", func(t *testing.T) { TestReadAuthorizationModelsWithPaging(t, ds) }, ) t.Run(""TestReadAuthorizationModelsInvalidContinuationToken"", func(t *testing.T) { TestReadAuthorizationModelsInvalidContinuationToken(t, ds) }, ) t.Run(""TestReadChanges"", func(t *testing.T) { TestReadChanges(t, ds) }) t.Run(""TestReadChangesReturnsSameContTokenWhenNoChanges"", func(t *testing.T) { TestReadChangesReturnsSameContTokenWhenNoChanges(t, ds) }, ) t.Run(""TestListObjectsRespectsMaxResults"", func(t *testing.T) { TestListObjectsRespectsMaxResults(t, ds) }) }",True,Go,RunQueryTests,server.go,https://github.com/openfga/openfga,openfga,GitHub,2023-06-26 12:12:07-06:00,"Merge pull request from GHSA-hr9r-8phq-5x8j

* fix: validate models with no entrypoints correctly

* chore: fix map clone on union case

* fix: clone visited map for base and subtract set in exclusion

* fix: tidy up godoc and resolve issues with tests

* test: drop duplicate test cases

* test: add another valid model to the WriteAuthorizationModel test cases

* fix: add more model validations on empty type name and relations

* fix: add in model validation for check, list object and expand

* chore: fix linter warnings

* chore: fix usage of NewAndValidate

---------

Co-authored-by: Adrian Tam <adrian.tam@okta.com>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2023-35933,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3132,"func New(model *openfgapb.AuthorizationModel) *TypeSystem { tds := make(map[string]*openfgapb.TypeDefinition, len(model.GetTypeDefinitions())) relations := make(map[string]map[string]*openfgapb.Relation, len(model.GetTypeDefinitions())) for _, td := range model.GetTypeDefinitions() { tds[td.GetType()] = td tdRelations := make(map[string]*openfgapb.Relation, len(td.GetRelations())) for relation, rewrite := range td.GetRelations() { r := &openfgapb.Relation{ Name: relation, Rewrite: rewrite, TypeInfo: &openfgapb.RelationTypeInfo{}, } if metadata, ok := td.GetMetadata().GetRelations()[relation]; ok { r.TypeInfo.DirectlyRelatedUserTypes = metadata.GetDirectlyRelatedUserTypes() } tdRelations[relation] = r } relations[td.GetType()] = tdRelations } return &TypeSystem{ modelID: model.GetId(), schemaVersion: model.GetSchemaVersion(), typeDefinitions: tds, relations: relations, } }",True,Go,New,typesystem.go,https://github.com/openfga/openfga,openfga,GitHub,2023-06-26 12:12:07-06:00,"Merge pull request from GHSA-hr9r-8phq-5x8j

* fix: validate models with no entrypoints correctly

* chore: fix map clone on union case

* fix: clone visited map for base and subtract set in exclusion

* fix: tidy up godoc and resolve issues with tests

* test: drop duplicate test cases

* test: add another valid model to the WriteAuthorizationModel test cases

* fix: add more model validations on empty type name and relations

* fix: add in model validation for check, list object and expand

* chore: fix linter warnings

* chore: fix usage of NewAndValidate

---------

Co-authored-by: Adrian Tam <adrian.tam@okta.com>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2023-35933,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3134,"func TestSuccessfulRelationTypeRestrictionsValidations(t *testing.T) { var tests = []struct { name string model *openfgapb.AuthorizationModel }{ { name: ""succeeds_on_a_valid_typeSystem_with_an_objectType_type"", model: &openfgapb.AuthorizationModel{ SchemaVersion: SchemaVersion1_1, TypeDefinitions: []*openfgapb.TypeDefinition{ { Type: ""user"", }, { Type: ""document"", Relations: map[string]*openfgapb.Userset{ ""reader"": {Userset: &openfgapb.Userset_This{}}, }, Metadata: &openfgapb.Metadata{ Relations: map[string]*openfgapb.RelationMetadata{ ""reader"": { DirectlyRelatedUserTypes: []*openfgapb.RelationReference{ { Type: ""user"", }, }, }, }, }, }, }, }, }, { name: ""succeeds_on_a_valid_typeSystem_with_a_type_and_type#relation_type"", model: &openfgapb.AuthorizationModel{ SchemaVersion: SchemaVersion1_1, TypeDefinitions: []*openfgapb.TypeDefinition{ { Type: ""user"", }, { Type: ""group"", Relations: map[string]*openfgapb.Userset{ ""admin"": {Userset: &openfgapb.Userset_This{}}, ""member"": {Userset: &openfgapb.Userset_This{}}, }, Metadata: &openfgapb.Metadata{ Relations: map[string]*openfgapb.RelationMetadata{ ""admin"": { DirectlyRelatedUserTypes: []*openfgapb.RelationReference{ { Type: ""user"", }, }, }, ""member"": { DirectlyRelatedUserTypes: []*openfgapb.RelationReference{ { Type: ""user"", }, }, }, }, }, }, { Type: ""document"", Relations: map[string]*openfgapb.Userset{ ""reader"": {Userset: &openfgapb.Userset_This{}}, ""writer"": {Userset: &openfgapb.Userset_This{}}, }, Metadata: &openfgapb.Metadata{ Relations: map[string]*openfgapb.RelationMetadata{ ""reader"": { DirectlyRelatedUserTypes: []*openfgapb.RelationReference{ DirectRelationReference(""user"", """"), DirectRelationReference(""group"", ""member""), }, }, ""writer"": { DirectlyRelatedUserTypes: []*openfgapb.RelationReference{ DirectRelationReference(""user"", """"), DirectRelationReference(""group"", ""admin""), }, }, }, }, }, }, }, }, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { _, err := NewAndValidate(test.model) require.NoError(t, err) }) } }",True,Go,TestSuccessfulRelationTypeRestrictionsValidations,typesystem_test.go,https://github.com/openfga/openfga,openfga,GitHub,2023-06-26 12:12:07-06:00,"Merge pull request from GHSA-hr9r-8phq-5x8j

* fix: validate models with no entrypoints correctly

* chore: fix map clone on union case

* fix: clone visited map for base and subtract set in exclusion

* fix: tidy up godoc and resolve issues with tests

* test: drop duplicate test cases

* test: add another valid model to the WriteAuthorizationModel test cases

* fix: add more model validations on empty type name and relations

* fix: add in model validation for check, list object and expand

* chore: fix linter warnings

* chore: fix usage of NewAndValidate

---------

Co-authored-by: Adrian Tam <adrian.tam@okta.com>",CWE-835,Loop with Unreachable Exit Condition ('Infinite Loop'),"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.",https://cwe.mitre.org/data/definitions/835.html,CVE-2023-35933,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3143,"func (u *userSet) Get(value string) (resolutionTracer, bool) { u.m.Lock() defer u.m.Unlock() var found bool var rt resolutionTracer if rt, found = u.u[value]; !found { if rt, found = u.u[AllUsers]; !found { return nil, false } } return rt, found }",True,Go,Get,check_utils.go,https://github.com/openfga/openfga,openfga,GitHub,2022-10-20 16:29:12-06:00,"Merge pull request from GHSA-vj4m-83m8-xpw5

* fix: return error if wildcard is encountered in ttu evaluation

* chore: address one of maria's comments

* chore: fix public facing error message and test name

* fix: return error if '*' encountered in tupleset relation in Expand",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-39341,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3147,"func (query *ExpandQuery) resolveUserset(ctx context.Context, store, modelID string, userset *openfgapb.Userset, tk *openfgapb.TupleKey, metadata *utils.ResolutionMetadata) (*openfgapb.UsersetTree_Node, error) { ctx, span := query.tracer.Start(ctx, ""resolveUserset"") defer span.End() switch us := userset.Userset.(type) { case nil, *openfgapb.Userset_This: return query.resolveThis(ctx, store, tk, metadata) case *openfgapb.Userset_ComputedUserset: return query.resolveComputedUserset(ctx, us.ComputedUserset, tk, metadata) case *openfgapb.Userset_TupleToUserset: return query.resolveTupleToUserset(ctx, store, us.TupleToUserset, tk, metadata) case *openfgapb.Userset_Union: return query.resolveUnionUserset(ctx, store, modelID, us.Union, tk, metadata) case *openfgapb.Userset_Difference: return query.resolveDifferenceUserset(ctx, store, modelID, us.Difference, tk, metadata) case *openfgapb.Userset_Intersection: return query.resolveIntersectionUserset(ctx, store, modelID, us.Intersection, tk, metadata) default: return nil, serverErrors.UnsupportedUserSet } }",True,Go,resolveUserset,expand.go,https://github.com/openfga/openfga,openfga,GitHub,2022-10-20 16:29:12-06:00,"Merge pull request from GHSA-vj4m-83m8-xpw5

* fix: return error if wildcard is encountered in ttu evaluation

* chore: address one of maria's comments

* chore: fix public facing error message and test name

* fix: return error if '*' encountered in tupleset relation in Expand",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-39341,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3151,"func TestExpandQueryErrors(t *testing.T, datastore storage.OpenFGADatastore) { tests := []struct { name string typeDefinitions []*openfgapb.TypeDefinition tuples []*openfgapb.TupleKey request *openfgapb.ExpandRequest expected error }{ { name: ""missing object"", request: &openfgapb.ExpandRequest{ TupleKey: &openfgapb.TupleKey{ Relation: ""bar"", }, }, expected: serverErrors.InvalidExpandInput, }, { name: ""missing object id and type"", request: &openfgapb.ExpandRequest{ TupleKey: &openfgapb.TupleKey{ Object: "":"", Relation: ""bar"", }, }, expected: serverErrors.InvalidObjectFormat(&openfgapb.TupleKey{ Object: "":"", Relation: ""bar"", }), }, { name: ""missing object id"", request: &openfgapb.ExpandRequest{ TupleKey: &openfgapb.TupleKey{ Object: ""github:"", Relation: ""bar"", }, }, expected: serverErrors.InvalidObjectFormat(&openfgapb.TupleKey{ Object: ""github:"", Relation: ""bar"", }), }, { name: ""missing relation"", request: &openfgapb.ExpandRequest{ TupleKey: &openfgapb.TupleKey{ Object: ""bar"", }, }, expected: serverErrors.InvalidExpandInput, }, { name: ""type not found"", request: &openfgapb.ExpandRequest{ TupleKey: &openfgapb.TupleKey{ Object: ""foo:bar"", Relation: ""baz"", }, }, expected: serverErrors.TypeNotFound(""foo""), }, { name: ""relation not found"", typeDefinitions: []*openfgapb.TypeDefinition{ { Type: ""repo"", }, }, request: &openfgapb.ExpandRequest{ TupleKey: &openfgapb.TupleKey{ Object: ""repo:bar"", Relation: ""baz"", }, }, expected: serverErrors.RelationNotFound(""baz"", ""repo"", &openfgapb.TupleKey{ Object: ""repo:bar"", Relation: ""baz"", }), }, } require := require.New(t) ctx := context.Background() tracer := telemetry.NewNoopTracer() logger := logger.NewNoopLogger() for _, test := range tests { t.Run(test.name, func(t *testing.T) { store := testutils.CreateRandomString(20) modelID, err := setUp(ctx, store, datastore, test.typeDefinitions, test.tuples) require.NoError(err) query := commands.NewExpandQuery(datastore, tracer, logger) test.request.StoreId = store test.request.AuthorizationModelId = modelID _, err = query.Execute(ctx, test.request) if !errors.Is(err, test.expected) { t.Fatalf(""'%s': Execute(), err = %v, want %v"", test.name, err, test.expected) } }) } }",True,Go,TestExpandQueryErrors,expand.go,https://github.com/openfga/openfga,openfga,GitHub,2022-10-20 16:29:12-06:00,"Merge pull request from GHSA-vj4m-83m8-xpw5

* fix: return error if wildcard is encountered in ttu evaluation

* chore: address one of maria's comments

* chore: fix public facing error message and test name

* fix: return error if '*' encountered in tupleset relation in Expand",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-39341,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3153,"func isUsersetRewriteValid(allRelations map[string]struct{}, relationsOnType map[string]struct{}, objectType, relation string, rewrite *openfgapb.Userset) error { if rewrite.GetUserset() == nil { return InvalidRelationError(objectType, relation) } switch t := rewrite.GetUserset().(type) { case *openfgapb.Userset_ComputedUserset: computedUserset := t.ComputedUserset.GetRelation() if computedUserset == relation { return InvalidRelationError(objectType, relation) } if _, ok := relationsOnType[computedUserset]; !ok { return RelationDoesNotExistError(objectType, computedUserset) } case *openfgapb.Userset_TupleToUserset: tupleset := t.TupleToUserset.GetTupleset().GetRelation() if _, ok := relationsOnType[tupleset]; !ok { return RelationDoesNotExistError(objectType, tupleset) } computedUserset := t.TupleToUserset.GetComputedUserset().GetRelation() if _, ok := allRelations[computedUserset]; !ok { return RelationDoesNotExistError("""", computedUserset) } case *openfgapb.Userset_Union: for _, child := range t.Union.GetChild() { err := isUsersetRewriteValid(allRelations, relationsOnType, objectType, relation, child) if err != nil { return err } } case *openfgapb.Userset_Intersection: for _, child := range t.Intersection.GetChild() { err := isUsersetRewriteValid(allRelations, relationsOnType, objectType, relation, child) if err != nil { return err } } case *openfgapb.Userset_Difference: err := isUsersetRewriteValid(allRelations, relationsOnType, objectType, relation, t.Difference.Base) if err != nil { return err } err = isUsersetRewriteValid(allRelations, relationsOnType, objectType, relation, t.Difference.Subtract) if err != nil { return err } } return nil }",True,Go,isUsersetRewriteValid,typesystem.go,https://github.com/openfga/openfga,openfga,GitHub,2022-10-21 10:18:07-06:00,Merge pull request from GHSA-f4mm-2r69-mg5f,NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-39342,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3158,"func BuildService(config *Config, logger logger.Logger) (*service, error) { tracer := telemetry.NewNoopTracer() meter := telemetry.NewNoopMeter() tokenEncoder := encoder.NewTokenEncoder(encrypter.NewNoopEncrypter(), encoder.NewBase64Encoder()) var datastore storage.OpenFGADatastore var err error switch config.Datastore.Engine { case ""memory"": datastore = memory.New(tracer, config.MaxTuplesPerWrite, config.MaxTypesPerAuthorizationModel) case ""mysql"": opts := []mysql.MySQLOption{ mysql.WithLogger(logger), mysql.WithTracer(tracer), } datastore, err = mysql.NewMySQLDatastore(config.Datastore.URI, opts...) if err != nil { return nil, errors.Errorf(""failed to initialize mysql datastore: %v"", err) } case ""postgres"": opts := []postgres.PostgresOption{ postgres.WithLogger(logger), postgres.WithTracer(tracer), } datastore, err = postgres.NewPostgresDatastore(config.Datastore.URI, opts...) if err != nil { return nil, errors.Errorf(""failed to initialize postgres datastore: %v"", err) } default: return nil, errors.Errorf(""storage engine '%s' is unsupported"", config.Datastore.Engine) } logger.Info(fmt.Sprintf(""using '%v' storage engine"", config.Datastore.Engine)) var grpcTLSConfig *server.TLSConfig if config.GRPC.TLS.Enabled { if config.GRPC.TLS.CertPath == """" || config.GRPC.TLS.KeyPath == """" { return nil, ErrInvalidGRPCTLSConfig } grpcTLSConfig = &server.TLSConfig{ CertPath: config.GRPC.TLS.CertPath, KeyPath: config.GRPC.TLS.KeyPath, } logger.Info(""grpc TLS is enabled, serving connections using the provided certificate"") } else { logger.Warn(""grpc TLS is disabled, serving connections using insecure plaintext"") } var httpTLSConfig *server.TLSConfig if config.HTTP.TLS.Enabled { if config.HTTP.TLS.CertPath == """" || config.HTTP.TLS.KeyPath == """" { return nil, ErrInvalidHTTPTLSConfig } httpTLSConfig = &server.TLSConfig{ CertPath: config.HTTP.TLS.CertPath, KeyPath: config.HTTP.TLS.KeyPath, } logger.Info(""HTTP TLS is enabled, serving HTTP connections using the provided certificate"") } else { logger.Warn(""HTTP TLS is disabled, serving connections using insecure plaintext"") } var authenticator authn.Authenticator switch config.Authn.Method { case ""none"": logger.Warn(""authentication is disabled"") authenticator = authn.NoopAuthenticator{} case ""preshared"": logger.Info(""using 'preshared' authentication"") authenticator, err = presharedkey.NewPresharedKeyAuthenticator(config.Authn.Keys) case ""oidc"": logger.Info(""using 'oidc' authentication"") authenticator, err = oidc.NewRemoteOidcAuthenticator(config.Authn.Issuer, config.Authn.Audience) default: return nil, errors.Errorf(""unsupported authentication method '%v'"", config.Authn.Method) } if err != nil { return nil, errors.Errorf(""failed to initialize authenticator: %v"", err) } interceptors := []grpc.UnaryServerInterceptor{ grpc_auth.UnaryServerInterceptor(middleware.AuthFunc(authenticator)), middleware.NewErrorLoggingInterceptor(logger), } grpcHostAddr, grpcHostPort, err := net.SplitHostPort(config.GRPC.Addr) if err != nil { return nil, errors.Errorf(""`grpc.addr` config must be in the form [host]:port"") } if grpcHostAddr == """" { grpcHostAddr = ""0.0.0.0"" } grpcAddr, err := netip.ParseAddrPort(fmt.Sprintf(""%s:%s"", grpcHostAddr, grpcHostPort)) if err != nil { return nil, errors.Errorf(""failed to parse the 'grpc.addr' config: %v"", err) } httpHostAddr, httpHostPort, err := net.SplitHostPort(config.HTTP.Addr) if err != nil { return nil, errors.Errorf(""`http.addr` config must be in the form [host]:port"") } if httpHostAddr == """" { httpHostAddr = ""0.0.0.0"" } httpAddr, err := netip.ParseAddrPort(fmt.Sprintf(""%s:%s"", httpHostAddr, httpHostPort)) if err != nil { return nil, errors.Errorf(""failed to parse the 'http.addr' config: %v"", err) } openFgaServer, err := server.New(&server.Dependencies{ Datastore: caching.NewCachedOpenFGADatastore(datastore, config.Datastore.MaxCacheSize), Tracer: tracer, Logger: logger, Meter: meter, TokenEncoder: tokenEncoder, }, &server.Config{ GRPCServer: server.GRPCServerConfig{ Addr: grpcAddr, TLSConfig: grpcTLSConfig, }, HTTPServer: server.HTTPServerConfig{ Enabled: config.HTTP.Enabled, Addr: httpAddr, TLSConfig: httpTLSConfig, UpstreamTimeout: config.HTTP.UpstreamTimeout, CORSAllowedOrigins: config.HTTP.CORSAllowedOrigins, CORSAllowedHeaders: config.HTTP.CORSAllowedHeaders, }, ResolveNodeLimit: config.ResolveNodeLimit, ChangelogHorizonOffset: config.ChangelogHorizonOffset, ListObjectsDeadline: config.ListObjectsDeadline, ListObjectsMaxResults: config.ListObjectsMaxResults, UnaryInterceptors: interceptors, MuxOptions: nil, }) if err != nil { return nil, errors.Errorf(""failed to initialize openfga server: %v"", err) } return &service{ server: openFgaServer, grpcAddr: grpcAddr, httpAddr: httpAddr, datastore: datastore, authenticator: authenticator, }, nil }",True,Go,BuildService,service.go,https://github.com/openfga/openfga,openfga,GitHub,2022-10-21 09:19:48-07:00,"Merge pull request from GHSA-95x7-mh78-7w2r

* fix: add interceptors for streaming endpoints

* add tests

* remove unnecessary code",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-39340,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3163,"func (sp *ServiceProvider) ValidateLogoutResponseForm(postFormData string) error { rawResponseBuf, err := base64.StdEncoding.DecodeString(postFormData) if err != nil { return fmt.Errorf(""unable to parse base64: %s"", err) } if err := xrv.Validate(bytes.NewReader(rawResponseBuf)); err != nil { return fmt.Errorf(""response contains invalid XML: %s"", err) } var resp LogoutResponse if err := xml.Unmarshal(rawResponseBuf, &resp); err != nil { return fmt.Errorf(""cannot unmarshal response: %s"", err) } if err := sp.validateLogoutResponse(&resp); err != nil { return err } doc := etree.NewDocument() if err := doc.ReadFromBytes(rawResponseBuf); err != nil { return err } responseEl := doc.Root() return sp.validateSigned(responseEl) }",True,Go,ValidateLogoutResponseForm,service_provider.go,https://github.com/crewjam/saml,crewjam,GitHub,2022-11-28 08:48:29-05:00,"Merge pull request from GHSA-j2jp-wvqg-wc2g

* add test case (courtesy of fwilhelm)

* fix",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-41912,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3174,"func (sp *ServiceProvider) ParseXMLResponse(decodedResponseXML []byte, possibleRequestIDs []string) (*Assertion, error) { now := TimeNow() var err error retErr := &InvalidResponseError{ Now: now, Response: string(decodedResponseXML), } if err := xrv.Validate(bytes.NewReader(decodedResponseXML)); err != nil { retErr.PrivateErr = fmt.Errorf(""invalid xml: %s"", err) return nil, retErr } resp := Response{} if err := xml.Unmarshal(decodedResponseXML, &resp); err != nil { retErr.PrivateErr = fmt.Errorf(""cannot unmarshal response: %s"", err) return nil, retErr } doc := etree.NewDocument() if err := doc.ReadFromBytes(decodedResponseXML); err != nil { retErr.PrivateErr = err return nil, retErr } assertion, updatedResponse, err := sp.validateXMLResponse(&resp, doc.Root(), possibleRequestIDs, now, true) if err != nil { retErr.PrivateErr = err if updatedResponse != nil { retErr.Response = *updatedResponse } return nil, retErr } return assertion, nil }",True,Go,ParseXMLResponse,service_provider.go,https://github.com/crewjam/saml,crewjam,GitHub,2022-11-28 08:48:29-05:00,"Merge pull request from GHSA-j2jp-wvqg-wc2g

* add test case (courtesy of fwilhelm)

* fix",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-41912,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3176,"func (sp *ServiceProvider) validateSigned(responseEl *etree.Element) error { haveSignature := false sigEl, err := findChild(responseEl, ""http: if err != nil { return err } if sigEl != nil { if err = sp.validateSignature(responseEl); err != nil { return fmt.Errorf(""cannot validate signature on Response: %v"", err) } haveSignature = true } assertionEl, err := findChild(responseEl, ""urn:oasis:names:tc:SAML:2.0:assertion"", ""Assertion"") if err != nil { return err } if assertionEl != nil { sigEl, err := findChild(assertionEl, ""http: if err != nil { return err } if sigEl != nil { if err = sp.validateSignature(assertionEl); err != nil { return fmt.Errorf(""cannot validate signature on Response: %v"", err) } haveSignature = true } } if !haveSignature { return errors.New(""either the Response or Assertion must be signed"") } return nil }",True,Go,validateSigned,service_provider.go,https://github.com/crewjam/saml,crewjam,GitHub,2022-11-28 08:48:29-05:00,"Merge pull request from GHSA-j2jp-wvqg-wc2g

* add test case (courtesy of fwilhelm)

* fix",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-41912,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3177,"func findChild(parentEl *etree.Element, childNS string, childTag string) (*etree.Element, error) { for _, childEl := range parentEl.ChildElements() { if childEl.Tag != childTag { continue } ctx, err := etreeutils.NSBuildParentContext(childEl) if err != nil { return nil, err } ctx, err = ctx.SubContext(childEl) if err != nil { return nil, err } ns, err := ctx.LookupPrefix(childEl.Space) if err != nil { return nil, fmt.Errorf(""[%s]:%s cannot find prefix %s: %v"", childNS, childTag, childEl.Space, err) } if ns != childNS { continue } return childEl, nil } return nil, nil }",True,Go,findChild,service_provider.go,https://github.com/crewjam/saml,crewjam,GitHub,2022-11-28 08:48:29-05:00,"Merge pull request from GHSA-j2jp-wvqg-wc2g

* add test case (courtesy of fwilhelm)

* fix",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-41912,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3179,"func (sp *ServiceProvider) ParseResponse(req *http.Request, possibleRequestIDs []string) (*Assertion, error) { now := TimeNow() var assertion *Assertion retErr := &InvalidResponseError{ Now: now, Response: req.PostForm.Get(""SAMLResponse""), } if req.Form.Get(""SAMLart"") != """" { retErr.Response = req.Form.Get(""SAMLart"") req, err := sp.MakeArtifactResolveRequest(req.Form.Get(""SAMLart"")) if err != nil { retErr.PrivateErr = fmt.Errorf(""Cannot generate artifact resolution request: %s"", err) return nil, retErr } doc := etree.NewDocument() doc.SetRoot(req.SoapRequest()) var requestBuffer bytes.Buffer doc.WriteTo(&requestBuffer) client := sp.HTTPClient if client == nil { client = http.DefaultClient } response, err := client.Post(sp.GetArtifactBindingLocation(SOAPBinding), ""text/xml"", &requestBuffer) if err != nil { retErr.PrivateErr = fmt.Errorf(""Error during artifact resolution: %s"", err) return nil, retErr } defer response.Body.Close() if response.StatusCode != 200 { retErr.PrivateErr = fmt.Errorf(""Error during artifact resolution: HTTP status %d (%s)"", response.StatusCode, response.Status) return nil, retErr } rawResponseBuf, err := ioutil.ReadAll(response.Body) if err != nil { retErr.PrivateErr = fmt.Errorf(""Error during artifact resolution: %s"", err) return nil, retErr } assertion, err = sp.ParseXMLArtifactResponse(rawResponseBuf, possibleRequestIDs, req.ID) if err != nil { return nil, err } } else { rawResponseBuf, err := base64.StdEncoding.DecodeString(req.PostForm.Get(""SAMLResponse"")) if err != nil { retErr.PrivateErr = fmt.Errorf(""cannot parse base64: %s"", err) return nil, retErr } retErr.Response = string(rawResponseBuf) assertion, err = sp.ParseXMLResponse(rawResponseBuf, possibleRequestIDs) if err != nil { return nil, err } } return assertion, nil }",True,Go,ParseResponse,service_provider.go,https://github.com/crewjam/saml,crewjam,GitHub,2022-11-28 08:48:29-05:00,"Merge pull request from GHSA-j2jp-wvqg-wc2g

* add test case (courtesy of fwilhelm)

* fix",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-41912,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3181,"func (sp *ServiceProvider) ParseXMLArtifactResponse(decodedResponseXML []byte, possibleRequestIDs []string, artifactRequestID string) (*Assertion, error) { now := TimeNow() retErr := &InvalidResponseError{ Now: now, Response: string(decodedResponseXML), } if err := xrv.Validate(bytes.NewReader(decodedResponseXML)); err != nil { retErr.PrivateErr = fmt.Errorf(""invalid xml: %s"", err) return nil, retErr } envelope := &struct { XMLName xml.Name `xml:""http: Body struct { ArtifactResponse ArtifactResponse } `xml:""http: }{} if err := xml.Unmarshal(decodedResponseXML, &envelope); err != nil { retErr.PrivateErr = fmt.Errorf(""cannot unmarshal response: %s"", err) return nil, retErr } resp := envelope.Body.ArtifactResponse if resp.InResponseTo != artifactRequestID { retErr.PrivateErr = fmt.Errorf(""`InResponseTo` does not match the artifact request ID (expected %v)"", artifactRequestID) return nil, retErr } if resp.IssueInstant.Add(MaxIssueDelay).Before(now) { retErr.PrivateErr = fmt.Errorf(""response IssueInstant expired at %s"", resp.IssueInstant.Add(MaxIssueDelay)) return nil, retErr } if resp.Issuer != nil && resp.Issuer.Value != sp.IDPMetadata.EntityID { retErr.PrivateErr = fmt.Errorf(""response Issuer does not match the IDP metadata (expected %q)"", sp.IDPMetadata.EntityID) return nil, retErr } if resp.Status.StatusCode.Value != StatusSuccess { retErr.PrivateErr = ErrBadStatus{Status: resp.Status.StatusCode.Value} return nil, retErr } doc := etree.NewDocument() if err := doc.ReadFromBytes(decodedResponseXML); err != nil { retErr.PrivateErr = err return nil, retErr } artifactEl := doc.FindElement(""Envelope/Body/ArtifactResponse"") if artifactEl == nil { retErr.PrivateErr = fmt.Errorf(""missing ArtifactResponse"") return nil, retErr } responseEl := doc.FindElement(""Envelope/Body/ArtifactResponse/Response"") if responseEl == nil { retErr.PrivateErr = fmt.Errorf(""missing inner Response"") return nil, retErr } haveSignature := false var err error if err = sp.validateArtifactSigned(artifactEl); err != nil && err.Error() != ""either the Response or Assertion must be signed"" { retErr.PrivateErr = err return nil, retErr } if err == nil { haveSignature = true } assertion, updatedResponse, err := sp.validateXMLResponse(&resp.Response, responseEl, possibleRequestIDs, now, !haveSignature) if err != nil { retErr.PrivateErr = err if updatedResponse != nil { retErr.Response = *updatedResponse } return nil, retErr } return assertion, nil }",True,Go,ParseXMLArtifactResponse,service_provider.go,https://github.com/crewjam/saml,crewjam,GitHub,2022-11-28 08:48:29-05:00,"Merge pull request from GHSA-j2jp-wvqg-wc2g

* add test case (courtesy of fwilhelm)

* fix",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-41912,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3187,"func (sp *ServiceProvider) validateDestination(response *etree.Element, responseDom *Response) error { signed, err := responseIsSigned(response) if err != nil { return err } if signed || responseDom.Destination != """" { if responseDom.Destination != sp.AcsURL.String() { return fmt.Errorf(""`Destination` does not match AcsURL (expected %q, actual %q)"", sp.AcsURL.String(), responseDom.Destination) } } return nil }",True,Go,validateDestination,service_provider.go,https://github.com/crewjam/saml,crewjam,GitHub,2022-11-28 08:48:29-05:00,"Merge pull request from GHSA-j2jp-wvqg-wc2g

* add test case (courtesy of fwilhelm)

* fix",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-41912,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3189,"func (sp *ServiceProvider) ValidateLogoutResponseRedirect(queryParameterData string) error { rawResponseBuf, err := base64.StdEncoding.DecodeString(queryParameterData) if err != nil { return fmt.Errorf(""unable to parse base64: %s"", err) } gr, err := ioutil.ReadAll(flate.NewReader(bytes.NewBuffer(rawResponseBuf))) if err != nil { return err } if err := xrv.Validate(bytes.NewReader(gr)); err != nil { return err } decoder := xml.NewDecoder(bytes.NewReader(gr)) var resp LogoutResponse err = decoder.Decode(&resp) if err != nil { return fmt.Errorf(""unable to flate decode: %s"", err) } if err := sp.validateLogoutResponse(&resp); err != nil { return err } doc := etree.NewDocument() if _, err := doc.ReadFrom(bytes.NewReader(gr)); err != nil { return err } responseEl := doc.Root() return sp.validateSigned(responseEl) }",True,Go,ValidateLogoutResponseRedirect,service_provider.go,https://github.com/crewjam/saml,crewjam,GitHub,2022-11-28 08:48:29-05:00,"Merge pull request from GHSA-j2jp-wvqg-wc2g

* add test case (courtesy of fwilhelm)

* fix",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-41912,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3192,"func responseIsSigned(response *etree.Element) (bool, error) { signatureElement, err := findChild(response, ""http: if err != nil { return false, err } return signatureElement != nil, nil }",True,Go,responseIsSigned,service_provider.go,https://github.com/crewjam/saml,crewjam,GitHub,2022-11-28 08:48:29-05:00,"Merge pull request from GHSA-j2jp-wvqg-wc2g

* add test case (courtesy of fwilhelm)

* fix",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-41912,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3203,"func (sp *ServiceProvider) ValidateLogoutResponseRedirect(queryParameterData string) error { retErr := &InvalidResponseError{ Now: TimeNow(), } rawResponseBuf, err := base64.StdEncoding.DecodeString(queryParameterData) if err != nil { retErr.PrivateErr = fmt.Errorf(""unable to parse base64: %s"", err) return retErr } retErr.Response = string(rawResponseBuf) gr, err := ioutil.ReadAll(flate.NewReader(bytes.NewBuffer(rawResponseBuf))) if err != nil { retErr.PrivateErr = err return retErr } if err := xrv.Validate(bytes.NewReader(gr)); err != nil { return err } doc := etree.NewDocument() if err := doc.ReadFromBytes(rawResponseBuf); err != nil { retErr.PrivateErr = err return retErr } if err := sp.validateSignature(doc.Root()); err != nil { retErr.PrivateErr = err return retErr } var resp LogoutResponse if err := unmarshalElement(doc.Root(), &resp); err != nil { retErr.PrivateErr = err return retErr } if err := sp.validateLogoutResponse(&resp); err != nil { return err } return nil }",True,Go,ValidateLogoutResponseRedirect,service_provider.go,https://github.com/crewjam/saml,crewjam,GitHub,2023-03-22 15:22:00-04:00,"Merge pull request from GHSA-5mqj-xc49-246p

https://github.com/crewjam/saml/security/advisories/GHSA-5mqj-xc49-246p",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-28119,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3207,"func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { c, err := getConfig(u.tlsConfigPath) if err != nil { u.logger.Log(""msg"", ""Unable to parse configuration"", ""err"", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } for k, v := range c.HTTPConfig.Header { w.Header().Set(k, v) } if len(c.Users) == 0 { u.handler.ServeHTTP(w, r) return } user, pass, auth := r.BasicAuth() if auth { hashedPassword, validUser := c.Users[user] if !validUser { hashedPassword = ""$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi"" } cacheKey := hex.EncodeToString(append(append([]byte(user), []byte(hashedPassword)...), []byte(pass)...)) authOk, ok := u.cache.get(cacheKey) if !ok { u.bcryptMtx.Lock() err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass)) u.bcryptMtx.Unlock() authOk = err == nil u.cache.set(cacheKey, authOk) } if authOk && validUser { u.handler.ServeHTTP(w, r) return } } w.Header().Set(""WWW-Authenticate"", ""Basic"") http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) }",True,Go,ServeHTTP,handler.go,https://github.com/prometheus/exporter-toolkit,prometheus,GitHub,2022-11-29 10:22:49+01:00,"Merge pull request from GHSA-7rg2-cxvp-9p7p

* Fix authentication bypass if stored password hash is known

Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>

* Add test for CVE-2022-46146

Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>

Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-46146,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3208,"func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { c, err := getConfig(u.tlsConfigPath) if err != nil { u.logger.Log(""msg"", ""Unable to parse configuration"", ""err"", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } for k, v := range c.HTTPConfig.Header { w.Header().Set(k, v) } if len(c.Users) == 0 { u.handler.ServeHTTP(w, r) return } user, pass, auth := r.BasicAuth() if auth { hashedPassword, validUser := c.Users[user] if !validUser { hashedPassword = ""$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi"" } cacheKey := hex.EncodeToString(append(append([]byte(user), []byte(hashedPassword)...), []byte(pass)...)) authOk, ok := u.cache.get(cacheKey) if !ok { u.bcryptMtx.Lock() err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass)) u.bcryptMtx.Unlock() authOk = err == nil u.cache.set(cacheKey, authOk) } if authOk && validUser { u.handler.ServeHTTP(w, r) return } } w.Header().Set(""WWW-Authenticate"", ""Basic"") http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) }",True,Go,ServeHTTP,handler.go,https://github.com/prometheus/exporter-toolkit,prometheus,GitHub,2022-11-29 10:22:49+01:00,"Merge pull request from GHSA-7rg2-cxvp-9p7p

* Fix authentication bypass if stored password hash is known

Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>

* Add test for CVE-2022-46146

Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>

Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>",CWE-303,Incorrect Implementation of Authentication Algorithm,"The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.",https://cwe.mitre.org/data/definitions/303.html,CVE-2022-46146,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3216,"func NewManager(conf *runtime.Configuration, serviceManager serviceManager, middlewaresBuilder middlewareBuilder, chainBuilder *middleware.ChainBuilder, metricsRegistry metrics.Registry) *Manager { return &Manager{ routerHandlers: make(map[string]http.Handler), serviceManager: serviceManager, metricsRegistry: metricsRegistry, middlewaresBuilder: middlewaresBuilder, chainBuilder: chainBuilder, conf: conf, } }",True,Go,NewManager,router.go,https://github.com/traefik/traefik,traefik,GitHub,2022-12-06 18:28:05+01:00,"Handle broken TLS conf better

Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>",CWE-295,Improper Certificate Validation,"The product does not validate, or incorrectly validates, a certificate.",https://cwe.mitre.org/data/definitions/295.html,CVE-2022-46153,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3225,"func BenchmarkRouterServe(b *testing.B) { server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})) b.Cleanup(func() { server.Close() }) res := &http.Response{ StatusCode: http.StatusOK, Body: io.NopCloser(strings.NewReader("""")), } routersConfig := map[string]*dynamic.Router{ ""foo"": { EntryPoints: []string{""web""}, Service: ""foo-service"", Rule: ""Host(`foo.bar`) && Path(`/`)"", }, } serviceConfig := map[string]*dynamic.Service{ ""foo-service"": { LoadBalancer: &dynamic.ServersLoadBalancer{ Servers: []dynamic.Server{ { URL: server.URL, }, }, }, }, } entryPoints := []string{""web""} rtConf := runtime.NewConfig(dynamic.Configuration{ HTTP: &dynamic.HTTPConfiguration{ Services: serviceConfig, Routers: routersConfig, Middlewares: map[string]*dynamic.Middleware{}, }, }) serviceManager := service.NewManager(rtConf.Services, nil, nil, staticRoundTripperGetter{res}) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil) chainBuilder := middleware.NewChainBuilder(nil, nil, nil) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry()) handlers := routerManager.BuildHandlers(context.Background(), entryPoints, false) w := httptest.NewRecorder() req := testhelpers.MustNewRequest(http.MethodGet, ""http: reqHost := requestdecorator.New(nil) b.ReportAllocs() for i := 0; i < b.N; i++ { reqHost.ServeHTTP(w, req, handlers[""web""].ServeHTTP) } }",True,Go,BenchmarkRouterServe,router_test.go,https://github.com/traefik/traefik,traefik,GitHub,2022-12-06 18:28:05+01:00,"Handle broken TLS conf better

Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>",CWE-295,Improper Certificate Validation,"The product does not validate, or incorrectly validates, a certificate.",https://cwe.mitre.org/data/definitions/295.html,CVE-2022-46153,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3233,"func (r *Router) AddRouteTLS(rule string, priority int, target tcp.Handler, config *tls.Config) error { if config == nil { return r.muxerTCPTLS.AddRoute(rule, priority, target) } return r.muxerTCPTLS.AddRoute(rule, priority, &tcp.TLSHandler{ Next: target, Config: config, }) }",True,Go,AddRouteTLS,router.go,https://github.com/traefik/traefik,traefik,GitHub,2022-12-06 18:28:05+01:00,"Handle broken TLS conf better

Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>",CWE-295,Improper Certificate Validation,"The product does not validate, or incorrectly validates, a certificate.",https://cwe.mitre.org/data/definitions/295.html,CVE-2022-46153,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3235,"func clientHelloInfo(br *bufio.Reader) (*clientHello, error) { hdr, err := br.Peek(1) if err != nil { var opErr *net.OpError if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || opErr.Timeout()) { log.WithoutContext().Errorf(""Error while Peeking first byte: %s"", err) } return nil, err } const recordTypeSSLv2 = 0x80 const recordTypeHandshake = 0x16 if hdr[0] != recordTypeHandshake { if hdr[0] == recordTypeSSLv2 { return &clientHello{ isTLS: true, peeked: getPeeked(br), }, nil } return &clientHello{ peeked: getPeeked(br), }, nil } const recordHeaderLen = 5 hdr, err = br.Peek(recordHeaderLen) if err != nil { log.Errorf(""Error while Peeking hello: %s"", err) return &clientHello{ peeked: getPeeked(br), }, nil } recLen := int(hdr[3])<<8 | int(hdr[4]) if recordHeaderLen+recLen > defaultBufSize { br = bufio.NewReaderSize(br, recordHeaderLen+recLen) } helloBytes, err := br.Peek(recordHeaderLen + recLen) if err != nil { log.Errorf(""Error while Hello: %s"", err) return &clientHello{ isTLS: true, peeked: getPeeked(br), }, nil } sni := """" var protos []string server := tls.Server(helloSniffConn{r: bytes.NewReader(helloBytes)}, &tls.Config{ GetConfigForClient: func(hello *tls.ClientHelloInfo) (*tls.Config, error) { sni = hello.ServerName protos = hello.SupportedProtos return nil, nil }, }) _ = server.Handshake() return &clientHello{ serverName: sni, isTLS: true, peeked: getPeeked(br), protos: protos, }, nil }",True,Go,clientHelloInfo,router.go,https://github.com/traefik/traefik,traefik,GitHub,2022-12-06 18:28:05+01:00,"Handle broken TLS conf better

Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>",CWE-295,Improper Certificate Validation,"The product does not validate, or incorrectly validates, a certificate.",https://cwe.mitre.org/data/definitions/295.html,CVE-2022-46153,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3239,"func (f *RouterFactory) CreateRouters(rtConf *runtime.Configuration) (map[string]*tcprouter.Router, map[string]udptypes.Handler) { ctx := context.Background() serviceManager := f.managerFactory.Build(rtConf) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, f.pluginBuilder) routerManager := router.NewManager(rtConf, serviceManager, middlewaresBuilder, f.chainBuilder, f.metricsRegistry) handlersNonTLS := routerManager.BuildHandlers(ctx, f.entryPointsTCP, false) handlersTLS := routerManager.BuildHandlers(ctx, f.entryPointsTCP, true) serviceManager.LaunchHealthCheck() svcTCPManager := tcp.NewManager(rtConf) middlewaresTCPBuilder := tcpmiddleware.NewBuilder(rtConf.TCPMiddlewares) rtTCPManager := tcprouter.NewManager(rtConf, svcTCPManager, middlewaresTCPBuilder, handlersNonTLS, handlersTLS, f.tlsManager) routersTCP := rtTCPManager.BuildHandlers(ctx, f.entryPointsTCP) svcUDPManager := udp.NewManager(rtConf) rtUDPManager := udprouter.NewManager(rtConf, svcUDPManager) routersUDP := rtUDPManager.BuildHandlers(ctx, f.entryPointsUDP) rtConf.PopulateUsedBy() return routersTCP, routersUDP }",True,Go,CreateRouters,routerfactory.go,https://github.com/traefik/traefik,traefik,GitHub,2022-12-06 18:28:05+01:00,"Handle broken TLS conf better

Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>",CWE-295,Improper Certificate Validation,"The product does not validate, or incorrectly validates, a certificate.",https://cwe.mitre.org/data/definitions/295.html,CVE-2022-46153,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3241,"func (m *Manager) Get(storeName, configName string) (*tls.Config, error) { m.lock.RLock() defer m.lock.RUnlock() var tlsConfig *tls.Config var err error sniStrict := false config, ok := m.configs[configName] if ok { sniStrict = config.SniStrict tlsConfig, err = buildTLSConfig(config) } else { err = fmt.Errorf(""unknown TLS options: %s"", configName) } if err != nil { tlsConfig = &tls.Config{} } store := m.getStore(storeName) if store == nil { err = fmt.Errorf(""TLS store %s not found"", storeName) } acmeTLSStore := m.getStore(tlsalpn01.ACMETLS1Protocol) if acmeTLSStore == nil { err = fmt.Errorf(""ACME TLS store %s not found"", tlsalpn01.ACMETLS1Protocol) } tlsConfig.GetCertificate = func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) { domainToCheck := types.CanonicalDomain(clientHello.ServerName) if isACMETLS(clientHello) { certificate := acmeTLSStore.GetBestCertificate(clientHello) if certificate == nil { log.WithoutContext().Debugf(""TLS: no certificate for TLSALPN challenge: %s"", domainToCheck) return nil, nil } return certificate, nil } bestCertificate := store.GetBestCertificate(clientHello) if bestCertificate != nil { return bestCertificate, nil } if sniStrict { log.WithoutContext().Debugf(""TLS: strict SNI enabled - No certificate found for domain: %q, closing connection"", domainToCheck) return nil, nil } if store == nil { log.WithoutContext().Errorf(""TLS: No certificate store found with this name: %q, closing connection"", storeName) return nil, nil } log.WithoutContext().Debugf(""Serving default certificate for request: %q"", domainToCheck) return store.DefaultCertificate, nil } return tlsConfig, err }",True,Go,Get,tlsmanager.go,https://github.com/traefik/traefik,traefik,GitHub,2022-12-06 18:28:05+01:00,"Handle broken TLS conf better

Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>",CWE-295,Improper Certificate Validation,"The product does not validate, or incorrectly validates, a certificate.",https://cwe.mitre.org/data/definitions/295.html,CVE-2022-46153,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3244,"func TestManager_Get(t *testing.T) { dynamicConfigs := []*CertAndStores{{ Certificate: Certificate{ CertFile: localhostCert, KeyFile: localhostKey, }, }} tlsConfigs := map[string]Options{ ""foo"": {MinVersion: ""VersionTLS12""}, ""bar"": {MinVersion: ""VersionTLS11""}, } testCases := []struct { desc string tlsOptionsName string expectedMinVersion uint16 expectedError bool }{ { desc: ""Get a tls config from a valid name"", tlsOptionsName: ""foo"", expectedMinVersion: uint16(tls.VersionTLS12), }, { desc: ""Get another tls config from a valid name"", tlsOptionsName: ""bar"", expectedMinVersion: uint16(tls.VersionTLS11), }, { desc: ""Get an tls config from an invalid name"", tlsOptionsName: ""unknown"", expectedError: true, }, { desc: ""Get an tls config from unexisting 'default' name"", tlsOptionsName: ""default"", expectedError: true, }, } tlsManager := NewManager() tlsManager.UpdateConfigs(context.Background(), nil, tlsConfigs, dynamicConfigs) for _, test := range testCases { test := test t.Run(test.desc, func(t *testing.T) { t.Parallel() config, err := tlsManager.Get(""default"", test.tlsOptionsName) if test.expectedError { assert.Error(t, err) return } assert.NoError(t, err) assert.Equal(t, config.MinVersion, test.expectedMinVersion) }) } }",True,Go,TestManager_Get,tlsmanager_test.go,https://github.com/traefik/traefik,traefik,GitHub,2022-12-06 18:28:05+01:00,"Handle broken TLS conf better

Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>",CWE-295,Improper Certificate Validation,"The product does not validate, or incorrectly validates, a certificate.",https://cwe.mitre.org/data/definitions/295.html,CVE-2022-46153,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3246,"res, conflictErr = controllerutil.CreateOrUpdate(ctx, r.Client, ns, func() error { annotations := make(map[string]string) labels := map[string]string{ ""name"": namespace, capsuleLabel: tnt.GetName(), } if tnt.Spec.NamespaceOptions != nil && tnt.Spec.NamespaceOptions.AdditionalMetadata != nil { for k, v := range tnt.Spec.NamespaceOptions.AdditionalMetadata.Annotations { annotations[k] = v } } if tnt.Spec.NamespaceOptions != nil && tnt.Spec.NamespaceOptions.AdditionalMetadata != nil { for k, v := range tnt.Spec.NamespaceOptions.AdditionalMetadata.Labels { labels[k] = v } } if tnt.Spec.NodeSelector != nil { var selector []string for k, v := range tnt.Spec.NodeSelector { selector = append(selector, fmt.Sprintf(""%s=%s"", k, v)) } annotations[""scheduler.alpha.kubernetes.io/node-selector""] = strings.Join(selector, "","") } if tnt.Spec.IngressOptions.AllowedClasses != nil { if len(tnt.Spec.IngressOptions.AllowedClasses.Exact) > 0 { annotations[capsulev1beta1.AvailableIngressClassesAnnotation] = strings.Join(tnt.Spec.IngressOptions.AllowedClasses.Exact, "","") } if len(tnt.Spec.IngressOptions.AllowedClasses.Regex) > 0 { annotations[capsulev1beta1.AvailableIngressClassesRegexpAnnotation] = tnt.Spec.IngressOptions.AllowedClasses.Regex } } if tnt.Spec.StorageClasses != nil { if len(tnt.Spec.StorageClasses.Exact) > 0 { annotations[capsulev1beta1.AvailableStorageClassesAnnotation] = strings.Join(tnt.Spec.StorageClasses.Exact, "","") } if len(tnt.Spec.StorageClasses.Regex) > 0 { annotations[capsulev1beta1.AvailableStorageClassesRegexpAnnotation] = tnt.Spec.StorageClasses.Regex } } if tnt.Spec.ContainerRegistries != nil { if len(tnt.Spec.ContainerRegistries.Exact) > 0 { annotations[capsulev1beta1.AllowedRegistriesAnnotation] = strings.Join(tnt.Spec.ContainerRegistries.Exact, "","") } if len(tnt.Spec.ContainerRegistries.Regex) > 0 { annotations[capsulev1beta1.AllowedRegistriesRegexpAnnotation] = tnt.Spec.ContainerRegistries.Regex } } if value, ok := tnt.Annotations[capsulev1beta1.ForbiddenNamespaceLabelsAnnotation]; ok { annotations[capsulev1beta1.ForbiddenNamespaceLabelsAnnotation] = value } if value, ok := tnt.Annotations[capsulev1beta1.ForbiddenNamespaceLabelsRegexpAnnotation]; ok { annotations[capsulev1beta1.ForbiddenNamespaceLabelsRegexpAnnotation] = value } if value, ok := tnt.Annotations[capsulev1beta1.ForbiddenNamespaceAnnotationsAnnotation]; ok { annotations[capsulev1beta1.ForbiddenNamespaceAnnotationsAnnotation] = value } if value, ok := tnt.Annotations[capsulev1beta1.ForbiddenNamespaceAnnotationsRegexpAnnotation]; ok { annotations[capsulev1beta1.ForbiddenNamespaceAnnotationsRegexpAnnotation] = value } if ns.Annotations == nil { ns.SetAnnotations(annotations) } else { for k, v := range annotations { ns.Annotations[k] = v } } if ns.Labels == nil { ns.SetLabels(labels) } else { for k, v := range labels { ns.Labels[k] = v } } return nil })",True,Go,error,namespaces.go,https://github.com/clastix/capsule,clastix,Dario Tranchitella,2022-12-02 15:19:06+01:00,fix: preventing serviceaccount privilege escalation,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-46167,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3250,"return func(ctx context.Context, req admission.Request) *admission.Response { tntList := &capsulev1beta1.TenantList{} if err := c.List(ctx, tntList, client.MatchingFieldsSelector{ Selector: fields.OneTermEqualSelector("".status.namespaces"", req.Name), }); err != nil { return utils.ErroredResponse(err) } if len(tntList.Items) == 0 { return nil } tnt := tntList.Items[0] if tnt.IsCordoned() && utils.IsCapsuleUser(req, r.configuration.UserGroups()) { recorder.Eventf(&tnt, corev1.EventTypeWarning, ""TenantFreezed"", ""Namespace %s cannot be deleted, the current Tenant is freezed"", req.Name) response := admission.Denied(""the selected Tenant is freezed"") return &response } return nil } }",True,Go,*,freezed.go,https://github.com/clastix/capsule,clastix,Dario Tranchitella,2022-12-02 15:19:06+01:00,fix: preventing serviceaccount privilege escalation,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-46167,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3258,"func (h *cordoningHandler) cordonHandler(ctx context.Context, clt client.Client, req admission.Request, recorder record.EventRecorder) *admission.Response { tntList := &capsulev1beta1.TenantList{} if err := clt.List(ctx, tntList, client.MatchingFieldsSelector{ Selector: fields.OneTermEqualSelector("".status.namespaces"", req.Namespace), }); err != nil { return utils.ErroredResponse(err) } if len(tntList.Items) == 0 { return nil } tnt := tntList.Items[0] if tnt.IsCordoned() && utils.IsCapsuleUser(req, h.configuration.UserGroups()) { recorder.Eventf(&tnt, corev1.EventTypeWarning, ""TenantFreezed"", ""%s %s/%s cannot be %sd, current Tenant is freezed"", req.Kind.String(), req.Namespace, req.Name, strings.ToLower(string(req.Operation))) response := admission.Denied(fmt.Sprintf(""tenant %s is freezed: please, reach out to the system administrator"", tnt.GetName())) return &response } return nil }",True,Go,cordonHandler,cordoning.go,https://github.com/clastix/capsule,clastix,Dario Tranchitella,2022-12-02 15:19:06+01:00,fix: preventing serviceaccount privilege escalation,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-46167,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3262,"func IsCapsuleUser(req admission.Request, userGroups []string) bool { groupList := utils.NewUserGroupList(req.UserInfo.Groups) if groupList.Find(""system:serviceaccounts:kube-system"") { return false } for _, group := range userGroups { if groupList.Find(group) { return true } } return false }",True,Go,IsCapsuleUser,is_capsule_user.go,https://github.com/clastix/capsule,clastix,Dario Tranchitella,2022-12-02 15:19:06+01:00,fix: preventing serviceaccount privilege escalation,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-46167,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3271,"func ConvertDocx(r io.Reader) (string, map[string]string, error) { var size int64 var ra io.ReaderAt if f, ok := r.(interface { io.ReaderAt Stat() (os.FileInfo, error) }); ok { si, err := f.Stat() if err != nil { return """", nil, err } size = si.Size() ra = f } else { b, err := ioutil.ReadAll(r) if err != nil { return """", nil, nil } size = int64(len(b)) ra = bytes.NewReader(b) } zr, err := zip.NewReader(ra, size) if err != nil { return """", nil, fmt.Errorf(""error unzipping data: %v"", err) } zipFiles := mapZipFiles(zr.File) contentTypeDefinition, err := getContentTypeDefinition(zipFiles[""[Content_Types].xml""]) if err != nil { return """", nil, err } meta := make(map[string]string) var textHeader, textBody, textFooter string for _, override := range contentTypeDefinition.Overrides { f := zipFiles[override.PartName] switch { case override.ContentType == ""application/vnd.openxmlformats-package.core-properties+xml"": rc, err := f.Open() if err != nil { return """", nil, fmt.Errorf(""error opening '%v' from archive: %v"", f.Name, err) } defer rc.Close() meta, err = XMLToMap(rc) if err != nil { return """", nil, fmt.Errorf(""error parsing '%v': %v"", f.Name, err) } if tmp, ok := meta[""modified""]; ok { if t, err := time.Parse(time.RFC3339, tmp); err == nil { meta[""ModifiedDate""] = fmt.Sprintf(""%d"", t.Unix()) } } if tmp, ok := meta[""created""]; ok { if t, err := time.Parse(time.RFC3339, tmp); err == nil { meta[""CreatedDate""] = fmt.Sprintf(""%d"", t.Unix()) } } case override.ContentType == ""application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml"": body, err := parseDocxText(f) if err != nil { return """", nil, err } textBody += body + ""\n"" case override.ContentType == ""application/vnd.openxmlformats-officedocument.wordprocessingml.footer+xml"": footer, err := parseDocxText(f) if err != nil { return """", nil, err } textFooter += footer + ""\n"" case override.ContentType == ""application/vnd.openxmlformats-officedocument.wordprocessingml.header+xml"": header, err := parseDocxText(f) if err != nil { return """", nil, err } textHeader += header + ""\n"" } } return textHeader + ""\n"" + textBody + ""\n"" + textFooter, meta, nil }",True,Go,ConvertDocx,docx.go,https://github.com/sajari/docconv,sajari,GitHub,2022-07-18 15:47:08+10:00,"fix unbounded memory consumption vulnerability (#111)

Co-authored-by: Helena Mariano <31138349+helenamariano@users.noreply.github.com>",CWE-789,Memory Allocation with Excessive Size Value,"The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.",https://cwe.mitre.org/data/definitions/789.html,CVE-2022-4741,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3272,"func ConvertODT(r io.Reader) (string, map[string]string, error) { meta := make(map[string]string) var textBody string b, err := ioutil.ReadAll(r) if err != nil { return """", nil, err } zr, err := zip.NewReader(bytes.NewReader(b), int64(len(b))) if err != nil { return """", nil, fmt.Errorf(""error unzipping data: %v"", err) } for _, f := range zr.File { switch f.Name { case ""meta.xml"": rc, err := f.Open() if err != nil { return """", nil, fmt.Errorf(""error extracting '%v' from archive: %v"", f.Name, err) } defer rc.Close() info, err := XMLToMap(rc) if err != nil { return """", nil, fmt.Errorf(""error parsing '%v': %v"", f.Name, err) } if tmp, ok := info[""creator""]; ok { meta[""Author""] = tmp } if tmp, ok := info[""date""]; ok { if t, err := time.Parse(""2006-01-02T15:04:05"", tmp); err == nil { meta[""ModifiedDate""] = fmt.Sprintf(""%d"", t.Unix()) } } if tmp, ok := info[""creation-date""]; ok { if t, err := time.Parse(""2006-01-02T15:04:05"", tmp); err == nil { meta[""CreatedDate""] = fmt.Sprintf(""%d"", t.Unix()) } } case ""content.xml"": rc, err := f.Open() if err != nil { return """", nil, fmt.Errorf(""error extracting '%v' from archive: %v"", f.Name, err) } defer rc.Close() textBody, err = XMLToText(rc, []string{""br"", ""p"", ""tab""}, []string{}, true) if err != nil { return """", nil, fmt.Errorf(""error parsing '%v': %v"", f.Name, err) } } } return textBody, meta, nil }",True,Go,ConvertODT,odt.go,https://github.com/sajari/docconv,sajari,GitHub,2022-07-18 15:47:08+10:00,"fix unbounded memory consumption vulnerability (#111)

Co-authored-by: Helena Mariano <31138349+helenamariano@users.noreply.github.com>",CWE-789,Memory Allocation with Excessive Size Value,"The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.",https://cwe.mitre.org/data/definitions/789.html,CVE-2022-4741,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3274,"func ConvertPages(r io.Reader) (string, map[string]string, error) { meta := make(map[string]string) var textBody string b, err := ioutil.ReadAll(r) if err != nil { return """", nil, fmt.Errorf(""error reading data: %v"", err) } zr, err := zip.NewReader(bytes.NewReader(b), int64(len(b))) if err != nil { return """", nil, fmt.Errorf(""error unzipping data: %v"", err) } for _, f := range zr.File { if strings.HasSuffix(f.Name, ""Preview.pdf"") { if rc, err := f.Open(); err == nil { return ConvertPDF(rc) } } if f.Name == ""index.xml"" { if rc, err := f.Open(); err == nil { return ConvertXML(rc) } } if f.Name == ""Index/Document.iwa"" { rc, _ := f.Open() defer rc.Close() bReader := bufio.NewReader(snappy.NewReader(io.MultiReader(strings.NewReader(""\xff\x06\x00\x00sNaPpY""), rc))) archiveLength, _ := binary.ReadVarint(bReader) archiveInfoData, _ := ioutil.ReadAll(io.LimitReader(bReader, archiveLength)) archiveInfo := &TSP.ArchiveInfo{} err = proto.Unmarshal(archiveInfoData, archiveInfo) fmt.Println(""archiveInfo:"", archiveInfo, err) } } return textBody, meta, nil }",True,Go,ConvertPages,pages.go,https://github.com/sajari/docconv,sajari,GitHub,2022-07-18 15:47:08+10:00,"fix unbounded memory consumption vulnerability (#111)

Co-authored-by: Helena Mariano <31138349+helenamariano@users.noreply.github.com>",CWE-789,Memory Allocation with Excessive Size Value,"The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.",https://cwe.mitre.org/data/definitions/789.html,CVE-2022-4741,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3276,"func XMLToText(r io.Reader, breaks []string, skip []string, strict bool) (string, error) { var result string dec := xml.NewDecoder(r) dec.Strict = strict for { t, err := dec.Token() if err != nil { if err == io.EOF { break } return """", err } switch v := t.(type) { case xml.CharData: result += string(v) case xml.StartElement: for _, breakElement := range breaks { if v.Name.Local == breakElement { result += ""\n"" } } for _, skipElement := range skip { if v.Name.Local == skipElement { depth := 1 for { t, err := dec.Token() if err != nil { return """", err } switch t.(type) { case xml.StartElement: depth++ case xml.EndElement: depth-- } if depth == 0 { break } } } } } } return result, nil }",True,Go,XMLToText,xml.go,https://github.com/sajari/docconv,sajari,GitHub,2022-07-18 15:47:08+10:00,"fix unbounded memory consumption vulnerability (#111)

Co-authored-by: Helena Mariano <31138349+helenamariano@users.noreply.github.com>",CWE-789,Memory Allocation with Excessive Size Value,"The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.",https://cwe.mitre.org/data/definitions/789.html,CVE-2022-4741,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3283,"func (vc *VoteController) VoteDown(ctx *gin.Context) { req := &schema.VoteReq{} if handler.BindAndCheck(ctx, req) { return } req.ObjectID = uid.DeShortID(req.ObjectID) req.UserID = middleware.GetLoginUserIDFromContext(ctx) can, needRank, err := vc.rankService.CheckVotePermission(ctx, req.UserID, req.ObjectID, false) if err != nil { handler.HandleResponse(ctx, err, nil) return } if !can { lang := handler.GetLang(ctx) msg := translator.TrWithData(lang, reason.NoEnoughRankToOperate, &schema.PermissionTrTplData{Rank: needRank}) handler.HandleResponse(ctx, errors.Forbidden(reason.NoEnoughRankToOperate).WithMsg(msg), nil) return } dto := &schema.VoteDTO{} _ = copier.Copy(dto, req) resp, err := vc.VoteService.VoteDown(ctx, dto) if err != nil { handler.HandleResponse(ctx, err, schema.ErrTypeToast) } else { handler.HandleResponse(ctx, err, resp) } }",True,Go,VoteDown,vote_controller.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3285,"func (vc *VoteController) VoteUp(ctx *gin.Context) { req := &schema.VoteReq{} if handler.BindAndCheck(ctx, req) { return } req.ObjectID = uid.DeShortID(req.ObjectID) req.UserID = middleware.GetLoginUserIDFromContext(ctx) can, needRank, err := vc.rankService.CheckVotePermission(ctx, req.UserID, req.ObjectID, true) if err != nil { handler.HandleResponse(ctx, err, nil) return } if !can { lang := handler.GetLang(ctx) msg := translator.TrWithData(lang, reason.NoEnoughRankToOperate, &schema.PermissionTrTplData{Rank: needRank}) handler.HandleResponse(ctx, errors.Forbidden(reason.NoEnoughRankToOperate).WithMsg(msg), nil) return } dto := &schema.VoteDTO{} _ = copier.Copy(dto, req) resp, err := vc.VoteService.VoteUp(ctx, dto) if err != nil { handler.HandleResponse(ctx, err, schema.ErrTypeToast) } else { handler.HandleResponse(ctx, err, resp) } }",True,Go,VoteUp,vote_controller.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3287,"func (ar *AnswerActivityRepo) DeleteAnswer(ctx context.Context, answerID string) (err error) { answerInfo := &entity.Answer{} exist, err := ar.data.DB.Context(ctx).Where(""id = ?"", answerID).Get(answerInfo) if err != nil { return errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } if !exist { return nil } activityList := make([]*entity.Activity, 0) session := ar.data.DB.Context(ctx).Where(""has_rank = 1"") session.Where(""cancelled = ?"", entity.ActivityAvailable) err = session.Find(&activityList, &entity.Activity{ObjectID: answerID}) if err != nil { return errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } if len(activityList) == 0 { return nil } log.Infof(""answerInfo %s deleted will rollback activity %d"", answerID, len(activityList)) _, err = ar.data.DB.Transaction(func(session *xorm.Session) (result any, err error) { session = session.Context(ctx) for _, act := range activityList { log.Infof(""user %s rollback rank %d"", act.UserID, -act.Rank) _, e := ar.userRankRepo.TriggerUserRank( ctx, session, act.UserID, -act.Rank, act.ActivityType) if e != nil { return nil, errors.InternalServer(reason.DatabaseError).WithError(e).WithStack() } if _, e := session.Where(""id = ?"", act.ID).Cols(""cancelled"", ""cancelled_at""). Update(&entity.Activity{Cancelled: entity.ActivityCancelled, CancelledAt: time.Now()}); e != nil { return nil, errors.InternalServer(reason.DatabaseError).WithError(e).WithStack() } } return nil, nil }) if err != nil { return err } return }",True,Go,DeleteAnswer,answer_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3288,"func (ar *AnswerActivityRepo) DeleteQuestion(ctx context.Context, questionID string) (err error) { questionInfo := &entity.Question{} exist, err := ar.data.DB.Context(ctx).Where(""id = ?"", questionID).Get(questionInfo) if err != nil { return errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } if !exist { return nil } activityList := make([]*entity.Activity, 0) session := ar.data.DB.Context(ctx).Where(""has_rank = 1"") session.Where(""cancelled = ?"", entity.ActivityAvailable) err = session.Find(&activityList, &entity.Activity{ObjectID: questionID}) if err != nil { return errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } if len(activityList) == 0 { return nil } log.Infof(""questionInfo %s deleted will rollback activity %d"", questionID, len(activityList)) _, err = ar.data.DB.Transaction(func(session *xorm.Session) (result any, err error) { session = session.Context(ctx) for _, act := range activityList { log.Infof(""user %s rollback rank %d"", act.UserID, -act.Rank) _, e := ar.userRankRepo.TriggerUserRank( ctx, session, act.UserID, -act.Rank, act.ActivityType) if e != nil { return nil, errors.InternalServer(reason.DatabaseError).WithError(e).WithStack() } if _, e := session.Where(""id = ?"", act.ID).Cols(""cancelled"", ""cancelled_at""). Update(&entity.Activity{Cancelled: entity.ActivityCancelled, CancelledAt: time.Now()}); e != nil { return nil, errors.InternalServer(reason.DatabaseError).WithError(e).WithStack() } } return nil, nil }) if err != nil { return err } answerList := make([]*entity.Answer, 0) err = ar.data.DB.Context(ctx).Find(&answerList, &entity.Answer{QuestionID: questionID}) if err != nil { return errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } for _, answerInfo := range answerList { err = ar.DeleteAnswer(ctx, answerInfo.ID) if err != nil { log.Error(err) } } return }",True,Go,DeleteQuestion,answer_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3289,"func (ar *FollowRepo) FollowCancel(ctx context.Context, objectID, userID string) error { objectTypeStr, err := obj.GetObjectTypeStrByObjectID(objectID) if err != nil { return errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } activityType, err := ar.activityRepo.GetActivityTypeByObjKey(ctx, objectTypeStr, ""follow"") if err != nil { return err } _, err = ar.data.DB.Transaction(func(session *xorm.Session) (result any, err error) { session = session.Context(ctx) var ( existsActivity entity.Activity has bool ) result = nil has, err = session.Where(builder.Eq{""activity_type"": activityType}). And(builder.Eq{""user_id"": userID}). And(builder.Eq{""object_id"": objectID}). Get(&existsActivity) if err != nil || !has { return } if has && existsActivity.Cancelled == entity.ActivityCancelled { return } if _, err = session.Where(""id = ?"", existsActivity.ID). Cols(""cancelled""). Update(&entity.Activity{ Cancelled: entity.ActivityCancelled, CancelledAt: time.Now(), }); err != nil { return } err = ar.updateFollows(ctx, session, objectID, -1) return }) return err }",True,Go,FollowCancel,follow_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3290,"func (ar *FollowRepo) Follow(ctx context.Context, objectID, userID string) error { objectTypeStr, err := obj.GetObjectTypeStrByObjectID(objectID) if err != nil { return errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } activityType, err := ar.activityRepo.GetActivityTypeByObjKey(ctx, objectTypeStr, ""follow"") if err != nil { return err } _, err = ar.data.DB.Transaction(func(session *xorm.Session) (result any, err error) { session = session.Context(ctx) var ( existsActivity entity.Activity has bool ) result = nil has, err = session.Where(builder.Eq{""activity_type"": activityType}). And(builder.Eq{""user_id"": userID}). And(builder.Eq{""object_id"": objectID}). Get(&existsActivity) if err != nil { return } if has && existsActivity.Cancelled == entity.ActivityAvailable { return } if has { _, err = session.Where(builder.Eq{""id"": existsActivity.ID}). Cols(`cancelled`). Update(&entity.Activity{ Cancelled: entity.ActivityAvailable, }) } else { _, err = session.Insert(&entity.Activity{ UserID: userID, ObjectID: objectID, OriginalObjectID: objectID, ActivityType: activityType, Cancelled: entity.ActivityAvailable, Rank: 0, HasRank: 0, }) } if err != nil { log.Error(err) return } err = ar.updateFollows(ctx, session, objectID, 1) if err != nil { log.Error(err) } return }) return err }",True,Go,Follow,follow_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3294,"func (ar *UserActiveActivityRepo) UserActive(ctx context.Context, userID string) (err error) { cfg, err := ar.configService.GetConfigByKey(ctx, UserActivated) if err != nil { return err } activityType := cfg.ID deltaRank := cfg.GetIntValue() addActivity := &entity.Activity{ UserID: userID, ObjectID: ""0"", OriginalObjectID: ""0"", ActivityType: activityType, Rank: deltaRank, HasRank: 1, } _, err = ar.data.DB.Transaction(func(session *xorm.Session) (result any, err error) { session = session.Context(ctx) _, exists, err := ar.activityRepo.GetActivity(ctx, session, ""0"", addActivity.UserID, activityType) if err != nil { return nil, errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } if exists { return nil, nil } _, err = ar.userRankRepo.TriggerUserRank(ctx, session, addActivity.UserID, addActivity.Rank, activityType) if err != nil { return nil, errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } _, err = session.Insert(addActivity) if err != nil { return nil, errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } return nil, nil }) return err }",True,Go,UserActive,user_active_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3296,"func (vr *VoteRepo) VoteDown(ctx context.Context, objectID string, userID, objectUserID string) (resp *schema.VoteResp, err error) { resp = &schema.VoteResp{} objectType, err := obj.GetObjectTypeStrByObjectID(objectID) if err != nil { err = errors.BadRequest(reason.ObjectNotFound) return } actions, ok := LimitDownActions[objectType] if !ok { err = errors.BadRequest(reason.DisallowVote) return } _, _ = vr.VoteUpCancel(ctx, objectID, userID, objectUserID) return vr.vote(ctx, objectID, userID, objectUserID, actions) }",True,Go,VoteDown,vote_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3306,"func (vr *VoteRepo) VoteDownCancel(ctx context.Context, objectID string, userID, objectUserID string) (resp *schema.VoteResp, err error) { var objectType string resp = &schema.VoteResp{} objectType, err = obj.GetObjectTypeStrByObjectID(objectID) if err != nil { err = errors.BadRequest(reason.ObjectNotFound) return } actions, ok := LimitDownActions[objectType] if !ok { err = errors.BadRequest(reason.DisallowVote) return } return vr.voteCancel(ctx, objectID, userID, objectUserID, actions) }",True,Go,VoteDownCancel,vote_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3310,"func (vr *VoteRepo) CheckRank(ctx context.Context, objectID, objectUserID, userID string, action string) (activityUserID string, activityType, rank, hasRank int, err error) { activityType, rank, hasRank, err = vr.activityRepo.GetActivityTypeByObjID(ctx, objectID, action) if err != nil { return } activityUserID = userID if strings.Contains(action, ""voted"") { activityUserID = objectUserID } return activityUserID, activityType, rank, hasRank, nil }",True,Go,CheckRank,vote_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3314,"func (vr *VoteRepo) VoteUp(ctx context.Context, objectID string, userID, objectUserID string) (resp *schema.VoteResp, err error) { resp = &schema.VoteResp{} objectType, err := obj.GetObjectTypeStrByObjectID(objectID) if err != nil { err = errors.BadRequest(reason.ObjectNotFound) return } actions, ok := LimitUpActions[objectType] if !ok { err = errors.BadRequest(reason.DisallowVote) return } _, _ = vr.VoteDownCancel(ctx, objectID, userID, objectUserID) return vr.vote(ctx, objectID, userID, objectUserID, actions) }",True,Go,VoteUp,vote_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3316,"func (vr *VoteRepo) VoteUpCancel(ctx context.Context, objectID string, userID, objectUserID string) (resp *schema.VoteResp, err error) { var objectType string resp = &schema.VoteResp{} objectType, err = obj.GetObjectTypeStrByObjectID(objectID) if err != nil { err = errors.BadRequest(reason.ObjectNotFound) return } actions, ok := LimitUpActions[objectType] if !ok { err = errors.BadRequest(reason.DisallowVote) return } return vr.voteCancel(ctx, objectID, userID, objectUserID, actions) }",True,Go,VoteUpCancel,vote_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3322,"func (vr *VoteRepo) GetVoteResultByObjectId(ctx context.Context, objectID string) (resp *schema.VoteResp, err error) { resp = &schema.VoteResp{} for _, action := range []string{""vote_up"", ""vote_down""} { var ( activity entity.Activity votes int64 activityType int ) activityType, _, _, _ = vr.activityRepo.GetActivityTypeByObjID(ctx, objectID, action) votes, err = vr.data.DB.Context(ctx).Where(builder.Eq{""object_id"": objectID}). And(builder.Eq{""activity_type"": activityType}). And(builder.Eq{""cancelled"": 0}). Count(&activity) if err != nil { return } if action == ""vote_up"" { resp.UpVotes = int(votes) } else { resp.DownVotes = int(votes) } } resp.Votes = resp.UpVotes - resp.DownVotes return resp, nil }",True,Go,GetVoteResultByObjectId,vote_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3326,"func (ar *ActivityRepo) GetActivityTypeByObjID(ctx context.Context, objectID string, action string) ( activityType, rank, hasRank int, err error) { objectKey, err := obj.GetObjectTypeStrByObjectID(objectID) if err != nil { return } confKey := fmt.Sprintf(""%s.%s"", objectKey, action) cfg, err := ar.configService.GetConfigByKey(ctx, confKey) if err != nil { return } activityType, rank = cfg.ID, cfg.GetIntValue() hasRank = 0 if rank != 0 { hasRank = 1 } return }",True,Go,GetActivityTypeByObjID,activity_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3329,"func (ar *FollowRepo) GetFollowIDs(ctx context.Context, userID, objectKey string) (followIDs []string, err error) { followIDs = make([]string, 0) activityType, err := ar.activityRepo.GetActivityTypeByObjKey(ctx, objectKey, ""follow"") if err != nil { return nil, errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } session := ar.data.DB.Context(ctx).Select(""object_id"") session.Table(entity.Activity{}.TableName()) session.Where(""user_id = ? AND activity_type = ?"", userID, activityType) session.Where(""cancelled = 0"") err = session.Find(&followIDs) if err != nil { return nil, errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } return followIDs, nil }",True,Go,GetFollowIDs,follow.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3331,"func (ar *FollowRepo) GetFollowUserIDs(ctx context.Context, objectID string) (userIDs []string, err error) { objectTypeStr, err := obj.GetObjectTypeStrByObjectID(objectID) if err != nil { return nil, err } activityType, err := ar.activityRepo.GetActivityTypeByObjKey(ctx, objectTypeStr, ""follow"") if err != nil { log.Errorf(""can't get activity type by object key: %s"", objectTypeStr) return nil, err } userIDs = make([]string, 0) session := ar.data.DB.Context(ctx).Select(""user_id"") session.Table(entity.Activity{}.TableName()) session.Where(""object_id = ?"", objectID) session.Where(""activity_type = ?"", activityType) session.Where(""cancelled = 0"") err = session.Find(&userIDs) if err != nil { return nil, errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } return userIDs, nil }",True,Go,GetFollowUserIDs,follow.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3338,"func (ur *UserRankRepo) TriggerUserRank(ctx context.Context, session *xorm.Session, userID string, deltaRank int, activityType int, ) (isReachStandard bool, err error) { if plugin.RankAgentEnabled() { return false, nil } if deltaRank == 0 { return false, nil } if deltaRank < 0 { var isReachMin bool isReachMin, err = ur.checkUserMinRank(ctx, session, userID, deltaRank) if err != nil { return false, errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } if isReachMin { _, err = session.Where(builder.Eq{""id"": userID}).Update(&entity.User{Rank: 1}) if err != nil { return false, errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } return true, nil } } else { isReachStandard, err = ur.checkUserTodayRank(ctx, session, userID, activityType) if err != nil { return false, errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } if isReachStandard { return isReachStandard, nil } } _, err = session.Where(builder.Eq{""id"": userID}).Incr(""`rank`"", deltaRank).Update(&entity.User{}) if err != nil { return false, errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } return false, nil }",True,Go,TriggerUserRank,user_rank_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3340,"func (ur *userRepo) GetByUsernames(ctx context.Context, usernames []string) ([]*entity.User, error) { list := make([]*entity.User, 0) err := ur.data.DB.Where(""status =?"", entity.UserStatusAvailable).In(""username"", usernames).Find(&list) if err != nil { err = errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() return list, err } tryToDecorateUserListFromUserCenter(ctx, ur.data, list) return list, nil }",True,Go,GetByUsernames,user_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3343,"func (as *AnswerActivityService) DeleteQuestion(ctx context.Context, questionID string, createdAt time.Time, voteCount int) (err error) { if voteCount >= 3 { log.Infof(""There is no need to roll back the reputation by answering likes above the target value. %s %d"", questionID, voteCount) return nil } if createdAt.Before(time.Now().AddDate(0, 0, -60)) { log.Infof(""There is no need to roll back the reputation by answer's existence time meets the target. %s %s"", questionID, createdAt.String()) return nil } return as.questionActivityRepo.DeleteQuestion(ctx, questionID) }",True,Go,DeleteQuestion,answer_activity.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3344,"func NewAnswerActivityService( answerActivityRepo AnswerActivityRepo, questionActivityRepo QuestionActivityRepo) *AnswerActivityService { return &AnswerActivityService{ answerActivityRepo: answerActivityRepo, questionActivityRepo: questionActivityRepo, } }",True,Go,NewAnswerActivityService,answer_activity.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3345,"func (as *AnswerActivityService) DeleteAnswer(ctx context.Context, answerID string, createdAt time.Time, voteCount int) (err error) { if voteCount >= 3 { log.Infof(""There is no need to roll back the reputation by answering likes above the target value. %s %d"", answerID, voteCount) return nil } if createdAt.Before(time.Now().AddDate(0, 0, -60)) { log.Infof(""There is no need to roll back the reputation by answer's existence time meets the target. %s %s"", answerID, createdAt.String()) return nil } return as.answerActivityRepo.DeleteAnswer(ctx, answerID) }",True,Go,DeleteAnswer,answer_activity.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3350,"func (vs *VoteService) VoteDown(ctx context.Context, dto *schema.VoteDTO) (voteResp *schema.VoteResp, err error) { voteResp = &schema.VoteResp{} var objectUserID string objectUserID, err = vs.GetObjectUserID(ctx, dto.ObjectID) if err != nil { return } if objectUserID == dto.UserID { err = errors.BadRequest(reason.DisallowVoteYourSelf) return } if dto.IsCancel { return vs.voteRepo.VoteDownCancel(ctx, dto.ObjectID, dto.UserID, objectUserID) } else { return vs.voteRepo.VoteDown(ctx, dto.ObjectID, dto.UserID, objectUserID) } }",True,Go,VoteDown,vote_service.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-06-30 18:18:22+08:00,refactor(votes): refactor user vote repo,CWE-366,Race Condition within a Thread,"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.",https://cwe.mitre.org/data/definitions/366.html,CVE-2023-4127,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3362,"func (am *AuthUserMiddleware) AdminAuth() gin.HandlerFunc { return func(ctx *gin.Context) { token := ExtractToken(ctx) if len(token) == 0 { handler.HandleResponse(ctx, errors.Unauthorized(reason.UnauthorizedError), nil) ctx.Abort() return } userInfo, err := am.authService.GetAdminUserCacheInfo(ctx, token) if err != nil { handler.HandleResponse(ctx, errors.Forbidden(reason.UnauthorizedError), nil) ctx.Abort() return } if userInfo != nil { if userInfo.UserStatus == entity.UserStatusDeleted { handler.HandleResponse(ctx, errors.Unauthorized(reason.UnauthorizedError), nil) ctx.Abort() return } ctx.Set(ctxUUIDKey, userInfo) } ctx.Next() } }",True,Go,AdminAuth,auth.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-08-29 11:39:51+08:00,fix(answer): fix incorrect notification's triggerUserID when cancel accepted answer,CWE-306,Missing Authentication for Critical Function,The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.,https://cwe.mitre.org/data/definitions/306.html,CVE-2023-4815,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3364,"func (ar *AnswerActivityRepo) sendAcceptAnswerNotification( ctx context.Context, op *schema.AcceptAnswerOperationInfo) { for _, act := range op.Activities { msg := &schema.NotificationMsg{ Type: schema.NotificationTypeAchievement, ObjectID: op.AnswerObjectID, ReceiverUserID: act.ActivityUserID, } if act.ActivityUserID == op.QuestionUserID { msg.TriggerUserID = op.AnswerUserID msg.ObjectType = constant.AnswerObjectType } else { msg.TriggerUserID = op.QuestionUserID msg.ObjectType = constant.AnswerObjectType } if msg.TriggerUserID != msg.ReceiverUserID { ar.notificationQueueService.Send(ctx, msg) } } for _, act := range op.Activities { msg := &schema.NotificationMsg{ ReceiverUserID: act.ActivityUserID, Type: schema.NotificationTypeInbox, ObjectID: op.AnswerObjectID, } if act.ActivityUserID != op.QuestionUserID { msg.TriggerUserID = op.QuestionUserID msg.ObjectType = constant.AnswerObjectType msg.NotificationAction = constant.NotificationAcceptAnswer ar.notificationQueueService.Send(ctx, msg) } } }",True,Go,sendAcceptAnswerNotification,answer_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-08-29 11:39:51+08:00,fix(answer): fix incorrect notification's triggerUserID when cancel accepted answer,CWE-306,Missing Authentication for Critical Function,The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.,https://cwe.mitre.org/data/definitions/306.html,CVE-2023-4815,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3367,"func (ar *AnswerActivityRepo) SaveAcceptAnswerActivity(ctx context.Context, op *schema.AcceptAnswerOperationInfo) ( err error) { noNeedToDo, err := ar.activityPreCheck(ctx, op) if err != nil { return err } if noNeedToDo { return nil } ar.data.DB.ShowSQL(true) _, err = ar.data.DB.Transaction(func(session *xorm.Session) (result any, err error) { session = session.Context(ctx) userInfoMapping, err := ar.acquireUserInfo(session, op.GetUserIDs()) if err != nil { return nil, err } err = ar.saveActivitiesAvailable(session, op) if err != nil { return nil, err } err = ar.changeUserRank(ctx, session, op, userInfoMapping) if err != nil { return nil, err } return nil, nil }) if err != nil { return errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } ar.sendAcceptAnswerNotification(ctx, op) return nil }",True,Go,SaveAcceptAnswerActivity,answer_repo.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-08-29 11:39:51+08:00,fix(answer): fix incorrect notification's triggerUserID when cancel accepted answer,CWE-306,Missing Authentication for Critical Function,The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.,https://cwe.mitre.org/data/definitions/306.html,CVE-2023-4815,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3373,"func (uc *UserController) UserModifyPassWord(ctx *gin.Context) { req := &schema.UserModifyPassWordRequest{} if handler.BindAndCheck(ctx, req) { return } req.UserID = middleware.GetLoginUserIDFromContext(ctx) oldPassVerification, err := uc.userService.UserModifyPassWordVerification(ctx, req) if err != nil { handler.HandleResponse(ctx, err, nil) return } if !oldPassVerification { errFields := append([]*validator.FormErrorField{}, &validator.FormErrorField{ ErrorField: ""old_pass"", ErrorMsg: translator.Tr(handler.GetLang(ctx), reason.OldPasswordVerificationFailed), }) handler.HandleResponse(ctx, errors.BadRequest(reason.OldPasswordVerificationFailed), errFields) return } if req.OldPass == req.Pass { errFields := append([]*validator.FormErrorField{}, &validator.FormErrorField{ ErrorField: ""pass"", ErrorMsg: translator.Tr(handler.GetLang(ctx), reason.NewPasswordSameAsPreviousSetting), }) handler.HandleResponse(ctx, errors.BadRequest(reason.NewPasswordSameAsPreviousSetting), errFields) return } err = uc.userService.UserModifyPassword(ctx, req) handler.HandleResponse(ctx, err, nil) }",True,Go,UserModifyPassWord,user_controller.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-05-08 17:51:29+08:00,feat(password): logout other user when update password,CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-4126,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3379,"func (u *UserModifyPassWordRequest) Check() (errFields []*validator.FormErrorField, err error) { err = checker.CheckPassword(8, 32, 0, u.Pass) if err != nil { errField := &validator.FormErrorField{ ErrorField: ""pass"", ErrorMsg: err.Error(), } errFields = append(errFields, errField) return errFields, err } return nil, nil }",True,Go,Check,user_schema.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-05-08 17:51:29+08:00,feat(password): logout other user when update password,CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-4126,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3388,"func (us *UserAdminService) UpdateUserPassword(ctx context.Context, req *schema.UpdateUserPasswordReq) (err error) { if req.UserID == req.LoginUserID { return errors.BadRequest(reason.AdminCannotUpdateTheirPassword) } userInfo, exist, err := us.userRepo.GetUserInfo(ctx, req.UserID) if err != nil { return err } if !exist { return errors.BadRequest(reason.UserNotFound) } hashPwd, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost) if err != nil { return err } err = us.userRepo.UpdateUserPassword(ctx, userInfo.ID, string(hashPwd)) if err != nil { return err } us.authService.RemoveUserTokens(ctx, req.UserID) return }",True,Go,UpdateUserPassword,user_backyard.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-05-08 17:51:29+08:00,feat(password): logout other user when update password,CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-4126,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3391,"func (us *UserService) UserModifyPassWordVerification(ctx context.Context, request *schema.UserModifyPassWordRequest) (bool, error) { userInfo, has, err := us.userRepo.GetByUserID(ctx, request.UserID) if err != nil { return false, err } if !has { return false, fmt.Errorf(""user does not exist"") } isPass := us.verifyPassword(ctx, request.OldPass, userInfo.Pass) if !isPass { return false, nil } return true, nil }",True,Go,UserModifyPassWordVerification,user_service.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-05-08 17:51:29+08:00,feat(password): logout other user when update password,CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-4126,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3395,"func (us *UserService) verifyPassword(ctx context.Context, LoginPass, UserPass string) bool { err := bcrypt.CompareHashAndPassword([]byte(UserPass), []byte(LoginPass)) return err == nil }",True,Go,verifyPassword,user_service.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-05-08 17:51:29+08:00,feat(password): logout other user when update password,CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-4126,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3396,"func (us *UserService) UserModifyPassword(ctx context.Context, request *schema.UserModifyPassWordRequest) error { enpass, err := us.encryptPassword(ctx, request.Pass) if err != nil { return err } userInfo, has, err := us.userRepo.GetByUserID(ctx, request.UserID) if err != nil { return err } if !has { return fmt.Errorf(""user does not exist"") } isPass := us.verifyPassword(ctx, request.OldPass, userInfo.Pass) if !isPass { return fmt.Errorf(""the old password verification failed"") } err = us.userRepo.UpdatePass(ctx, userInfo.ID, enpass) if err != nil { return err } return nil }",True,Go,UserModifyPassword,user_service.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-05-08 17:51:29+08:00,feat(password): logout other user when update password,CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-4126,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3397,"func (us *UserService) UseRePassword(ctx context.Context, req *schema.UserRePassWordRequest) (resp *schema.GetUserResp, err error) { data := &schema.EmailCodeContent{} err = data.FromJSONString(req.Content) if err != nil { return nil, errors.BadRequest(reason.EmailVerifyURLExpired) } userInfo, exist, err := us.userRepo.GetByEmail(ctx, data.Email) if err != nil { return nil, err } if !exist { return nil, errors.BadRequest(reason.UserNotFound) } enpass, err := us.encryptPassword(ctx, req.Pass) if err != nil { return nil, err } err = us.userRepo.UpdatePass(ctx, userInfo.ID, enpass) if err != nil { return nil, err } resp = &schema.GetUserResp{} return resp, nil }",True,Go,UseRePassword,user_service.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-05-08 17:51:29+08:00,feat(password): logout other user when update password,CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-4126,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3401,"func (u *UserModifyPasswordReq) Check() (errFields []*validator.FormErrorField, err error) { err = checker.CheckPassword(8, 32, 0, u.Pass) if err != nil { errField := &validator.FormErrorField{ ErrorField: ""pass"", ErrorMsg: err.Error(), } errFields = append(errFields, errField) return errFields, err } return nil, nil }",True,Go,Check,user_schema.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-05-22 15:09:42+08:00,fix(password): password can't contains space.,CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2023-4125,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3404,"func (u *UserRegisterReq) Check() (errFields []*validator.FormErrorField, err error) { err = checker.CheckPassword(8, 32, 0, u.Pass) if err != nil { errField := &validator.FormErrorField{ ErrorField: ""pass"", ErrorMsg: err.Error(), } errFields = append(errFields, errField) return errFields, err } return nil, nil }",True,Go,Check,user_schema.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-05-22 15:09:42+08:00,fix(password): password can't contains space.,CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2023-4125,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3406,"func (u *UserRePassWordRequest) Check() (errFields []*validator.FormErrorField, err error) { err = checker.CheckPassword(8, 32, 0, u.Pass) if err != nil { errField := &validator.FormErrorField{ ErrorField: ""pass"", ErrorMsg: err.Error(), } errFields = append(errFields, errField) return errFields, err } return nil, nil }",True,Go,Check,user_schema.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-05-22 15:09:42+08:00,fix(password): password can't contains space.,CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2023-4125,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3408,"func (cr *collectionRepo) AddCollection(ctx context.Context, collection *entity.Collection) (err error) { id, err := cr.uniqueIDRepo.GenUniqueIDStr(ctx, collection.TableName()) if err == nil { collection.ID = id _, err = cr.data.DB.Insert(collection) if err != nil { return errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() } } return nil }",True,Go,AddCollection,collection_repo.go,https://github.com/answerdev/answer,answerdev,aichy126,2023-01-30 15:25:43+08:00,update add db session,CWE-362,Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'),"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.",https://cwe.mitre.org/data/definitions/362.html,CVE-2023-0739,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3411,"func Markdown2HTML(source string) string { mdConverter := goldmark.New( goldmark.WithExtensions(&DangerousHTMLFilterExtension{}, extension.GFM), goldmark.WithParserOptions( parser.WithAutoHeadingID(), ), goldmark.WithRendererOptions( goldmarkHTML.WithHardWraps(), ), ) var buf bytes.Buffer if err := mdConverter.Convert([]byte(source), &buf); err != nil { log.Error(err) return source } return buf.String() }",True,Go,Markdown2HTML,markdown.go,https://github.com/answerdev/answer,answerdev,aichy126,2023-03-10 15:20:45+08:00,update markdown xss,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1535,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3422,"func (sc *SiteInfoController) UpdateGeneral(ctx *gin.Context) { req := schema.SiteGeneralReq{} if handler.BindAndCheck(ctx, &req) { return } err := sc.siteInfoService.SaveSiteGeneral(ctx, req) handler.HandleResponse(ctx, err, nil) }",True,Go,UpdateGeneral,siteinfo_controller.go,https://github.com/answerdev/answer,answerdev,aichy126,2023-02-15 15:51:12+08:00,add input sanitizer,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0934,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3430,"func (uc *UserController) RetrievePassWord(ctx *gin.Context) { req := &schema.UserRetrievePassWordRequest{} if handler.BindAndCheck(ctx, req) { return } captchaPass := uc.actionService.ActionRecordVerifyCaptcha(ctx, schema.ActionRecordTypeFindPass, ctx.ClientIP(), req.CaptchaID, req.CaptchaCode) if !captchaPass { errFields := append([]*validator.FormErrorField{}, &validator.FormErrorField{ ErrorField: ""captcha_code"", ErrorMsg: translator.Tr(handler.GetLang(ctx), reason.CaptchaVerificationFailed), }) handler.HandleResponse(ctx, errors.BadRequest(reason.CaptchaVerificationFailed), errFields) return } _, _ = uc.actionService.ActionRecordAdd(ctx, schema.ActionRecordTypeFindPass, ctx.ClientIP()) _, err := uc.userService.RetrievePassWord(ctx, req) handler.HandleResponse(ctx, err, nil) }",True,Go,RetrievePassWord,user_controller.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-02-23 11:55:40+08:00,fix(user): User reset password should not tell the user if the email exists.,CWE-203,Observable Discrepancy,"The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.",https://cwe.mitre.org/data/definitions/203.html,CVE-2023-1540,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3433,"func (us *UserService) RetrievePassWord(ctx context.Context, req *schema.UserRetrievePassWordRequest) (string, error) { userInfo, has, err := us.userRepo.GetByEmail(ctx, req.Email) if err != nil { return """", err } if !has { return """", errors.BadRequest(reason.UserNotFound) } data := &schema.EmailCodeContent{ Email: req.Email, UserID: userInfo.ID, } code := uuid.NewString() verifyEmailURL := fmt.Sprintf(""%s/users/password-reset?code=%s"", us.getSiteUrl(ctx), code) title, body, err := us.emailService.PassResetTemplate(ctx, verifyEmailURL) if err != nil { return """", err } go us.emailService.SendAndSaveCode(ctx, req.Email, title, body, code, data.ToJSONString()) return code, nil }",True,Go,RetrievePassWord,user_service.go,https://github.com/answerdev/answer,answerdev,LinkinStars,2023-02-23 11:55:40+08:00,fix(user): User reset password should not tell the user if the email exists.,CWE-203,Observable Discrepancy,"The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.",https://cwe.mitre.org/data/definitions/203.html,CVE-2023-1540,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3445,"func (tr *GetTagResp) GetExcerpt() { excerpt := strings.TrimSpace(tr.OriginalText) idx := strings.Index(excerpt, ""\n"") if idx >= 0 { excerpt = excerpt[0:idx] } tr.Excerpt = excerpt }",True,Go,GetExcerpt,tag_schema.go,https://github.com/answerdev/answer,answerdev,aichy126,2023-02-24 18:03:52+08:00,update GetExcerpt,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1240,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3446,"func (tr *GetTagResp) GetExcerpt() { excerpt := strings.TrimSpace(tr.OriginalText) idx := strings.Index(excerpt, ""\n"") if idx >= 0 { excerpt = excerpt[0:idx] } tr.Excerpt = excerpt }",True,Go,GetExcerpt,tag_schema.go,https://github.com/answerdev/answer,answerdev,aichy126,2023-02-24 18:03:52+08:00,update GetExcerpt,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1241,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3450,"func NewHandler() *Handler { return &Handler{ clusterService: cluster.NewService(), userService: user.NewService(), roleService: role.NewService(), rolebindingService: rolebinding.NewService(), ldapService: ldap.NewService(), jwtSigner: jwt.NewSigner(jwt.HS256, JwtSigKey, jwtMaxAge), } }",True,Go,NewHandler,session.go,https://github.com/KubeOperator/KubePi,KubeOperator,zhengkunwang223,2023-01-04 17:28:22+08:00,fix: 解决 jwt 硬编码导致的 k8s 集群接管漏洞,CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2023-22463,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3453,"func ReadConfig(c *config.Config, path ...string) error { v := viper.New() v.SetConfigName(""app"") v.SetConfigType(""yaml"") for i := range path { configFilePaths = append(configFilePaths, path[i]) } for i := range configFilePaths { realDir := file.ReplaceHomeDir(configFilePaths[i]) if exists := fileutil.Exist(realDir); !exists { fmt.Println(fmt.Sprintf(configNotFoundSkipErr, realDir)) continue } v.AddConfigPath(realDir) if err := v.ReadInConfig(); err != nil { fmt.Println(fmt.Sprintf(configReadErr, realDir, err.Error())) continue } if err := v.MergeInConfig(); err != nil { fmt.Println(fmt.Sprintf(configMergeErr, configFilePaths)) } } var configMap map[string]interface{} if err := v.Unmarshal(&configMap); err != nil { return err } str, err := json.Marshal(&configMap) if err != nil { return err } if err := json.Unmarshal(str, &c); err != nil { return nil } return nil }",True,Go,ReadConfig,config.go,https://github.com/KubeOperator/KubePi,KubeOperator,zhengkunwang223,2023-01-04 17:28:22+08:00,fix: 解决 jwt 硬编码导致的 k8s 集群接管漏洞,CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2023-22463,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3457,"func V1(parent iris.Party) { v1 := parent.Party(""/v1"") authParty := v1.Party(""/auth"") mvc.New(authParty.Party(""/session"")).HandleError(ErrorHandler).Handle(controller.NewSessionController()) mvc.New(v1.Party(""/user"")).HandleError(ErrorHandler).Handle(controller.NewForgotPasswordController()) AuthScope = v1.Party(""/"") AuthScope.Use(middleware.JWTMiddleware().Serve) AuthScope.Use(middleware.UserMiddleware) AuthScope.Use(middleware.RBACMiddleware()) AuthScope.Use(middleware.PagerMiddleware) AuthScope.Use(middleware.ForceMiddleware) mvc.New(AuthScope.Party(""/clusters"")).HandleError(ErrorHandler).Handle(controller.NewClusterController()) mvc.New(AuthScope.Party(""/credentials"")).HandleError(ErrorHandler).Handle(controller.NewCredentialController()) mvc.New(AuthScope.Party(""/hosts"")).HandleError(ErrorHandler).Handle(controller.NewHostController()) mvc.New(AuthScope.Party(""/users"")).HandleError(ErrorHandler).Handle(controller.NewUserController()) mvc.New(AuthScope.Party(""/dashboard"")).HandleError(ErrorHandler).Handle(controller.NewKubePiController()) mvc.New(AuthScope.Party(""/regions"")).HandleError(ErrorHandler).Handle(controller.NewRegionController()) mvc.New(AuthScope.Party(""/zones"")).HandleError(ErrorHandler).Handle(controller.NewZoneController()) mvc.New(AuthScope.Party(""/plans"")).HandleError(ErrorHandler).Handle(controller.NewPlanController()) mvc.New(AuthScope.Party(""/settings"")).HandleError(ErrorHandler).Handle(controller.NewSystemSettingController()) mvc.New(AuthScope.Party(""/ntp"")).HandleError(ErrorHandler).Handle(controller.NewNtpServerController()) mvc.New(AuthScope.Party(""/logs"")).HandleError(ErrorHandler).Handle(controller.NewSystemLogController()) mvc.New(AuthScope.Party(""/projects"")).HandleError(ErrorHandler).Handle(controller.NewProjectController()) mvc.New(AuthScope.Party(""/clusters/provisioner"")).HandleError(ErrorHandler).Handle(controller.NewProvisionerController()) mvc.New(AuthScope.Party(""/kubernetes"")).HandleError(ErrorHandler).Handle(controller.NewKubernetesController()) mvc.New(AuthScope.Party(""/clusters/tool"")).HandleError(ErrorHandler).Handle(controller.NewClusterToolController()) mvc.New(AuthScope.Party(""/backupaccounts"")).HandleError(ErrorHandler).Handle(controller.NewBackupAccountController()) mvc.New(AuthScope.Party(""/clusters/backup"")).HandleError(ErrorHandler).Handle(controller.NewClusterBackupStrategyController()) mvc.New(AuthScope.Party(""/clusters/monitor"")).HandleError(ErrorHandler).Handle(controller.NewMonitorController()) mvc.New(AuthScope.Party(""/tasks"")).Handle(ErrorHandler).Handle(controller.NewTaskLogController()) mvc.New(AuthScope.Party(""/components"")).Handle(ErrorHandler).Handle(controller.NewComponentController()) mvc.New(AuthScope.Party(""/license"")).Handle(ErrorHandler).Handle(controller.NewLicenseController()) mvc.New(AuthScope.Party(""/clusters/backup/files"")).HandleError(ErrorHandler).Handle(controller.NewClusterBackupFileController()) mvc.New(AuthScope.Party(""/clusters/velero/{cluster}/{operate}"")).HandleError(ErrorHandler).Handle(controller.NewClusterVeleroBackupController()) mvc.New(AuthScope.Party(""/manifests"")).HandleError(ErrorHandler).Handle(controller.NewManifestController()) mvc.New(AuthScope.Party(""/vmconfigs"")).HandleError(ErrorHandler).Handle(controller.NewVmConfigController()) mvc.New(AuthScope.Party(""/ippools"")).HandleError(ErrorHandler).Handle(controller.NewIpPoolController()) mvc.New(AuthScope.Party(""/ippools/{name}/ips"")).HandleError(ErrorHandler).Handle(controller.NewIpController()) mvc.New(AuthScope.Party(""/projects/{project}/resources"")).HandleError(ErrorHandler).Handle(controller.NewProjectResourceController()) mvc.New(AuthScope.Party(""/projects/{project}/members"")).HandleError(ErrorHandler).Handle(controller.NewProjectMemberController()) mvc.New(AuthScope.Party(""/projects/{project}/clusters/{cluster}/members"")).HandleError(ErrorHandler).Handle(controller.NewClusterMemberController()) mvc.New(AuthScope.Party(""/projects/{project}/clusters/{cluster}/resources"")).HandleError(ErrorHandler).Handle(controller.NewClusterResourceController()) mvc.New(AuthScope.Party(""/templates"")).HandleError(ErrorHandler).Handle(controller.NewTemplateConfigController()) mvc.New(AuthScope.Party(""/clusters/grade"")).HandleError(ErrorHandler).Handle(controller.NewGradeController()) mvc.New(AuthScope.Party(""/ldap"")).HandleError(ErrorHandler).Handle(controller.NewLdapController()) mvc.New(AuthScope.Party(""/msg/accounts"")).HandleError(ErrorHandler).Handle(controller.NewMessageAccountController()) mvc.New(AuthScope.Party(""/msg/subscribes"")).HandleError(ErrorHandler).Handle(controller.NewMessageSubscribeController()) mvc.New(AuthScope.Party(""/user/messages"")).HandleError(ErrorHandler).Handle(controller.NewUserMsgController()) mvc.New(AuthScope.Party(""/user/settings"")).HandleError(ErrorHandler).Handle(controller.NewUserSettingController()) WhiteScope = v1.Party(""/"") WhiteScope.Get(""/clusters/kubeconfig/{name}"", downloadKubeconfig) WhiteScope.Get(""/captcha"", generateCaptcha) mvc.New(WhiteScope.Party(""/theme"")).HandleError(ErrorHandler).Handle(controller.NewThemeController()) }",True,Go,V1,v1api.go,https://github.com/KubeOperator/KubeOperator,KubeOperator,ssongliu,2023-01-12 11:36:37+08:00,fix: 解决K8s配置下载漏洞,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2023-22480,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3460,"func uploads(router *httprouter.Router, fsys MkdirFS) { router.POST(""/_apis/pipelines/workflows/:runId/artifacts"", func(w http.ResponseWriter, req *http.Request, params httprouter.Params) { runID := params.ByName(""runId"") json, err := json.Marshal(FileContainerResourceURL{ FileContainerResourceURL: fmt.Sprintf(""http: }) if err != nil { panic(err) } _, err = w.Write(json) if err != nil { panic(err) } }) router.PUT(""/upload/:runId"", func(w http.ResponseWriter, req *http.Request, params httprouter.Params) { itemPath := req.URL.Query().Get(""itemPath"") runID := params.ByName(""runId"") if req.Header.Get(""Content-Encoding"") == ""gzip"" { itemPath += gzipExtension } filePath := fmt.Sprintf(""%s/%s"", runID, itemPath) err := fsys.MkdirAll(path.Dir(filePath), os.ModePerm) if err != nil { panic(err) } file, err := func() (fs.File, error) { contentRange := req.Header.Get(""Content-Range"") if contentRange != """" && !strings.HasPrefix(contentRange, ""bytes 0-"") { return fsys.OpenAtEnd(filePath) } return fsys.Open(filePath) }() if err != nil { panic(err) } defer file.Close() writer, ok := file.(io.Writer) if !ok { panic(errors.New(""File is not writable"")) } if req.Body == nil { panic(errors.New(""No body given"")) } _, err = io.Copy(writer, req.Body) if err != nil { panic(err) } json, err := json.Marshal(ResponseMessage{ Message: ""success"", }) if err != nil { panic(err) } _, err = w.Write(json) if err != nil { panic(err) } }) router.PATCH(""/_apis/pipelines/workflows/:runId/artifacts"", func(w http.ResponseWriter, req *http.Request, params httprouter.Params) { json, err := json.Marshal(ResponseMessage{ Message: ""success"", }) if err != nil { panic(err) } _, err = w.Write(json) if err != nil { panic(err) } }) }",True,Go,uploads,server.go,https://github.com/nektos/act,nektos,GitHub,2023-01-16 21:01:54+00:00,fix: update artifact server to address GHSL-2023-004 (#1565),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-22726,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3461,"func Serve(ctx context.Context, artifactPath string, addr string, port string) context.CancelFunc { serverContext, cancel := context.WithCancel(ctx) logger := common.Logger(serverContext) if artifactPath == """" { return cancel } router := httprouter.New() logger.Debugf(""Artifacts base path '%s'"", artifactPath) fs := os.DirFS(artifactPath) uploads(router, MkdirFsImpl{artifactPath, fs}) downloads(router, fs) server := &http.Server{ Addr: fmt.Sprintf(""%s:%s"", addr, port), ReadHeaderTimeout: 2 * time.Second, Handler: router, } go func() { logger.Infof(""Start server on http: if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed { logger.Fatal(err) } }() go func() { <-serverContext.Done() if err := server.Shutdown(ctx); err != nil { logger.Errorf(""Failed shutdown gracefully - force shutdown: %v"", err) server.Close() } }() return cancel }",True,Go,Serve,server.go,https://github.com/nektos/act,nektos,GitHub,2023-01-16 21:01:54+00:00,fix: update artifact server to address GHSL-2023-004 (#1565),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-22726,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3462,"func (fsys MkdirFsImpl) MkdirAll(path string, perm fs.FileMode) error { return os.MkdirAll(fsys.dir+""/""+path, perm) }",True,Go,MkdirAll,server.go,https://github.com/nektos/act,nektos,GitHub,2023-01-16 21:01:54+00:00,fix: update artifact server to address GHSL-2023-004 (#1565),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-22726,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3464,"func (fsys MkdirFsImpl) OpenAtEnd(name string) (fs.File, error) { file, err := os.OpenFile(fsys.dir+""/""+name, os.O_CREATE|os.O_RDWR, 0644) if err != nil { return nil, err } _, err = file.Seek(0, os.SEEK_END) if err != nil { return nil, err } return file, nil }",True,Go,OpenAtEnd,server.go,https://github.com/nektos/act,nektos,GitHub,2023-01-16 21:01:54+00:00,fix: update artifact server to address GHSL-2023-004 (#1565),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-22726,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3466,"func (fsys MkdirFsImpl) Open(name string) (fs.File, error) { return os.OpenFile(fsys.dir+""/""+name, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0644) }",True,Go,Open,server.go,https://github.com/nektos/act,nektos,GitHub,2023-01-16 21:01:54+00:00,fix: update artifact server to address GHSL-2023-004 (#1565),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-22726,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3475,"func (file WritableFile) Write(data []byte) (int, error) { file.fsys[file.path].Data = data return len(data), nil }",True,Go,Write,server_test.go,https://github.com/nektos/act,nektos,GitHub,2023-01-16 21:01:54+00:00,fix: update artifact server to address GHSL-2023-004 (#1565),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-22726,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3482,"func TestArtifactUploadBlob(t *testing.T) { assert := assert.New(t) var memfs = fstest.MapFS(map[string]*fstest.MapFile{}) router := httprouter.New() uploads(router, MapFsImpl{memfs}) req, _ := http.NewRequest(""PUT"", ""http: rr := httptest.NewRecorder() router.ServeHTTP(rr, req) if status := rr.Code; status != http.StatusOK { assert.Fail(""Wrong status"") } response := ResponseMessage{} err := json.Unmarshal(rr.Body.Bytes(), &response) if err != nil { panic(err) } assert.Equal(""success"", response.Message) assert.Equal(""content"", string(memfs[""1/some/file""].Data)) }",True,Go,TestArtifactUploadBlob,server_test.go,https://github.com/nektos/act,nektos,GitHub,2023-01-16 21:01:54+00:00,fix: update artifact server to address GHSL-2023-004 (#1565),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-22726,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3486,"func TestFinalizeArtifactUpload(t *testing.T) { assert := assert.New(t) var memfs = fstest.MapFS(map[string]*fstest.MapFile{}) router := httprouter.New() uploads(router, MapFsImpl{memfs}) req, _ := http.NewRequest(""PATCH"", ""http: rr := httptest.NewRecorder() router.ServeHTTP(rr, req) if status := rr.Code; status != http.StatusOK { assert.Fail(""Wrong status"") } response := ResponseMessage{} err := json.Unmarshal(rr.Body.Bytes(), &response) if err != nil { panic(err) } assert.Equal(""success"", response.Message) }",True,Go,TestFinalizeArtifactUpload,server_test.go,https://github.com/nektos/act,nektos,GitHub,2023-01-16 21:01:54+00:00,fix: update artifact server to address GHSL-2023-004 (#1565),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-22726,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3491,"func TestListArtifacts(t *testing.T) { assert := assert.New(t) var memfs = fstest.MapFS(map[string]*fstest.MapFile{ ""1/file.txt"": { Data: []byte(""""), }, }) router := httprouter.New() downloads(router, memfs) req, _ := http.NewRequest(""GET"", ""http: rr := httptest.NewRecorder() router.ServeHTTP(rr, req) if status := rr.Code; status != http.StatusOK { assert.FailNow(fmt.Sprintf(""Wrong status: %d"", status)) } response := NamedFileContainerResourceURLResponse{} err := json.Unmarshal(rr.Body.Bytes(), &response) if err != nil { panic(err) } assert.Equal(1, response.Count) assert.Equal(""file.txt"", response.Value[0].Name) assert.Equal(""http: }",True,Go,TestListArtifacts,server_test.go,https://github.com/nektos/act,nektos,GitHub,2023-01-16 21:01:54+00:00,fix: update artifact server to address GHSL-2023-004 (#1565),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-22726,"func (m *NidOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } m.Field1 = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Field1 |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3495,"func TestNewArtifactUploadPrepare(t *testing.T) { assert := assert.New(t) var memfs = fstest.MapFS(map[string]*fstest.MapFile{}) router := httprouter.New() uploads(router, MapFsImpl{memfs}) req, _ := http.NewRequest(""POST"", ""http: rr := httptest.NewRecorder() router.ServeHTTP(rr, req) if status := rr.Code; status != http.StatusOK { assert.Fail(""Wrong status"") } response := FileContainerResourceURL{} err := json.Unmarshal(rr.Body.Bytes(), &response) if err != nil { panic(err) } assert.Equal(""http: }",True,Go,TestNewArtifactUploadPrepare,server_test.go,https://github.com/nektos/act,nektos,GitHub,2023-01-16 21:01:54+00:00,fix: update artifact server to address GHSL-2023-004 (#1565),CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-22726,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3498,"func NewBitfield(size int) Bitfield { if size%8 != 0 { panic(""Bitfield size must be a multiple of 8"") } return make([]byte, size/8) }",True,Go,NewBitfield,bitfield.go,https://github.com/ipfs/go-bitfield,ipfs,Jorropo,2023-01-26 05:06:57+01:00,"refactor: return errors instead of panics

It is clearer and simpler for consumers if we use the type system instead of relying on them for extra checks.

Fixes https://github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r",CWE-1284,Improper Validation of Specified Quantity in Input,"The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.",https://cwe.mitre.org/data/definitions/1284.html,CVE-2023-23626,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3505,func BenchmarkBytes(t *testing.B) { bfa := NewBitfield(211) bfb := NewBitfield(211) for j := 0; j*4 < 211; j++ { bfa.SetBit(j * 4) } t.ResetTimer() for i := 0; i < t.N; i++ { bfb.SetBytes(bfa.Bytes()) } },True,Go,BenchmarkBytes,bitfield_test.go,https://github.com/ipfs/go-bitfield,ipfs,Jorropo,2023-01-26 05:06:57+01:00,"refactor: return errors instead of panics

It is clearer and simpler for consumers if we use the type system instead of relying on them for extra checks.

Fixes https://github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r",CWE-1284,Improper Validation of Specified Quantity in Input,"The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.",https://cwe.mitre.org/data/definitions/1284.html,CVE-2023-23626,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3510,"func TestBitfield(t *testing.T) { bf := NewBitfield(128) if bf.OnesBefore(20) != 0 { t.Fatal(""expected no bits set"") } bf.SetBit(10) if bf.OnesBefore(20) != 1 { t.Fatal(""expected 1 bit set"") } bf.SetBit(12) if bf.OnesBefore(20) != 2 { t.Fatal(""expected 2 bit set"") } bf.SetBit(30) if bf.OnesBefore(20) != 2 { t.Fatal(""expected 2 bit set"") } bf.SetBit(100) if bf.OnesBefore(20) != 2 { t.Fatal(""expected 2 bit set"") } bf.UnsetBit(10) if bf.OnesBefore(20) != 1 { t.Fatal(""expected 1 bit set"") } bint := new(big.Int).SetBytes(bf.Bytes()) for i := 0; i < 128; i++ { if bf.Bit(i) != (bint.Bit(i) == 1) { t.Fatalf(""expected bit %d to be %v"", i, bf.Bit(i)) } } }",True,Go,TestBitfield,bitfield_test.go,https://github.com/ipfs/go-bitfield,ipfs,Jorropo,2023-01-26 05:06:57+01:00,"refactor: return errors instead of panics

It is clearer and simpler for consumers if we use the type system instead of relying on them for extra checks.

Fixes https://github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r",CWE-1284,Improper Validation of Specified Quantity in Input,"The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.",https://cwe.mitre.org/data/definitions/1284.html,CVE-2023-23626,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3511,"func BenchmarkOnes(t *testing.B) { bf := NewBitfield(benchmarkSize) t.ResetTimer() for i := 0; i < t.N; i++ { for j := 0; j*4 < benchmarkSize; j++ { if bf.Ones() != j { t.Fatal(""bad"", i) } bf.SetBit(j * 4) } for j := 0; j*4 < benchmarkSize; j++ { bf.UnsetBit(j * 4) } } }",True,Go,BenchmarkOnes,bitfield_test.go,https://github.com/ipfs/go-bitfield,ipfs,Jorropo,2023-01-26 05:06:57+01:00,"refactor: return errors instead of panics

It is clearer and simpler for consumers if we use the type system instead of relying on them for extra checks.

Fixes https://github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r",CWE-1284,Improper Validation of Specified Quantity in Input,"The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.",https://cwe.mitre.org/data/definitions/1284.html,CVE-2023-23626,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3512,"func TestExhaustive24(t *testing.T) { bf := NewBitfield(24) max := 1 << 24 bint := new(big.Int) bts := make([]byte, 4) for j := 0; j < max; j++ { binary.BigEndian.PutUint32(bts, uint32(j)) bint.SetBytes(bts[1:]) bf.SetBytes(nil) for i := 0; i < 24; i++ { if bf.Bit(i) { t.Fatalf(""bit %d should have been false"", i) } if bint.Bit(i) == 1 { bf.SetBit(i) bf.SetBit(i) } else { bf.UnsetBit(i) bf.UnsetBit(i) } if bf.Bit(i) != (bint.Bit(i) == 1) { t.Fatalf(""bit %d should have been true"", i) } } if !bytes.Equal(bint.Bytes(), bf.Bytes()) { t.Logf(""%v %v"", bint.Bytes(), bf.Bytes()) t.Fatal(""big int and bitfield not equal"") } for i := 0; i < 24; i++ { if (bint.Bit(i) == 1) != bf.Bit(i) { t.Fatalf(""bit %d wrong"", i) } } for i := 0; i < 24; i++ { if bf.OnesBefore(i) != bits.OnesCount32(uint32(j)<<(32-uint(i))) { t.Fatalf(""wrong bit count"") } if bf.OnesAfter(i) != bits.OnesCount32(uint32(j)>>uint(i)) { t.Fatalf(""wrong bit count"") } if bf.Ones() != bits.OnesCount32(uint32(j)) { t.Fatalf(""wrong bit count"") } } } }",True,Go,TestExhaustive24,bitfield_test.go,https://github.com/ipfs/go-bitfield,ipfs,Jorropo,2023-01-26 05:06:57+01:00,"refactor: return errors instead of panics

It is clearer and simpler for consumers if we use the type system instead of relying on them for extra checks.

Fixes https://github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r",CWE-1284,Improper Validation of Specified Quantity in Input,"The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.",https://cwe.mitre.org/data/definitions/1284.html,CVE-2023-23626,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3514,"func (s *shard) serialize(ls *ipld.LinkSystem) (ipld.Link, uint64, error) { ufd, err := BuildUnixFS(func(b *Builder) { DataType(b, data.Data_HAMTShard) HashType(b, s.hasher) Data(b, s.bitmap()) Fanout(b, uint64(s.size)) }) if err != nil { return nil, 0, err } pbb := dagpb.Type.PBNode.NewBuilder() pbm, err := pbb.BeginMap(2) if err != nil { return nil, 0, err } if err = pbm.AssembleKey().AssignString(""Data""); err != nil { return nil, 0, err } if err = pbm.AssembleValue().AssignBytes(data.EncodeUnixFSData(ufd)); err != nil { return nil, 0, err } if err = pbm.AssembleKey().AssignString(""Links""); err != nil { return nil, 0, err } lnkBuilder := dagpb.Type.PBLinks.NewBuilder() lnks, err := lnkBuilder.BeginList(int64(len(s.children))) if err != nil { return nil, 0, err } var totalSize uint64 for idx, e := range s.children { var lnk dagpb.PBLink if e.shard != nil { ipldLnk, sz, err := e.shard.serialize(ls) if err != nil { return nil, 0, err } totalSize += sz fullName := s.formatLinkName("""", idx) lnk, err = BuildUnixFSDirectoryEntry(fullName, int64(sz), ipldLnk) if err != nil { return nil, 0, err } } else { fullName := s.formatLinkName(e.Name.Must().String(), idx) sz := e.Tsize.Must().Int() totalSize += uint64(sz) lnk, err = BuildUnixFSDirectoryEntry(fullName, sz, e.Hash.Link()) } if err != nil { return nil, 0, err } if err := lnks.AssembleValue().AssignNode(lnk); err != nil { return nil, 0, err } } if err := lnks.Finish(); err != nil { return nil, 0, err } pbm.AssembleValue().AssignNode(lnkBuilder.Build()) if err := pbm.Finish(); err != nil { return nil, 0, err } node := pbb.Build() lnk, sz, err := sizedStore(ls, fileLinkProto, node) if err != nil { return nil, 0, err } return lnk, totalSize + sz, nil }",True,Go,serialize,dirshard.go,https://github.com/ipfs/go-unixfsnode,ipfs,Jorropo,2023-02-09 20:28:30+01:00,update ipfs/go-unixfs and ipfs/go-bitfield,CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-23631,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3516,"func (s *shard) bitmap() []byte { bm := bitfield.NewBitfield(s.size) for i := 0; i < s.size; i++ { if _, ok := s.children[i]; ok { bm.SetBit(i) } } return bm.Bytes() }",True,Go,bitmap,dirshard.go,https://github.com/ipfs/go-unixfsnode,ipfs,Jorropo,2023-02-09 20:28:30+01:00,update ipfs/go-unixfs and ipfs/go-bitfield,CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-23631,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3517,"func TestBasicSet(t *testing.T) { ds, lsys := mockDag() for _, w := range []int{128, 256, 512, 1024, 2048, 4096} { t.Run(fmt.Sprintf(""BasicSet%d"", w), func(t *testing.T) { names, s, err := makeDirWidth(ds, 1000, w) require.NoError(t, err) ctx := context.Background() legacyNode, err := s.Node() require.NoError(t, err) nd, err := lsys.Load(ipld.LinkContext{Ctx: ctx}, cidlink.Link{Cid: legacyNode.Cid()}, dagpb.Type.PBNode) require.NoError(t, err) hamtShard, err := hamt.AttemptHAMTShardFromNode(ctx, nd, lsys) require.NoError(t, err) for _, d := range names { _, err := hamtShard.LookupByString(d) require.NoError(t, err) } }) } }",True,Go,TestBasicSet,shardeddir_test.go,https://github.com/ipfs/go-unixfsnode,ipfs,Jorropo,2023-02-09 20:28:30+01:00,update ipfs/go-unixfs and ipfs/go-bitfield,CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-23631,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3522,"func bitField(nd data.UnixFSData) (bitfield.Bitfield, error) { fanout := int(nd.FieldFanout().Must().Int()) if fanout > maximumHamtWidth { return nil, fmt.Errorf(""hamt witdh (%d) exceed maximum allowed (%d)"", fanout, maximumHamtWidth) } bf := bitfield.NewBitfield(fanout) bf.SetBytes(nd.FieldData().Must().Bytes()) return bf, nil }",True,Go,bitField,util.go,https://github.com/ipfs/go-unixfsnode,ipfs,Jorropo,2023-02-09 20:28:30+01:00,update ipfs/go-unixfs and ipfs/go-bitfield,CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-23631,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3540,"func (e *Engine) MessageReceived(ctx context.Context, p peer.ID, m bsmsg.BitSwapMessage) { entries := m.Wantlist() if len(entries) > 0 { log.Debugw(""Bitswap engine <- msg"", ""local"", e.self, ""from"", p, ""entryCount"", len(entries)) for _, et := range entries { if !et.Cancel { if et.WantType == pb.Message_Wantlist_Have { log.Debugw(""Bitswap engine <- want-have"", ""local"", e.self, ""from"", p, ""cid"", et.Cid) } else { log.Debugw(""Bitswap engine <- want-block"", ""local"", e.self, ""from"", p, ""cid"", et.Cid) } } } } if m.Empty() { log.Infof(""received empty message from %s"", p) } newWorkExists := false defer func() { if newWorkExists { e.signalNewWork() } }() wants, cancels := e.splitWantsCancels(entries) wants, denials := e.splitWantsDenials(p, wants) wantKs := cid.NewSet() for _, entry := range wants { wantKs.Add(entry.Cid) } blockSizes, err := e.bsm.getBlockSizes(ctx, wantKs.Keys()) if err != nil { log.Info(""aborting message processing"", err) return } e.lock.Lock() for _, entry := range wants { e.peerLedger.Wants(p, entry.Cid) } for _, entry := range cancels { e.peerLedger.CancelWant(p, entry.Cid) } e.lock.Unlock() l := e.findOrCreate(p) l.lk.Lock() defer l.lk.Unlock() if m.Full() { l.wantList = wl.New() } var activeEntries []peertask.Task for _, entry := range cancels { log.Debugw(""Bitswap engine <- cancel"", ""local"", e.self, ""from"", p, ""cid"", entry.Cid) if l.CancelWant(entry.Cid) { e.peerRequestQueue.Remove(entry.Cid, p) } } sendDontHave := func(entry bsmsg.Entry) { if e.sendDontHaves && entry.SendDontHave { c := entry.Cid newWorkExists = true isWantBlock := false if entry.WantType == pb.Message_Wantlist_Block { isWantBlock = true } activeEntries = append(activeEntries, peertask.Task{ Topic: c, Priority: int(entry.Priority), Work: bsmsg.BlockPresenceSize(c), Data: &taskData{ BlockSize: 0, HaveBlock: false, IsWantBlock: isWantBlock, SendDontHave: entry.SendDontHave, }, }) } } for _, entry := range denials { log.Debugw(""Bitswap engine: block denied access"", ""local"", e.self, ""from"", p, ""cid"", entry.Cid, ""sendDontHave"", entry.SendDontHave) sendDontHave(entry) } for _, entry := range wants { c := entry.Cid blockSize, found := blockSizes[entry.Cid] l.Wants(c, entry.Priority, entry.WantType) if !found { log.Debugw(""Bitswap engine: block not found"", ""local"", e.self, ""from"", p, ""cid"", entry.Cid, ""sendDontHave"", entry.SendDontHave) sendDontHave(entry) } else { newWorkExists = true isWantBlock := e.sendAsBlock(entry.WantType, blockSize) log.Debugw(""Bitswap engine: block found"", ""local"", e.self, ""from"", p, ""cid"", entry.Cid, ""isWantBlock"", isWantBlock) entrySize := blockSize if !isWantBlock { entrySize = bsmsg.BlockPresenceSize(c) } activeEntries = append(activeEntries, peertask.Task{ Topic: c, Priority: int(entry.Priority), Work: entrySize, Data: &taskData{ BlockSize: blockSize, HaveBlock: true, IsWantBlock: isWantBlock, SendDontHave: entry.SendDontHave, }, }) } } if len(activeEntries) > 0 { e.peerRequestQueue.PushTasks(p, activeEntries...) e.updateMetrics() } }",True,Go,MessageReceived,engine.go,https://github.com/ipfs/boxo,ipfs,Jorropo,2023-02-17 18:06:35+01:00,bitswap/server/internal/decision: rewrite ledger inversion,CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-25568,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3543,"func (e *Engine) ReceivedBlocks(from peer.ID, blks []blocks.Block) { if len(blks) == 0 { return } l := e.findOrCreate(from) l.lk.Lock() defer l.lk.Unlock() for _, blk := range blks { log.Debugw(""Bitswap engine <- block"", ""local"", e.self, ""from"", from, ""cid"", blk.Cid(), ""size"", len(blk.RawData())) e.scoreLedger.AddToReceivedBytes(l.Partner, len(blk.RawData())) } }",True,Go,ReceivedBlocks,engine.go,https://github.com/ipfs/boxo,ipfs,Jorropo,2023-02-17 18:06:35+01:00,bitswap/server/internal/decision: rewrite ledger inversion,CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-25568,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3547,"func (e *Engine) MessageSent(p peer.ID, m bsmsg.BitSwapMessage) { l := e.findOrCreate(p) l.lk.Lock() defer l.lk.Unlock() for _, block := range m.Blocks() { e.scoreLedger.AddToSentBytes(l.Partner, len(block.RawData())) l.wantList.RemoveType(block.Cid(), pb.Message_Wantlist_Block) } for _, bp := range m.BlockPresences() { if bp.Type == pb.Message_Have { l.wantList.RemoveType(bp.Cid, pb.Message_Wantlist_Have) } } }",True,Go,MessageSent,engine.go,https://github.com/ipfs/boxo,ipfs,Jorropo,2023-02-17 18:06:35+01:00,bitswap/server/internal/decision: rewrite ledger inversion,CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-25568,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3550,"func (e *Engine) PeerConnected(p peer.ID) { e.lock.Lock() defer e.lock.Unlock() _, ok := e.ledgerMap[p] if !ok { e.ledgerMap[p] = newLedger(p) } e.scoreLedger.PeerConnected(p) }",True,Go,PeerConnected,engine.go,https://github.com/ipfs/boxo,ipfs,Jorropo,2023-02-17 18:06:35+01:00,bitswap/server/internal/decision: rewrite ledger inversion,CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-25568,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3551,"func newEngine( ctx context.Context, bs bstore.Blockstore, peerTagger PeerTagger, self peer.ID, maxReplaceSize int, opts ...Option, ) *Engine { e := &Engine{ ledgerMap: make(map[peer.ID]*ledger), scoreLedger: NewDefaultScoreLedger(), bstoreWorkerCount: defaults.BitswapEngineBlockstoreWorkerCount, maxOutstandingBytesPerPeer: defaults.BitswapMaxOutstandingBytesPerPeer, peerTagger: peerTagger, outbox: make(chan (<-chan *Envelope), outboxChanBuffer), workSignal: make(chan struct{}, 1), ticker: time.NewTicker(time.Millisecond * 100), maxBlockSizeReplaceHasWithBlock: maxReplaceSize, taskWorkerCount: defaults.BitswapEngineTaskWorkerCount, sendDontHaves: true, self: self, peerLedger: newPeerLedger(), pendingGauge: bmetrics.PendingEngineGauge(ctx), activeGauge: bmetrics.ActiveEngineGauge(ctx), targetMessageSize: defaultTargetMessageSize, tagQueued: fmt.Sprintf(tagFormat, ""queued"", uuid.New().String()), tagUseful: fmt.Sprintf(tagFormat, ""useful"", uuid.New().String()), } for _, opt := range opts { opt(e) } e.bsm = newBlockstoreManager(bs, e.bstoreWorkerCount, bmetrics.PendingBlocksGauge(ctx), bmetrics.ActiveBlocksGauge(ctx)) peerTaskQueueOpts := []peertaskqueue.Option{ peertaskqueue.OnPeerAddedHook(e.onPeerAdded), peertaskqueue.OnPeerRemovedHook(e.onPeerRemoved), peertaskqueue.TaskMerger(newTaskMerger()), peertaskqueue.IgnoreFreezing(true), peertaskqueue.MaxOutstandingWorkPerPeer(e.maxOutstandingBytesPerPeer), } if e.taskComparator != nil { queueTaskComparator := wrapTaskComparator(e.taskComparator) peerTaskQueueOpts = append(peerTaskQueueOpts, peertaskqueue.PeerComparator(peertracker.TaskPriorityPeerComparator(queueTaskComparator))) peerTaskQueueOpts = append(peerTaskQueueOpts, peertaskqueue.TaskComparator(queueTaskComparator)) } e.peerRequestQueue = peertaskqueue.New(peerTaskQueueOpts...) return e }",True,Go,newEngine,engine.go,https://github.com/ipfs/boxo,ipfs,Jorropo,2023-02-17 18:06:35+01:00,bitswap/server/internal/decision: rewrite ledger inversion,CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-25568,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3552,"func (e *Engine) NotifyNewBlocks(blks []blocks.Block) { if len(blks) == 0 { return } blockSizes := make(map[cid.Cid]int, len(blks)) for _, blk := range blks { blockSizes[blk.Cid()] = len(blk.RawData()) } var work bool missingWants := make(map[peer.ID][]cid.Cid) for _, b := range blks { k := b.Cid() e.lock.RLock() peers := e.peerLedger.Peers(k) e.lock.RUnlock() for _, p := range peers { e.lock.RLock() ledger, ok := e.ledgerMap[p] e.lock.RUnlock() if !ok { log.Debugw(""failed to find peer in ledger"", ""peer"", p) missingWants[p] = append(missingWants[p], k) continue } ledger.lk.RLock() entry, ok := ledger.WantListContains(k) ledger.lk.RUnlock() if !ok { log.Debugw(""wantlist index doesn't match peer's wantlist"", ""peer"", p) missingWants[p] = append(missingWants[p], k) continue } work = true blockSize := blockSizes[k] isWantBlock := e.sendAsBlock(entry.WantType, blockSize) entrySize := blockSize if !isWantBlock { entrySize = bsmsg.BlockPresenceSize(k) } e.peerRequestQueue.PushTasks(p, peertask.Task{ Topic: entry.Cid, Priority: int(entry.Priority), Work: entrySize, Data: &taskData{ BlockSize: blockSize, HaveBlock: true, IsWantBlock: isWantBlock, SendDontHave: false, }, }) e.updateMetrics() } } if len(missingWants) > 0 { e.lock.Lock() for p, wl := range missingWants { if ledger, ok := e.ledgerMap[p]; ok { ledger.lk.RLock() for _, k := range wl { if _, has := ledger.WantListContains(k); has { continue } e.peerLedger.CancelWant(p, k) } ledger.lk.RUnlock() } else { for _, k := range wl { e.peerLedger.CancelWant(p, k) } } } e.lock.Unlock() } if work { e.signalNewWork() } }",True,Go,NotifyNewBlocks,engine.go,https://github.com/ipfs/boxo,ipfs,Jorropo,2023-02-17 18:06:35+01:00,bitswap/server/internal/decision: rewrite ledger inversion,CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-25568,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3556,func (e *Engine) WantlistForPeer(p peer.ID) []wl.Entry { partner := e.findOrCreate(p) partner.lk.Lock() entries := partner.wantList.Entries() partner.lk.Unlock() return entries },True,Go,WantlistForPeer,engine.go,https://github.com/ipfs/boxo,ipfs,Jorropo,2023-02-17 18:06:35+01:00,bitswap/server/internal/decision: rewrite ledger inversion,CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-25568,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3560,"func (l *peerLedger) Peers(k cid.Cid) []peer.ID { m, ok := l.cids[k] if !ok { return nil } peers := make([]peer.ID, 0, len(m)) for p := range m { peers = append(peers, p) } return peers }",True,Go,Peers,peer_ledger.go,https://github.com/ipfs/boxo,ipfs,Jorropo,2023-02-17 18:06:35+01:00,bitswap/server/internal/decision: rewrite ledger inversion,CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-25568,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3569,func newPeerLedger() *peerLedger { return &peerLedger{cids: make(map[cid.Cid]map[peer.ID]struct{})} },True,Go,newPeerLedger,peer_ledger.go,https://github.com/ipfs/boxo,ipfs,Jorropo,2023-02-17 18:06:35+01:00,bitswap/server/internal/decision: rewrite ledger inversion,CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-25568,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3573,"func (l *peerLedger) CancelWant(p peer.ID, k cid.Cid) { m, ok := l.cids[k] if !ok { return } delete(m, p) if len(m) == 0 { delete(l.cids, k) } }",True,Go,CancelWant,peer_ledger.go,https://github.com/ipfs/boxo,ipfs,Jorropo,2023-02-17 18:06:35+01:00,bitswap/server/internal/decision: rewrite ledger inversion,CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-25568,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3575,"func (e *Engine) MessageReceived(ctx context.Context, p peer.ID, m bsmsg.BitSwapMessage) { entries := m.Wantlist() if len(entries) > 0 { log.Debugw(""Bitswap engine <- msg"", ""local"", e.self, ""from"", p, ""entryCount"", len(entries)) for _, et := range entries { if !et.Cancel { if et.WantType == pb.Message_Wantlist_Have { log.Debugw(""Bitswap engine <- want-have"", ""local"", e.self, ""from"", p, ""cid"", et.Cid) } else { log.Debugw(""Bitswap engine <- want-block"", ""local"", e.self, ""from"", p, ""cid"", et.Cid) } } } } if m.Empty() { log.Infof(""received empty message from %s"", p) } newWorkExists := false defer func() { if newWorkExists { e.signalNewWork() } }() wants, cancels := e.splitWantsCancels(entries) wants, denials := e.splitWantsDenials(p, wants) wantKs := cid.NewSet() for _, entry := range wants { wantKs.Add(entry.Cid) } blockSizes, err := e.bsm.getBlockSizes(ctx, wantKs.Keys()) if err != nil { log.Info(""aborting message processing"", err) return } e.lock.Lock() if m.Full() { e.peerLedger.ClearPeerWantlist(p) } s := uint(e.peerLedger.WantlistSizeForPeer(p)) if wouldBe := s + uint(len(wants)); wouldBe > e.maxQueuedWantlistEntriesPerPeer { log.Debugw(""wantlist overflow"", ""local"", e.self, ""remote"", p, ""would be"", wouldBe) available, o := bits.Sub(e.maxQueuedWantlistEntriesPerPeer, s, 0) if o != 0 { available = 0 } wants = wants[:available] } for _, entry := range wants { e.peerLedger.Wants(p, entry.Entry) } for _, entry := range cancels { log.Debugw(""Bitswap engine <- cancel"", ""local"", e.self, ""from"", p, ""cid"", entry.Cid) if e.peerLedger.CancelWant(p, entry.Cid) { e.peerRequestQueue.Remove(entry.Cid, p) } } e.lock.Unlock() var activeEntries []peertask.Task sendDontHave := func(entry bsmsg.Entry) { if e.sendDontHaves && entry.SendDontHave { c := entry.Cid newWorkExists = true isWantBlock := false if entry.WantType == pb.Message_Wantlist_Block { isWantBlock = true } activeEntries = append(activeEntries, peertask.Task{ Topic: c, Priority: int(entry.Priority), Work: bsmsg.BlockPresenceSize(c), Data: &taskData{ BlockSize: 0, HaveBlock: false, IsWantBlock: isWantBlock, SendDontHave: entry.SendDontHave, }, }) } } for _, entry := range denials { log.Debugw(""Bitswap engine: block denied access"", ""local"", e.self, ""from"", p, ""cid"", entry.Cid, ""sendDontHave"", entry.SendDontHave) sendDontHave(entry) } for _, entry := range wants { c := entry.Cid blockSize, found := blockSizes[entry.Cid] if !found { log.Debugw(""Bitswap engine: block not found"", ""local"", e.self, ""from"", p, ""cid"", entry.Cid, ""sendDontHave"", entry.SendDontHave) sendDontHave(entry) } else { newWorkExists = true isWantBlock := e.sendAsBlock(entry.WantType, blockSize) log.Debugw(""Bitswap engine: block found"", ""local"", e.self, ""from"", p, ""cid"", entry.Cid, ""isWantBlock"", isWantBlock) entrySize := blockSize if !isWantBlock { entrySize = bsmsg.BlockPresenceSize(c) } activeEntries = append(activeEntries, peertask.Task{ Topic: c, Priority: int(entry.Priority), Work: entrySize, Data: &taskData{ BlockSize: blockSize, HaveBlock: true, IsWantBlock: isWantBlock, SendDontHave: entry.SendDontHave, }, }) } } if len(activeEntries) > 0 { e.peerRequestQueue.PushTasksTruncated(e.maxQueuedWantlistEntriesPerPeer, p, activeEntries...) e.updateMetrics() } }",True,Go,MessageReceived,engine.go,https://github.com/ipfs/boxo,ipfs,Jorropo,2023-02-17 18:06:35+01:00,"bitswap/server/internal/decision: add filtering on CIDs
- Ignore cids that are too big.
- Kill connection for peers that are using inline CIDs.",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-25568,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3581,"func (t *Teler) checkCommonWebAttack(r *http.Request) error { uri := toURLDecode(r.URL.RequestURI()) var body string buf := &bytes.Buffer{} _, err := io.Copy(buf, r.Body) if err == nil { r.Body = io.NopCloser(buf) body = buf.String() } body = toURLDecode(body) for _, filter := range t.threat.cwa.Filters { var match bool switch pattern := filter.pattern.(type) { case *regexp.Regexp: match = pattern.MatchString(uri) || pattern.MatchString(body) case *pcre.Matcher: match = pattern.MatchString(uri, 0) || pattern.MatchString(body, 0) default: continue } if match { return errors.New(filter.Description) } } return nil }",True,Go,checkCommonWebAttack,analyze.go,https://github.com/kitabisa/teler-waf,kitabisa,Dwi Siswanto,2023-01-11 10:17:56+07:00,"feat: unescape any HTML entities

Any HTML entities of URL-decoded characters should be unescape before
perform the checks.

$ curl localhost:3000 -so /dev/null -w ""%{http_code}\n"" -A X -d ""body=%22autofocus%20onFocUs=%27%26%2397%3blert()%27""
403",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-26046,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3590,"func BytesToFile(filePath string, data []byte) error { exist, _ := IsPathExist(filePath) if !exist { if err := CreateFile(filePath); err != nil { return err } } return ioutil.WriteFile(filePath, data, 0644) }",True,Go,BytesToFile,file.go,https://github.com/dablelv/go-huge-util,dablelv,R22627,2023-03-14 16:14:22+08:00,fix zip.Unzip path traversal vulnerability and add some new file utility functions,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-28105,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3591,"func IsPathExist(path string) (bool, error) { _, err := os.Stat(path) if err == nil { return true, nil } if os.IsNotExist(err) { return false, nil } return false, err }",True,Go,IsPathExist,file.go,https://github.com/dablelv/go-huge-util,dablelv,R22627,2023-03-14 16:14:22+08:00,fix zip.Unzip path traversal vulnerability and add some new file utility functions,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-28105,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3594,"func Create(filePath string) (*os.File, error) { if exist, err := IsPathExist(filePath); err != nil { return nil, err } else if exist { return os.Create(filePath) } if err := os.MkdirAll(filepath.Dir(filePath), os.ModePerm); err != nil { return nil, err } return os.Create(filePath) }",True,Go,Create,file.go,https://github.com/dablelv/go-huge-util,dablelv,R22627,2023-03-14 16:14:22+08:00,fix zip.Unzip path traversal vulnerability and add some new file utility functions,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-28105,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3595,func RemoveFile(path string) error { err := os.Remove(path) return err },True,Go,RemoveFile,file.go,https://github.com/dablelv/go-huge-util,dablelv,R22627,2023-03-14 16:14:22+08:00,fix zip.Unzip path traversal vulnerability and add some new file utility functions,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-28105,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3599,"corsHandler := gh.CORS(gh.AllowCredentials(), gh.AllowedHeaders([]string{""x-requested-with"", ""content-type""}), gh.AllowedMethods([]string{""GET"", ""POST"", ""HEAD"", ""DELETE""}), gh.AllowedOriginValidator(func(origin string) bool { if strings.Contains(origin, ""localhost"") || strings.HasSuffix(origin, ""play-with-docker.com"") || strings.HasSuffix(origin, ""play-with-kubernetes.com"") || strings.HasSuffix(origin, ""docker.com"") || strings.HasSuffix(origin, ""play-with-go.dev"") { return true } return false }), gh.AllowedOrigins([]string{}))",True,Go,bool,bootstrap.go,https://github.com/play-with-docker/play-with-docker,play-with-docker,Marcos Lilljedahl,2023-03-02 01:50:08-03:00,"fix CORS origins to avoid domain hijacking

Signed-off-by: Marcos Lilljedahl <marcosnils@gmail.com>",CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2023-28109,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3601,"func (k *K8sClusterMesh) generateDeployment(clustermeshApiserverArgs []string) *appsv1.Deployment { deployment := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Name: defaults.ClusterMeshDeploymentName, Labels: defaults.ClusterMeshDeploymentLabels, }, Spec: appsv1.DeploymentSpec{ Replicas: &replicas, Selector: &metav1.LabelSelector{ MatchLabels: defaults.ClusterMeshDeploymentLabels, }, Strategy: appsv1.DeploymentStrategy{ Type: appsv1.RollingUpdateDeploymentStrategyType, RollingUpdate: &appsv1.RollingUpdateDeployment{ MaxUnavailable: &deploymentMaxUnavailable, MaxSurge: &deploymentMaxSurge, }, }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Name: defaults.ClusterMeshDeploymentName, Labels: defaults.ClusterMeshDeploymentLabels, }, Spec: corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyAlways, ServiceAccountName: defaults.ClusterMeshServiceAccountName, Containers: []corev1.Container{ { Name: ""etcd"", Command: []string{""/usr/local/bin/etcd""}, Args: []string{ ""--data-dir=/var/run/etcd"", ""--name=clustermesh-apiserver"", ""--client-cert-auth"", ""--trusted-ca-file=/var/lib/etcd-secrets/ca.crt"", ""--cert-file=/var/lib/etcd-secrets/tls.crt"", ""--key-file=/var/lib/etcd-secrets/tls.key"", ""--listen-client-urls=https: ""--advertise-client-urls=https: ""--initial-cluster-token=clustermesh-apiserver"", ""--auto-compaction-retention=1"", }, Image: k.etcdImage(), ImagePullPolicy: corev1.PullIfNotPresent, Env: k.etcdEnvs(), VolumeMounts: []corev1.VolumeMount{ { Name: ""etcd-server-secrets"", MountPath: ""/var/lib/etcd-secrets"", ReadOnly: true, }, { Name: ""etcd-data-dir"", MountPath: ""/var/run/etcd"", }, }, }, { Name: ""apiserver"", Command: []string{""/usr/bin/clustermesh-apiserver""}, Args: append(clustermeshApiserverArgs, ""--cluster-name=""+k.clusterName, ""--cluster-id=""+k.clusterID, ""--kvstore-opt"", ""etcd.config=/var/lib/cilium/etcd-config.yaml"", ), Image: k.apiserverImage(utils.ImagePathIncludeDigest), ImagePullPolicy: corev1.PullIfNotPresent, Env: []corev1.EnvVar{ { Name: ""CILIUM_CLUSTER_NAME"", ValueFrom: &corev1.EnvVarSource{ ConfigMapKeyRef: &corev1.ConfigMapKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ Name: defaults.ConfigMapName, }, Key: configNameClusterName, }, }, }, { Name: ""CILIUM_CLUSTER_ID"", ValueFrom: &corev1.EnvVarSource{ ConfigMapKeyRef: &corev1.ConfigMapKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ Name: defaults.ConfigMapName, }, Key: configNameClusterID, }, }, }, { Name: ""CILIUM_IDENTITY_ALLOCATION_MODE"", ValueFrom: &corev1.EnvVarSource{ ConfigMapKeyRef: &corev1.ConfigMapKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ Name: defaults.ConfigMapName, }, Key: ""identity-allocation-mode"", }, }, }, }, VolumeMounts: []corev1.VolumeMount{ { Name: ""etcd-admin-client"", MountPath: ""/var/lib/cilium/etcd-secrets"", ReadOnly: true, }, }, }, }, InitContainers: []corev1.Container{ { Name: ""etcd-init"", Command: []string{""/bin/sh"", ""-c""}, Args: initContainerArgs, Image: k.etcdImage(), ImagePullPolicy: corev1.PullIfNotPresent, Env: k.etcdEnvs(), VolumeMounts: []corev1.VolumeMount{ { Name: ""etcd-data-dir"", MountPath: ""etcd-data-dir"", }, }, }, }, Volumes: []corev1.Volume{ { Name: ""etcd-data-dir"", VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, }, { Name: ""etcd-server-secrets"", VolumeSource: corev1.VolumeSource{ Projected: &corev1.ProjectedVolumeSource{ DefaultMode: &secretDefaultMode, Sources: []corev1.VolumeProjection{ { Secret: &corev1.SecretProjection{ LocalObjectReference: corev1.LocalObjectReference{ Name: defaults.CASecretName, }, Items: []corev1.KeyToPath{ { Key: defaults.CASecretCertName, Path: ""ca.crt"", }, }, }, }, { Secret: &corev1.SecretProjection{ LocalObjectReference: corev1.LocalObjectReference{ Name: defaults.ClusterMeshServerSecretName, }, }, }, }, }, }, }, { Name: ""etcd-admin-client"", VolumeSource: corev1.VolumeSource{ Projected: &corev1.ProjectedVolumeSource{ DefaultMode: &secretDefaultMode, Sources: []corev1.VolumeProjection{ { Secret: &corev1.SecretProjection{ LocalObjectReference: corev1.LocalObjectReference{ Name: defaults.CASecretName, }, Items: []corev1.KeyToPath{ { Key: defaults.CASecretCertName, Path: ""ca.crt"", }, }, }, }, { Secret: &corev1.SecretProjection{ LocalObjectReference: corev1.LocalObjectReference{ Name: defaults.ClusterMeshAdminSecretName, }, }, }, }, }, }, }, }, }, }, }, } return deployment }",True,Go,generateDeployment,clustermesh.go,https://github.com/cilium/cilium-cli,cilium,Tobias Klauser,2023-03-16 11:20:12+01:00,"clustermesh: correctly mount the etcd data dir in the init container

This commit fixes an incorrect volume mount specification for the init
container of the clustermesh-apiserver deployment created through
'cilium clustermesh enable', that caused the operations performed in the
init container itself to be disregarded.

Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>",CWE-755,Improper Handling of Exceptional Conditions,The product does not handle or incorrectly handles an exceptional condition.,https://cwe.mitre.org/data/definitions/755.html,CVE-2023-28114,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3613,"func authentication(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { authenticationHandler(w, r) next.ServeHTTP(w, r) }) }",True,Go,authentication,auth.go,https://github.com/ansible-semaphore/semaphore,ansible-semaphore,Denis Gukov,2023-03-13 14:04:58+01:00,fix: authentization bug,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-28609,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3614,"func authenticationWithStore(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { store := helpers.Store(r) db.StoreSession(store, r.URL.String(), func() { authenticationHandler(w, r) }) next.ServeHTTP(w, r) }) }",True,Go,authenticationWithStore,auth.go,https://github.com/ansible-semaphore/semaphore,ansible-semaphore,Denis Gukov,2023-03-13 14:04:58+01:00,fix: authentization bug,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-28609,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3616,"func authenticationHandler(w http.ResponseWriter, r *http.Request) { var userID int authHeader := strings.ToLower(r.Header.Get(""authorization"")) if len(authHeader) > 0 && strings.Contains(authHeader, ""bearer"") { token, err := helpers.Store(r).GetAPIToken(strings.Replace(authHeader, ""bearer "", """", 1)) if err != nil { if err != db.ErrNotFound { log.Error(err) } w.WriteHeader(http.StatusUnauthorized) return } userID = token.UserID } else { cookie, err := r.Cookie(""semaphore"") if err != nil { w.WriteHeader(http.StatusUnauthorized) return } value := make(map[string]interface{}) if err = util.Cookie.Decode(""semaphore"", cookie.Value, &value); err != nil { w.WriteHeader(http.StatusUnauthorized) return } user, ok := value[""user""] sessionVal, okSession := value[""session""] if !ok || !okSession { w.WriteHeader(http.StatusUnauthorized) return } userID = user.(int) sessionID := sessionVal.(int) session, err := helpers.Store(r).GetSession(userID, sessionID) if err != nil { w.WriteHeader(http.StatusUnauthorized) return } if time.Since(session.LastActive).Hours() > 7*24 { if err := helpers.Store(r).ExpireSession(userID, sessionID); err != nil { log.Error(err) } w.WriteHeader(http.StatusUnauthorized) return } if err := helpers.Store(r).TouchSession(userID, sessionID); err != nil { log.Error(err) w.WriteHeader(http.StatusUnauthorized) return } } user, err := helpers.Store(r).GetUser(userID) if err != nil { if err != db.ErrNotFound { log.Error(err) } w.WriteHeader(http.StatusUnauthorized) return } if util.Config.DemoMode { if !user.Admin && r.Method != ""GET"" && !strings.HasSuffix(r.URL.Path, ""/tasks"") && !strings.HasSuffix(r.URL.Path, ""/stop"") { w.WriteHeader(http.StatusUnauthorized) return } } context.Set(r, ""user"", &user) }",True,Go,authenticationHandler,auth.go,https://github.com/ansible-semaphore/semaphore,ansible-semaphore,Denis Gukov,2023-03-13 14:04:58+01:00,fix: authentization bug,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-28609,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3619,"func getSystemInfo(w http.ResponseWriter, r *http.Request) { body := map[string]interface{}{ ""version"": util.Version, ""ansible"": util.AnsibleVersion(), ""demo"": util.Config.DemoMode, } helpers.WriteJSON(w, http.StatusOK, body) }",True,Go,getSystemInfo,router.go,https://github.com/ansible-semaphore/semaphore,ansible-semaphore,Denis Gukov,2023-03-13 14:04:58+01:00,fix: authentization bug,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-28609,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3638,"func (v V002Entry) IndexKeys() ([]string, error) { var result []string if v.IntotoObj.Content == nil || v.IntotoObj.Content.Envelope == nil { log.Logger.Info(""IntotoObj content or dsse envelope is nil"") return result, nil } for _, sig := range v.IntotoObj.Content.Envelope.Signatures { keyObj, err := x509.NewPublicKey(bytes.NewReader(sig.PublicKey)) if err != nil { return result, err } canonKey, err := keyObj.CanonicalValue() if err != nil { return result, fmt.Errorf(""could not canonicize key: %w"", err) } keyHash := sha256.Sum256(canonKey) result = append(result, ""sha256:""+hex.EncodeToString(keyHash[:])) result = append(result, keyObj.Subjects()...) } payloadKey := strings.ToLower(fmt.Sprintf(""%s:%s"", *v.IntotoObj.Content.PayloadHash.Algorithm, *v.IntotoObj.Content.PayloadHash.Value)) result = append(result, payloadKey) switch *v.IntotoObj.Content.Envelope.PayloadType { case in_toto.PayloadType: if v.IntotoObj.Content.Envelope.Payload == nil { log.Logger.Info(""IntotoObj DSSE payload is empty"") return result, nil } decodedPayload, err := base64.StdEncoding.DecodeString(string(v.IntotoObj.Content.Envelope.Payload)) if err != nil { return result, fmt.Errorf(""could not decode envelope payload: %w"", err) } statement, err := parseStatement(decodedPayload) if err != nil { return result, err } for _, s := range statement.Subject { for alg, ds := range s.Digest { result = append(result, alg+"":""+ds) } } if predicate, err := parseSlsaPredicate(decodedPayload); err == nil { if predicate.Predicate.Materials != nil { for _, s := range predicate.Predicate.Materials { for alg, ds := range s.Digest { result = append(result, alg+"":""+ds) } } } } default: log.Logger.Infof(""Unknown in_toto DSSE envelope Type: %s"", *v.IntotoObj.Content.Envelope.PayloadType) } return result, nil }",True,Go,IndexKeys,entry.go,https://github.com/sigstore/rekor,sigstore,GitHub,2023-05-26 06:44:56-04:00,"Merge pull request from GHSA-frqx-jfcm-6jjr

* fix for ghsa-frqx-jfcm-6jjr

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add defensive check

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add defensive check to dsse type

Signed-off-by: Bob Callaway <bcallaway@google.com>

* be stricter for DSSE, add another defensive check

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: Bob Callaway <bcallaway@google.com>",CWE-617,Reachable Assertion,"The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.",https://cwe.mitre.org/data/definitions/617.html,CVE-2023-33199,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3639,"func (v V002Entry) Insertable() (bool, error) { if v.IntotoObj.Content == nil { return false, errors.New(""missing content property"") } if v.IntotoObj.Content.Envelope == nil { return false, errors.New(""missing envelope property"") } if len(v.IntotoObj.Content.Envelope.Payload) == 0 { return false, errors.New(""missing envelope content"") } if v.IntotoObj.Content.Envelope.PayloadType == nil || len(*v.IntotoObj.Content.Envelope.PayloadType) == 0 { return false, errors.New(""missing payloadType content"") } if len(v.IntotoObj.Content.Envelope.Signatures) == 0 { return false, errors.New(""missing signatures content"") } for _, sig := range v.IntotoObj.Content.Envelope.Signatures { if len(sig.Sig) == 0 { return false, errors.New(""missing signature content"") } if len(sig.PublicKey) == 0 { return false, errors.New(""missing publicKey content"") } } if v.env.Payload == """" || v.env.PayloadType == """" || len(v.env.Signatures) == 0 { return false, errors.New(""invalid DSSE envelope"") } return true, nil }",True,Go,Insertable,entry.go,https://github.com/sigstore/rekor,sigstore,GitHub,2023-05-26 06:44:56-04:00,"Merge pull request from GHSA-frqx-jfcm-6jjr

* fix for ghsa-frqx-jfcm-6jjr

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add defensive check

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add defensive check to dsse type

Signed-off-by: Bob Callaway <bcallaway@google.com>

* be stricter for DSSE, add another defensive check

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: Bob Callaway <bcallaway@google.com>",CWE-617,Reachable Assertion,"The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.",https://cwe.mitre.org/data/definitions/617.html,CVE-2023-33199,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3641,"func TestInsertable(t *testing.T) { type TestCase struct { caseDesc string entry V002Entry expectSuccess bool } key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { t.Fatal(err) } env := envelope(t, key, []byte(""payload"")) testCases := []TestCase{ { caseDesc: ""valid entry"", entry: V002Entry{ IntotoObj: models.IntotoV002Schema{ Content: &models.IntotoV002SchemaContent{ Envelope: &models.IntotoV002SchemaContentEnvelope{ Payload: strfmt.Base64(""payload""), PayloadType: swag.String(""payloadType""), Signatures: []*models.IntotoV002SchemaContentEnvelopeSignaturesItems0{ { PublicKey: strfmt.Base64([]byte(""key"")), Sig: strfmt.Base64([]byte(""sig"")), }, }, }, }, }, env: *env, }, expectSuccess: true, }, { caseDesc: ""valid entry but hasn't been parsed"", entry: V002Entry{ IntotoObj: models.IntotoV002Schema{ Content: &models.IntotoV002SchemaContent{ Envelope: &models.IntotoV002SchemaContentEnvelope{ Payload: strfmt.Base64(""payload""), PayloadType: swag.String(""payloadType""), Signatures: []*models.IntotoV002SchemaContentEnvelopeSignaturesItems0{ { PublicKey: strfmt.Base64([]byte(""key"")), Sig: strfmt.Base64([]byte(""sig"")), }, }, }, }, }, env: dsse.Envelope{}, }, expectSuccess: false, }, { caseDesc: ""missing sig"", entry: V002Entry{ IntotoObj: models.IntotoV002Schema{ Content: &models.IntotoV002SchemaContent{ Envelope: &models.IntotoV002SchemaContentEnvelope{ Payload: strfmt.Base64(""payload""), PayloadType: swag.String(""payloadType""), Signatures: []*models.IntotoV002SchemaContentEnvelopeSignaturesItems0{ { PublicKey: strfmt.Base64([]byte(""key"")), }, }, }, }, }, env: *env, }, expectSuccess: false, }, { caseDesc: ""missing key"", entry: V002Entry{ IntotoObj: models.IntotoV002Schema{ Content: &models.IntotoV002SchemaContent{ Envelope: &models.IntotoV002SchemaContentEnvelope{ Payload: strfmt.Base64(""payload""), PayloadType: swag.String(""payloadType""), Signatures: []*models.IntotoV002SchemaContentEnvelopeSignaturesItems0{ { Sig: strfmt.Base64([]byte(""sig"")), }, }, }, }, }, env: *env, }, expectSuccess: false, }, { caseDesc: ""empty signatures"", entry: V002Entry{ IntotoObj: models.IntotoV002Schema{ Content: &models.IntotoV002SchemaContent{ Envelope: &models.IntotoV002SchemaContentEnvelope{ Payload: strfmt.Base64(""payload""), PayloadType: swag.String(""payloadType""), Signatures: []*models.IntotoV002SchemaContentEnvelopeSignaturesItems0{}, }, }, }, env: *env, }, expectSuccess: false, }, { caseDesc: ""missing payloadType"", entry: V002Entry{ IntotoObj: models.IntotoV002Schema{ Content: &models.IntotoV002SchemaContent{ Envelope: &models.IntotoV002SchemaContentEnvelope{ Payload: strfmt.Base64(""payload""), Signatures: []*models.IntotoV002SchemaContentEnvelopeSignaturesItems0{ { PublicKey: strfmt.Base64([]byte(""key"")), Sig: strfmt.Base64([]byte(""sig"")), }, }, }, }, }, env: *env, }, expectSuccess: false, }, { caseDesc: ""missing payload"", entry: V002Entry{ IntotoObj: models.IntotoV002Schema{ Content: &models.IntotoV002SchemaContent{ Envelope: &models.IntotoV002SchemaContentEnvelope{ PayloadType: swag.String(""payloadType""), Signatures: []*models.IntotoV002SchemaContentEnvelopeSignaturesItems0{ { PublicKey: strfmt.Base64([]byte(""key"")), Sig: strfmt.Base64([]byte(""sig"")), }, }, }, }, }, env: *env, }, expectSuccess: false, }, { caseDesc: ""missing envelope"", entry: V002Entry{ IntotoObj: models.IntotoV002Schema{ Content: &models.IntotoV002SchemaContent{ }, }, env: *env, }, expectSuccess: false, }, { caseDesc: ""missing content"", entry: V002Entry{ IntotoObj: models.IntotoV002Schema{ }, env: *env, }, expectSuccess: false, }, } for _, tc := range testCases { t.Run(tc.caseDesc, func(t *testing.T) { if ok, err := tc.entry.Insertable(); ok != tc.expectSuccess { t.Errorf(""unexpected result calling Insertable: %v"", err) } }) } }",True,Go,TestInsertable,entry_test.go,https://github.com/sigstore/rekor,sigstore,GitHub,2023-05-26 06:44:56-04:00,"Merge pull request from GHSA-frqx-jfcm-6jjr

* fix for ghsa-frqx-jfcm-6jjr

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add defensive check

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add defensive check to dsse type

Signed-off-by: Bob Callaway <bcallaway@google.com>

* be stricter for DSSE, add another defensive check

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: Bob Callaway <bcallaway@google.com>",CWE-617,Reachable Assertion,"The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.",https://cwe.mitre.org/data/definitions/617.html,CVE-2023-33199,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3644,"var uv = func() error { if err := v.Unmarshal(it); err != nil { return err } if !tt.wantErr { if ok, err := v.Insertable(); !ok || err != nil { t.Errorf(""unexpected error calling insertable on valid proposed entry: %v"", err) } } want := []string{} for _, sig := range v.IntotoObj.Content.Envelope.Signatures { keyHash := sha256.Sum256(sig.PublicKey) want = append(want, ""sha256:""+hex.EncodeToString(keyHash[:])) } decodedPayload, err := base64.StdEncoding.DecodeString(tt.env.Payload) if err != nil { return fmt.Errorf(""could not decode envelope payload: %w"", err) } h := sha256.Sum256(decodedPayload) want = append(want, ""sha256:""+hex.EncodeToString(h[:])) if !reflect.DeepEqual(v.AttestationKey(), ""sha256:""+hex.EncodeToString(h[:])) { t.Errorf(""V002Entry.AttestationKey() = %v, want %v"", v.AttestationKey(), ""sha256:""+hex.EncodeToString(h[:])) } got, _ := v.IndexKeys() sort.Strings(got) sort.Strings(want) if !reflect.DeepEqual(got, want) { t.Errorf(""V002Entry.IndexKeys() = %v, want %v"", got, want) } payloadBytes, _ := v.env.DecodeB64Payload() payloadSha := sha256.Sum256(payloadBytes) payloadHash := hex.EncodeToString(payloadSha[:]) canonicalBytes, err := v.Canonicalize(context.Background()) if err != nil { t.Errorf(""error canonicalizing entry: %v"", err) } pe, err := models.UnmarshalProposedEntry(bytes.NewReader(canonicalBytes), runtime.JSONConsumer()) if err != nil { t.Errorf(""unexpected err from Unmarshalling canonicalized entry for '%v': %v"", tt.name, err) } canonicalEntry, err := types.UnmarshalEntry(pe) if err != nil { t.Errorf(""unexpected err from type-specific unmarshalling for '%v': %v"", tt.name, err) } if ok, err := canonicalEntry.Insertable(); ok || err == nil { t.Errorf(""unexpected success calling Insertable on entry created from canonicalized content"") } canonicalV002 := canonicalEntry.(*V002Entry) fmt.Printf(""%v"", canonicalV002.IntotoObj.Content) if *canonicalV002.IntotoObj.Content.Hash.Value != *tt.it.Content.Hash.Value { t.Errorf(""envelope hashes do not match post canonicalization: %v %v"", *canonicalV002.IntotoObj.Content.Hash.Value, *tt.it.Content.Hash.Value) } if canonicalV002.AttestationKey() != """" && *canonicalV002.IntotoObj.Content.PayloadHash.Value != payloadHash { t.Errorf(""payload hashes do not match post canonicalization: %v %v"", canonicalV002.IntotoObj.Content.PayloadHash.Value, payloadHash) } canonicalIndexKeys, _ := canonicalV002.IndexKeys() if !cmp.Equal(got, canonicalIndexKeys, cmpopts.SortSlices(func(x, y string) bool { return x < y })) { t.Errorf(""index keys from hydrated object do not match those generated from canonicalized (and re-hydrated) object: %v %v"", got, canonicalIndexKeys) } verifier, err := v.Verifier() if !tt.wantVerifierErr { if err != nil { t.Errorf(""%v: unexpected error, got %v"", tt.name, err) } else { pubV, _ := verifier.CanonicalValue() if !reflect.DeepEqual(pubV, pub) && !reflect.DeepEqual(pubV, pemBytes) { t.Errorf(""verifier and public keys do not match: %v, %v"", string(pubV), string(pub)) } } } else { if err == nil { s, _ := verifier.CanonicalValue() t.Errorf(""%v: expected error for %v, got %v"", tt.name, string(s), err) } } return nil } if err := uv(); (err != nil) != tt.wantErr { t.Errorf(""V002Entry.Unmarshal() error = %v, wantErr %v"", err, tt.wantErr) } })",True,Go,error,entry_test.go,https://github.com/sigstore/rekor,sigstore,GitHub,2023-05-26 06:44:56-04:00,"Merge pull request from GHSA-frqx-jfcm-6jjr

* fix for ghsa-frqx-jfcm-6jjr

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add defensive check

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add defensive check to dsse type

Signed-off-by: Bob Callaway <bcallaway@google.com>

* be stricter for DSSE, add another defensive check

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: Bob Callaway <bcallaway@google.com>",CWE-617,Reachable Assertion,"The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.",https://cwe.mitre.org/data/definitions/617.html,CVE-2023-33199,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3646,"func TestV002Entry_IndexKeys(t *testing.T) { key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { t.Fatal(err) } der, err := x509.MarshalPKIXPublicKey(&key.PublicKey) if err != nil { t.Fatal(err) } pub := pem.EncodeToMemory(&pem.Block{ Bytes: der, Type: ""PUBLIC KEY"", }) tests := []struct { name string statement in_toto.Statement want []string }{ { name: ""standard"", want: []string{}, statement: in_toto.Statement{ Predicate: ""hello"", }, }, { name: ""subject"", want: []string{""sha256:foo""}, statement: in_toto.Statement{ StatementHeader: in_toto.StatementHeader{ Subject: []in_toto.Subject{ { Name: ""foo"", Digest: map[string]string{ ""sha256"": ""foo"", }, }, }, }, Predicate: ""hello"", }, }, { name: ""slsa"", want: []string{""sha256:bar""}, statement: in_toto.Statement{ Predicate: slsa.ProvenancePredicate{ Materials: []common.ProvenanceMaterial{ { URI: ""foo"", Digest: map[string]string{ ""sha256"": ""bar"", }}, }, }, }, }, { name: ""slsa wit header"", want: []string{""sha256:foo"", ""sha256:bar""}, statement: in_toto.Statement{ StatementHeader: in_toto.StatementHeader{ Subject: []in_toto.Subject{ { Name: ""foo"", Digest: map[string]string{ ""sha256"": ""foo"", }, }, }, }, Predicate: slsa.ProvenancePredicate{ Materials: []common.ProvenanceMaterial{ { URI: ""foo"", Digest: map[string]string{ ""sha256"": ""bar"", }}, }, }, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { b, err := json.Marshal(tt.statement) if err != nil { t.Fatal(err) } payloadHash := sha256.Sum256(b) v := V002Entry{ IntotoObj: models.IntotoV002Schema{ Content: &models.IntotoV002SchemaContent{ Envelope: createRekorEnvelope(envelope(t, key, b), [][]byte{pub}), Hash: &models.IntotoV002SchemaContentHash{ Algorithm: swag.String(models.IntotoV001SchemaContentHashAlgorithmSha256), Value: swag.String(envelopeHash(t, envelope(t, key, b))), }, PayloadHash: &models.IntotoV002SchemaContentPayloadHash{ Algorithm: swag.String(models.IntotoV001SchemaContentHashAlgorithmSha256), Value: swag.String(hex.EncodeToString(payloadHash[:])), }, }, }, env: *envelope(t, key, b), } want := []string{} for _, sig := range v.IntotoObj.Content.Envelope.Signatures { keyHash := sha256.Sum256(sig.PublicKey) want = append(want, ""sha256:""+hex.EncodeToString(keyHash[:])) } want = append(want, ""sha256:""+hex.EncodeToString(payloadHash[:])) want = append(want, tt.want...) got, _ := v.IndexKeys() sort.Strings(got) sort.Strings(want) if !cmp.Equal(got, want) { t.Errorf(""V001Entry.IndexKeys() = %v, want %v"", got, want) } }) } }",True,Go,TestV002Entry_IndexKeys,entry_test.go,https://github.com/sigstore/rekor,sigstore,GitHub,2023-05-26 06:44:56-04:00,"Merge pull request from GHSA-frqx-jfcm-6jjr

* fix for ghsa-frqx-jfcm-6jjr

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add defensive check

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add defensive check to dsse type

Signed-off-by: Bob Callaway <bcallaway@google.com>

* be stricter for DSSE, add another defensive check

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: Bob Callaway <bcallaway@google.com>",CWE-617,Reachable Assertion,"The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.",https://cwe.mitre.org/data/definitions/617.html,CVE-2023-33199,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3648,"func createRekorEnvelope(dsseEnv *dsse.Envelope, pub [][]byte) *models.IntotoV002SchemaContentEnvelope { env := &models.IntotoV002SchemaContentEnvelope{} b64 := strfmt.Base64([]byte(dsseEnv.Payload)) env.Payload = b64 env.PayloadType = &dsseEnv.PayloadType for i, sig := range dsseEnv.Signatures { env.Signatures = append(env.Signatures, &models.IntotoV002SchemaContentEnvelopeSignaturesItems0{ Keyid: sig.KeyID, Sig: strfmt.Base64([]byte(sig.Sig)), PublicKey: strfmt.Base64(pub[i]), }) } return env }",True,Go,createRekorEnvelope,entry_test.go,https://github.com/sigstore/rekor,sigstore,GitHub,2023-05-26 06:44:56-04:00,"Merge pull request from GHSA-frqx-jfcm-6jjr

* fix for ghsa-frqx-jfcm-6jjr

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add defensive check

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add defensive check to dsse type

Signed-off-by: Bob Callaway <bcallaway@google.com>

* be stricter for DSSE, add another defensive check

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: Bob Callaway <bcallaway@google.com>",CWE-617,Reachable Assertion,"The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.",https://cwe.mitre.org/data/definitions/617.html,CVE-2023-33199,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3649,"func (fem *FailedEventsManagerT) FetchFailedRecordIDs(taskRunID string) []*FailedEventRowT { if !failedKeysEnabled { return []*FailedEventRowT{} } failedEvents := make([]*FailedEventRowT, 0) var rows *sql.Rows var err error table := fmt.Sprintf(`%s_%s`, failedKeysTablePrefix, taskRunID) sqlStatement := fmt.Sprintf(`SELECT %[1]s.destination_id, %[1]s.record_id FROM %[1]s `, table) rows, err = fem.dbHandle.Query(sqlStatement) if err != nil { pkgLogger.Errorf(""Failed to fetch from table %s with error: %v"", taskRunID, err) return failedEvents } defer rows.Close() for rows.Next() { var failedEvent FailedEventRowT err := rows.Scan(&failedEvent.DestinationID, &failedEvent.RecordID) if err != nil { panic(err) } failedEvents = append(failedEvents, &failedEvent) } return failedEvents }",True,Go,FetchFailedRecordIDs,failed-events-manager.go,https://github.com/rudderlabs/rudder-server,rudderlabs,GitHub,2022-11-07 23:05:06+05:18,fix: properly escape table name when querying for failed events (#2663),CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-30625,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3650,"func (*FailedEventsManagerT) SaveFailedRecordIDs(taskRunIDFailedEventsMap map[string][]*FailedEventRowT, txn *sql.Tx) { if !failedKeysEnabled { return } for taskRunID, failedEvents := range taskRunIDFailedEventsMap { table := fmt.Sprintf(`%s_%s`, failedKeysTablePrefix, taskRunID) sqlStatement := fmt.Sprintf(`CREATE TABLE IF NOT EXISTS %s ( destination_id TEXT NOT NULL, record_id JSONB NOT NULL, created_at TIMESTAMP NOT NULL);`, table) _, err := txn.Exec(sqlStatement) if err != nil { _ = txn.Rollback() panic(err) } insertQuery := fmt.Sprintf(`INSERT INTO %s VALUES($1, $2, $3);`, table) stmt, err := txn.Prepare(insertQuery) if err != nil { _ = txn.Rollback() panic(err) } createdAt := time.Now() for _, failedEvent := range failedEvents { if len(failedEvent.RecordID) == 0 || !json.Valid(failedEvent.RecordID) { pkgLogger.Infof(""skipped adding invalid recordId: %s, to failed keys table: %s"", failedEvent.RecordID, table) continue } _, err = stmt.Exec(failedEvent.DestinationID, failedEvent.RecordID, createdAt) if err != nil { panic(err) } } stmt.Close() } }",True,Go,SaveFailedRecordIDs,failed-events-manager.go,https://github.com/rudderlabs/rudder-server,rudderlabs,GitHub,2022-11-07 23:05:06+05:18,fix: properly escape table name when querying for failed events (#2663),CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-30625,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3661,"func NewDriver(nodeID, endpoint string, client client.Client, apiReader client.Reader) *driver { glog.Infof(""Driver: %v version: %v"", driverName, version) proto, addr := utils.SplitSchemaAddr(endpoint) glog.Infof(""protocol: %v addr: %v"", proto, addr) if !strings.HasPrefix(addr, ""/"") { addr = fmt.Sprintf(""/%s"", addr) } socketDir := filepath.Dir(addr) err := os.MkdirAll(socketDir, 0755) if err != nil { glog.Errorf(""failed due to %v"", err) os.Exit(1) } csiDriver := csicommon.NewCSIDriver(driverName, version, nodeID) csiDriver.AddControllerServiceCapabilities([]csi.ControllerServiceCapability_RPC_Type{csi.ControllerServiceCapability_RPC_CREATE_DELETE_VOLUME}) csiDriver.AddVolumeCapabilityAccessModes([]csi.VolumeCapability_AccessMode_Mode{csi.VolumeCapability_AccessMode_MULTI_NODE_MULTI_WRITER}) return &driver{ nodeId: nodeID, endpoint: endpoint, csiDriver: csiDriver, client: client, apiReader: apiReader, } }",True,Go,NewDriver,driver.go,https://github.com/fluid-cloudnative/fluid,fluid-cloudnative,GitHub,2023-05-08 14:46:24+08:00,"Merge pull request from GHSA-93xx-cvmc-9w3v

* Fix rbacs and limit CSI Plugin's node related access

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>

* Update change log

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>

---------

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2023-30840,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3666,"func (ns *nodeServer) getNode() (node *v1.Node, err error) { if envVar, found := os.LookupEnv(AllowPatchStaleNodeEnv); !found || envVar == ""true"" { if ns.node != nil { glog.V(3).Infof(""Found cached node %s"", ns.node.Name) return ns.node, nil } } if node, err = kubeclient.GetNode(ns.apiReader, ns.nodeId); err != nil { return nil, err } glog.V(1).Infof(""Got node %s from api server"", node.Name) ns.node = node return ns.node, nil }",True,Go,getNode,nodeserver.go,https://github.com/fluid-cloudnative/fluid,fluid-cloudnative,GitHub,2023-05-08 14:46:24+08:00,"Merge pull request from GHSA-93xx-cvmc-9w3v

* Fix rbacs and limit CSI Plugin's node related access

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>

* Update change log

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>

---------

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2023-30840,"func (m *NestedScope) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedScope: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedScope: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field A"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.A == nil { m.A = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.A.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field B"", wireType) } var v NestedDefinition_NestedEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= NestedDefinition_NestedEnum(b&0x7F) << shift if b < 0x80 { break } } m.B = &v case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field C"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.C == nil { m.C = &NestedDefinition_NestedMessage{} } if err := m.C.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3670,"func (ns *nodeServer) NodeUnstageVolume(ctx context.Context, req *csi.NodeUnstageVolumeRequest) (*csi.NodeUnstageVolumeResponse, error) { ns.mutex.Lock() defer ns.mutex.Unlock() namespace, name, err := ns.getRuntimeNamespacedName(nil, req.GetVolumeId()) if err != nil { if utils.IgnoreNotFound(err) == nil { glog.Warningf(""NodeUnstageVolume: volume %s not found, maybe it's already cleaned up, ignore it"", req.GetVolumeId()) return &csi.NodeUnstageVolumeResponse{}, nil } glog.Errorf(""NodeUnstageVolume: can't get runtime namespace and name given (volumeContext: nil, volumeId: %s): %v"", req.GetVolumeId(), err) return nil, errors.Wrapf(err, ""NodeUnstageVolume: can't get namespace and name by volume id %s"", req.GetVolumeId()) } runtimeInfo, err := base.GetRuntimeInfo(ns.client, name, namespace) if err != nil { if utils.IgnoreNotFound(err) == nil { glog.Warningf(""NodeUnstageVolume: dataset or runtime %s/%s not found, maybe it's already cleaned up"", namespace, name) return &csi.NodeUnstageVolumeResponse{}, nil } return nil, errors.Wrapf(err, ""NodeUnstageVolume: failed to get runtime info for %s/%s"", namespace, name) } var shouldCleanFuse bool cleanPolicy := runtimeInfo.GetFuseCleanPolicy() glog.Infof(""Using %s clean policy for runtime %s in namespace %s"", cleanPolicy, runtimeInfo.GetName(), runtimeInfo.GetNamespace()) switch cleanPolicy { case v1alpha1.OnDemandCleanPolicy: shouldCleanFuse = true case v1alpha1.OnRuntimeDeletedCleanPolicy: shouldCleanFuse = false default: return nil, errors.Errorf(""Unknown Fuse clean policy: %s"", cleanPolicy) } if !shouldCleanFuse { return &csi.NodeUnstageVolumeResponse{}, nil } inUse, err := checkMountInUse(req.GetVolumeId()) if err != nil { return nil, errors.Wrap(err, ""NodeUnstageVolume: can't check mount in use"") } if inUse { return nil, fmt.Errorf(""NodeUnstageVolume: can't stop fuse cause it's in use"") } fuseLabelKey := common.LabelAnnotationFusePrefix + namespace + ""-"" + name var labelsToModify common.LabelsToModify labelsToModify.Delete(fuseLabelKey) node, err := ns.getNode() if err != nil { glog.Errorf(""NodeUnstageVolume: can't get node %s: %v"", ns.nodeId, err) return nil, errors.Wrapf(err, ""NodeUnstageVolume: can't get node %s"", ns.nodeId) } _, err = utils.ChangeNodeLabelWithPatchMode(ns.client, node, labelsToModify) if err != nil { glog.Errorf(""NodeUnstageVolume: error when patching labels on node %s: %v"", ns.nodeId, err) return nil, errors.Wrapf(err, ""NodeUnstageVolume: error when patching labels on node %s"", ns.nodeId) } return &csi.NodeUnstageVolumeResponse{}, nil }",True,Go,NodeUnstageVolume,nodeserver.go,https://github.com/fluid-cloudnative/fluid,fluid-cloudnative,GitHub,2023-05-08 14:46:24+08:00,"Merge pull request from GHSA-93xx-cvmc-9w3v

* Fix rbacs and limit CSI Plugin's node related access

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>

* Update change log

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>

---------

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2023-30840,"func (m *DeepLeaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: DeepLeaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: DeepLeaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Tree"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Tree.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3684,"func AccountPostLogin(w http.ResponseWriter, r *http.Request) { account, err := (&models.Account{Context: ctx.Context}).FromBody(r) if err != nil { ctx.HandleStatus(w, r, err.Error(), http.StatusBadRequest) return } var a1 = &models.Account{Context: ctx.Context} a1.FromData(account) a1, err = a1.Get() if err != nil { ctx.HandleStatus(w, r, err.Error(), http.StatusBadRequest) return } account, err = a1.ValidatePassword(account.Password, ""Password"") if err != nil { ctx.HandleStatus(w, r, ""Invalid username or password!"", http.StatusForbidden) return } session, err := (&models.Session{Context: ctx.Context, Unique: account.Unique}).Post() if err != nil { ctx.HandleStatus(w, r, err.Error(), http.StatusBadRequest) return } expiry := time.Now().Add(time.Hour * 15) SetAuthCookie(w, types.CookieSessionID, session.Key.ID.String(), expiry) SetAuthCookie(w, types.CookieRefreshToken, session.Refresh, expiry) ctx.HandleJson(w, r, account.CopyPublic(), http.StatusOK) }",True,Go,AccountPostLogin,account.go,https://github.com/effectindex/tripreporter,effectindex,5HT2,2023-04-30 14:04:47+02:00,api: (account) Fix improper password verification,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-31123,"func (m *NestedDefinition_NestedMessage) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedMessage: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedMessage: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedField1"", wireType) } var v uint64 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 m.NestedField1 = &v case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NNM"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NNM == nil { m.NNM = &NestedDefinition_NestedMessage_NestedNestedMsg{} } if err := m.NNM.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3692,"func TestInspectCommand_SecretsFromEnv(t *testing.T) { t.Setenv(defaultUsernameEnv, ""user"") t.Setenv(defaultPasswordEnv, ""password"") opts := &inspectOpts{} expected := &inspectOpts{ reference: ""ref"", SecureFlagOpts: SecureFlagOpts{ Password: ""password"", Username: ""user"", }, outputFormat: cmd.OutputJSON, } command := inspectCommand(opts) if err := command.ParseFlags([]string{ expected.reference, ""--output"", ""json""}); err != nil { t.Fatalf(""Parse Flag failed: %v"", err) } if err := command.Args(command, command.Flags().Args()); err != nil { t.Fatalf(""Parse Args failed: %v"", err) } if *opts != *expected { t.Fatalf(""Expect inspect opts: %v, got: %v"", expected, opts) } }",True,Go,TestInspectCommand_SecretsFromEnv,inspect_test.go,https://github.com/notaryproject/notation,notaryproject,GitHub,2023-05-25 14:37:35+08:00,"Merge pull request from GHSA-9m3v-v4r5-ppx7

* added max number of signatures check

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* fix

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* fix: optimize listSignatures

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update listOpts fields order

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* minor fix on error message

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

---------

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Co-authored-by: Patrick Zheng <patrickzheng@microsoft.com>
Co-authored-by: Junjie Gao <junjiegao@microsoft.com>",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-33957,"func (m *UnrecognizedWithEmbed_Embedded) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Embedded: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Embedded: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3697,"func runList(ctx context.Context, opts *listOpts) error { ctx = opts.LoggingFlagOpts.SetLoggerLevel(ctx) reference := opts.reference sigRepo, err := getRepository(ctx, opts.inputType, reference, &opts.SecureFlagOpts, opts.allowReferrersAPI) if err != nil { return err } targetDesc, resolvedRef, err := resolveReferenceWithWarning(ctx, opts.inputType, reference, sigRepo, ""list"") if err != nil { return err } return printSignatureManifestDigests(ctx, targetDesc, sigRepo, resolvedRef) }",True,Go,runList,list.go,https://github.com/notaryproject/notation,notaryproject,GitHub,2023-05-25 14:37:35+08:00,"Merge pull request from GHSA-9m3v-v4r5-ppx7

* added max number of signatures check

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* fix

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* fix: optimize listSignatures

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update listOpts fields order

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* minor fix on error message

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

---------

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Co-authored-by: Patrick Zheng <patrickzheng@microsoft.com>
Co-authored-by: Junjie Gao <junjiegao@microsoft.com>",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-33957,"func (m *NinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NinOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3699,"err := sigRepo.ListSignatures(ctx, targetDesc, func(signatureManifests []ocispec.Descriptor) error { for _, sigManifestDesc := range signatureManifests { if prevDigest != """" { printTitle() fmt.Printf("" ├── %s\n"", prevDigest) } prevDigest = sigManifestDesc.Digest } return nil })",True,Go,error,list.go,https://github.com/notaryproject/notation,notaryproject,GitHub,2023-05-25 14:37:35+08:00,"Merge pull request from GHSA-9m3v-v4r5-ppx7

* added max number of signatures check

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* fix

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* fix: optimize listSignatures

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update listOpts fields order

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* minor fix on error message

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

---------

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Co-authored-by: Patrick Zheng <patrickzheng@microsoft.com>
Co-authored-by: Junjie Gao <junjiegao@microsoft.com>",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-33957,"func (m *Nil) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Nil: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Nil: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3703,"func runVerify(command *cobra.Command, opts *verifyOpts) error { ctx := opts.LoggingFlagOpts.SetLoggerLevel(command.Context()) sigVerifier, err := verifier.NewFromConfig() if err != nil { return err } configs, err := cmd.ParseFlagMap(opts.pluginConfig, cmd.PflagPluginConfig.Name) if err != nil { return err } userMetadata, err := cmd.ParseFlagMap(opts.userMetadata, cmd.PflagUserMetadata.Name) if err != nil { return err } reference := opts.reference sigRepo, err := getRepository(ctx, opts.inputType, reference, &opts.SecureFlagOpts, opts.allowReferrersAPI) if err != nil { return err } _, resolvedRef, err := resolveReferenceWithWarning(ctx, opts.inputType, reference, sigRepo, ""verify"") if err != nil { return err } intendedRef := resolveArtifactDigestReference(resolvedRef, opts.trustPolicyScope) verifyOpts := notation.VerifyOptions{ ArtifactReference: intendedRef, PluginConfig: configs, MaxSignatureAttempts: maxSignatureAttempts, UserMetadata: userMetadata, } _, outcomes, err := notation.Verify(ctx, sigVerifier, sigRepo, verifyOpts) err = checkVerificationFailure(outcomes, resolvedRef, err) if err != nil { return err } reportVerificationSuccess(outcomes, resolvedRef) return nil }",True,Go,runVerify,verify.go,https://github.com/notaryproject/notation,notaryproject,GitHub,2023-05-25 14:37:35+08:00,"Merge pull request from GHSA-9m3v-v4r5-ppx7

* added max number of signatures check

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* fix

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* fix: optimize listSignatures

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update listOpts fields order

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* minor fix on error message

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

---------

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Co-authored-by: Patrick Zheng <patrickzheng@microsoft.com>
Co-authored-by: Junjie Gao <junjiegao@microsoft.com>",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-33957,"func (m *NinOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = &v if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3704,"func TestVerifyCommand_BasicArgs(t *testing.T) { opts := &verifyOpts{} command := verifyCommand(opts) expected := &verifyOpts{ reference: ""ref"", SecureFlagOpts: SecureFlagOpts{ Username: ""user"", Password: ""password"", }, pluginConfig: []string{""key1=val1""}, } if err := command.ParseFlags([]string{ expected.reference, ""--username"", expected.Username, ""--password"", expected.Password, ""--plugin-config"", ""key1=val1""}); err != nil { t.Fatalf(""Parse Flag failed: %v"", err) } if err := command.Args(command, command.Flags().Args()); err != nil { t.Fatalf(""Parse args failed: %v"", err) } if !reflect.DeepEqual(*expected, *opts) { t.Fatalf(""Expect verify opts: %v, got: %v"", expected, opts) } }",True,Go,TestVerifyCommand_BasicArgs,verify_test.go,https://github.com/notaryproject/notation,notaryproject,GitHub,2023-05-25 14:37:35+08:00,"Merge pull request from GHSA-9m3v-v4r5-ppx7

* added max number of signatures check

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* fix

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* fix: optimize listSignatures

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update listOpts fields order

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* minor fix on error message

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

---------

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Co-authored-by: Patrick Zheng <patrickzheng@microsoft.com>
Co-authored-by: Junjie Gao <junjiegao@microsoft.com>",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-33957,"func (m *NoExtensionsMap) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NoExtensionsMap: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NoExtensionsMap: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3705,"func TestVerifyCommand_MoreArgs(t *testing.T) { opts := &verifyOpts{} command := verifyCommand(opts) expected := &verifyOpts{ reference: ""ref"", SecureFlagOpts: SecureFlagOpts{ InsecureRegistry: true, }, pluginConfig: []string{""key1=val1"", ""key2=val2""}, } if err := command.ParseFlags([]string{ expected.reference, ""--insecure-registry"", ""--plugin-config"", ""key1=val1"", ""--plugin-config"", ""key2=val2""}); err != nil { t.Fatalf(""Parse Flag failed: %v"", err) } if err := command.Args(command, command.Flags().Args()); err != nil { t.Fatalf(""Parse args failed: %v"", err) } if !reflect.DeepEqual(*expected, *opts) { t.Fatalf(""Expect verify opts: %v, got: %v"", expected, opts) } }",True,Go,TestVerifyCommand_MoreArgs,verify_test.go,https://github.com/notaryproject/notation,notaryproject,GitHub,2023-05-25 14:37:35+08:00,"Merge pull request from GHSA-9m3v-v4r5-ppx7

* added max number of signatures check

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* fix

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* fix: optimize listSignatures

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update listOpts fields order

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* fix: update code

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>

* updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

* minor fix on error message

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

---------

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Co-authored-by: Patrick Zheng <patrickzheng@microsoft.com>
Co-authored-by: Junjie Gao <junjiegao@microsoft.com>",CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-33957,"func (m *NinEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field200 == nil { m.Field200 = &NidOptNative{} } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.Field210 = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3708,"func NewQUICServer(addr, password, domain string, tcpTimeout, udpTimeout int, blockDomainList, blockCIDR4List, blockCIDR6List string, updateListInterval int64, blockGeoIP []string, withoutbrook bool) (*QUICServer, error) { if err := limits.Raise(); err != nil { Log(&Error{""when"": ""try to raise system limits"", ""warning"": err.Error()}) } if runtime.GOOS == ""linux"" { c := exec.Command(""sysctl"", ""-w"", ""net.core.rmem_max=2500000"") b, err := c.CombinedOutput() if err != nil { Log(&Error{""when"": ""try to raise UDP Receive Buffer Size"", ""warning"": string(b)}) } } if runtime.GOOS == ""darwin"" { c := exec.Command(""sysctl"", ""-w"", ""kern.ipc.maxsockbuf=3014656"") b, err := c.CombinedOutput() if err != nil { Log(&Error{""when"": ""try to raise UDP Receive Buffer Size"", ""warning"": string(b)}) } } var p []byte var f UDPServerConnFactory if !withoutbrook { p = []byte(password) f = NewPacketServerConnFactory() } if withoutbrook { var err error p, err = crypto1.SHA256Bytes([]byte(password)) if err != nil { return nil, err } f = NewSimplePacketServerConnFactory() } s := &QUICServer{ Password: p, Domain: domain, Addr: addr, TCPTimeout: tcpTimeout, UDPTimeout: udpTimeout, UDPServerConnFactory: f, RunnerGroup: runnergroup.New(), WithoutBrook: withoutbrook, } return s, nil }",True,Go,NewQUICServer,quicserver.go,https://github.com/txthinking/brook,txthinking,txthinking,2023-02-14 12:32:27+08:00,tproxy web auth,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2023-33965,"func (m *NidOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3711,"func NewStreamClient(network string, password []byte, src string, server net.Conn, timeout int, dst []byte) (Exchanger, error) { if timeout != 0 { if err := server.SetDeadline(time.Now().Add(time.Duration(timeout) * time.Second)); err != nil { return nil, err } } if len(dst) > 2048-2-16-4-16 { return nil, errors.New(""dst too long"") } c := &StreamClient{network: network, Server: server, Timeout: timeout, src: src, dst: socks5.ToAddress(dst[0], dst[1:len(dst)-2], dst[len(dst)-2:])} c.cn = x.BP12.Get().([]byte) if _, err := io.ReadFull(rand.Reader, c.cn); err != nil { x.BP12.Put(c.cn) return nil, err } ck := x.BP32.Get().([]byte) if _, err := io.ReadFull(hkdf.New(sha256.New, password, c.cn, []byte{0x62, 0x72, 0x6f, 0x6f, 0x6b}), ck); err != nil { x.BP12.Put(c.cn) x.BP32.Put(ck) return nil, err } if _, err := c.Server.Write(c.cn); err != nil { x.BP12.Put(c.cn) x.BP32.Put(ck) return nil, err } cb, err := aes.NewCipher(ck) if err != nil { x.BP12.Put(c.cn) x.BP32.Put(ck) return nil, err } x.BP32.Put(ck) c.ca, err = cipher.NewGCM(cb) if err != nil { x.BP12.Put(c.cn) return nil, err } c.WB = x.BP2048.Get().([]byte) i := time.Now().Unix() if c.network == ""tcp"" && i%2 != 0 { i += 1 } if c.network == ""udp"" && i%2 != 1 { i += 1 } binary.BigEndian.PutUint32(c.WB[2+16:2+16+4], uint32(i)) copy(c.WB[2+16+4:2+16+4+len(dst)], dst) if err := c.WriteL(4 + len(dst)); err != nil { x.BP12.Put(c.cn) x.BP2048.Put(c.WB) return nil, err } c.sn = x.BP12.Get().([]byte) if _, err := io.ReadFull(c.Server, c.sn); err != nil { x.BP12.Put(c.cn) x.BP2048.Put(c.WB) x.BP12.Put(c.sn) return nil, err } sk := x.BP32.Get().([]byte) if _, err := io.ReadFull(hkdf.New(sha256.New, password, c.sn, []byte{0x62, 0x72, 0x6f, 0x6f, 0x6b}), sk); err != nil { x.BP12.Put(c.cn) x.BP2048.Put(c.WB) x.BP12.Put(c.sn) x.BP32.Put(sk) return nil, err } sb, err := aes.NewCipher(sk) if err != nil { x.BP12.Put(c.cn) x.BP2048.Put(c.WB) x.BP12.Put(c.sn) x.BP32.Put(sk) return nil, err } x.BP32.Put(sk) c.sa, err = cipher.NewGCM(sb) if err != nil { x.BP12.Put(c.cn) x.BP2048.Put(c.WB) x.BP12.Put(c.sn) return nil, err } if c.network == ""tcp"" { c.RB = x.BP2048.Get().([]byte) } if c.network == ""udp"" { x.BP2048.Put(c.WB) c.WB = x.BP65507.Get().([]byte) c.RB = x.BP65507.Get().([]byte) } return ClientGate(c) }",True,Go,NewStreamClient,streamclient.go,https://github.com/txthinking/brook,txthinking,txthinking,2023-02-14 12:32:27+08:00,tproxy web auth,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2023-33965,"func (m *NidNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, NidRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3714,"func (c *StreamClient) WriteL(l int) error { binary.BigEndian.PutUint16(c.WB[:2], uint16(l)) c.ca.Seal(c.WB[:0], c.cn, c.WB[:2], nil) NextNonce(c.cn) c.ca.Seal(c.WB[:2+16], c.cn, c.WB[2+16:2+16+l], nil) if _, err := c.Server.Write(c.WB[:2+16+l+16]); err != nil { return err } NextNonce(c.cn) return nil }",True,Go,WriteL,streamclient.go,https://github.com/txthinking/brook,txthinking,txthinking,2023-02-14 12:32:27+08:00,tproxy web auth,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2023-33965,"func (m *NinRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3727,"func (r *PostgreSQL) getSQL(str string) (string, string, error) { if len(strings.TrimSpace(str)) == 0 { return """", """", fmt.Errorf(""Empty SQL data"") } fields := strings.Split(str, "":"") if len(fields) != 5 { return """", """", fmt.Errorf(""Invalid SQL data - [%s]. (syntax: database:table:field:key:value)"", str) } db := fields[0] table := fields[1] field := fields[2] key := fields[3] value := fields[4] if _, err := strconv.Atoi(value); err != nil { return """", """", fmt.Errorf(""Invalid SQL data - [%s], the value must be int"", str) } sql := fmt.Sprintf(""SELECT %s FROM %s WHERE %s = %s"", field, table, key, value) return db, sql, nil }",True,Go,getSQL,postgres.go,https://github.com/megaease/easeprobe,megaease,GitHub,2023-04-25 08:01:22+00:00,fix the SQL Injection (#330),CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-33967,"func (m *OrBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OrBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OrBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3736,"func (r *TerraformRunnerServer) NewTerraform(ctx context.Context, req *NewTerraformRequest) (*NewTerraformReply, error) { r.InstanceID = req.GetInstanceID() log := ctrl.LoggerFrom(ctx, ""instance-id"", r.InstanceID).WithName(loggerName) log.Info(""creating new terraform"", ""workingDir"", req.WorkingDir, ""execPath"", req.ExecPath) tf, err := tfexec.NewTerraform(req.WorkingDir, req.ExecPath) if err != nil { log.Error(err, ""unable to create new terraform"", ""workingDir"", req.WorkingDir, ""execPath"", req.ExecPath) return nil, err } r.tf = tf var terraform infrav1.Terraform if err := terraform.FromBytes(req.Terraform, r.Scheme); err != nil { log.Error(err, ""there was a problem getting the terraform resource"") return nil, err } r.terraform = &terraform disableTestLogging := os.Getenv(""DISABLE_TF_LOGS"") == ""1"" if !disableTestLogging { r.tf.SetStdout(os.Stdout) r.tf.SetStderr(os.Stderr) if os.Getenv(""ENABLE_SENSITIVE_TF_LOGS"") == ""1"" { r.tf.SetLogger(&LocalPrintfer{logger: log}) } } return &NewTerraformReply{Id: r.InstanceID}, nil }",True,Go,NewTerraform,server.go,https://github.com/weaveworks/tf-controller,weaveworks,Chanwit Kaewkasi,2023-06-05 19:11:55+07:00,"fix logging in tf-runner

Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2023-34236,"func (m *NonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3738,"func (r *TerraformRunnerServer) Plan(ctx context.Context, req *PlanRequest) (*PlanReply, error) { log := controllerruntime.LoggerFrom(ctx, ""instance-id"", r.InstanceID).WithName(loggerName) log.Info(""creating a plan"") ctx, cancel := context.WithCancel(ctx) go func() { select { case <-r.Done: cancel() case <-ctx.Done(): } }() if req.TfInstance != r.InstanceID { err := fmt.Errorf(""no TF instance found"") log.Error(err, ""no terraform"") return nil, err } var planOpt []tfexec.PlanOption if req.Out != """" { planOpt = append(planOpt, tfexec.Out(req.Out)) } else { log.Info(""backend seems to be disabled completely, so there will be no plan output file"") } if req.Refresh == false { planOpt = append(planOpt, tfexec.Refresh(req.Refresh)) } if req.Destroy { planOpt = append(planOpt, tfexec.Destroy(req.Destroy)) } for _, target := range req.Targets { planOpt = append(planOpt, tfexec.Target(target)) } drifted, err := r.tf.Plan(ctx, planOpt...) if err != nil { st := status.New(codes.Internal, err.Error()) var stateErr *tfexec.ErrStateLocked if errors.As(err, &stateErr) { st, err = st.WithDetails(&PlanReply{Message: ""not ok"", StateLockIdentifier: stateErr.ID}) if err != nil { return nil, err } } log.Error(err, ""error creating the plan"") return nil, st.Err() } planCreated := false if req.Out != """" { planCreated = true plan, err := r.tf.ShowPlanFile(ctx, req.Out) if err != nil { return nil, err } if plan.PlannedValues.Outputs == nil && plan.PlannedValues.RootModule.Resources == nil && plan.ResourceChanges == nil && plan.PriorState == nil && plan.OutputChanges == nil { planCreated = false } } return &PlanReply{Message: ""ok"", Drifted: drifted, PlanCreated: planCreated}, nil }",True,Go,Plan,server_plan.go,https://github.com/weaveworks/tf-controller,weaveworks,Chanwit Kaewkasi,2023-06-05 19:11:55+07:00,"fix logging in tf-runner

Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2023-34236,"func (m *CustomContainer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomContainer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomContainer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field CustomStruct"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.CustomStruct.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3742,"func (r *TerraformRunnerServer) SaveTFPlan(ctx context.Context, req *SaveTFPlanRequest) (*SaveTFPlanReply, error) { log := controllerruntime.LoggerFrom(ctx, ""instance-id"", r.InstanceID).WithName(loggerName) log.Info(""save the plan"") if req.TfInstance != r.InstanceID { err := fmt.Errorf(""no TF instance found"") log.Error(err, ""no terraform"") return nil, err } var tfplan []byte if req.BackendCompletelyDisable { tfplan = []byte(""dummy plan"") } else { var err error tfplan, err = ioutil.ReadFile(filepath.Join(r.tf.WorkingDir(), TFPlanName)) if err != nil { err = fmt.Errorf(""error reading plan file: %s"", err) log.Error(err, ""unable to complete SaveTFPlan function"") return nil, err } } planRev := strings.Replace(req.Revision, ""/"", ""-"", 1) planName := ""plan-"" + planRev if err := r.writePlanAsSecret(ctx, req.Name, req.Namespace, log, planName, tfplan, """", req.Uuid); err != nil { return nil, err } if r.terraform.Spec.StoreReadablePlan == ""json"" { planObj, err := r.tf.ShowPlanFile(ctx, TFPlanName) if err != nil { log.Error(err, ""unable to get the plan output for json"") return nil, err } jsonBytes, err := json.Marshal(planObj) if err != nil { log.Error(err, ""unable to marshal the plan to json"") return nil, err } if err := r.writePlanAsSecret(ctx, req.Name, req.Namespace, log, planName, jsonBytes, "".json"", req.Uuid); err != nil { return nil, err } } else if r.terraform.Spec.StoreReadablePlan == ""human"" { rawOutput, err := r.tf.ShowPlanFileRaw(ctx, TFPlanName) if err != nil { log.Error(err, ""unable to get the plan output for human"") return nil, err } if err := r.writePlanAsConfigMap(ctx, req.Name, req.Namespace, log, planName, rawOutput, """", req.Uuid); err != nil { return nil, err } } return &SaveTFPlanReply{Message: ""ok""}, nil }",True,Go,SaveTFPlan,server_save_tfplan.go,https://github.com/weaveworks/tf-controller,weaveworks,Chanwit Kaewkasi,2023-06-05 19:11:55+07:00,"fix logging in tf-runner

Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2023-34236,"func (m *UnrecognizedWithInner_Inner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Inner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Inner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v uint32 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= uint32(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3744,"func (r *TerraformRunnerServer) ShowPlanFile(ctx context.Context, req *ShowPlanFileRequest) (*ShowPlanFileReply, error) { log := controllerruntime.LoggerFrom(ctx, ""instance-id"", r.InstanceID).WithName(loggerName) log.Info(""show the raw plan file"") if req.TfInstance != r.InstanceID { err := fmt.Errorf(""no TF instance found"") log.Error(err, ""no terraform"") return nil, err } plan, err := r.tf.ShowPlanFile(ctx, req.Filename) if err != nil { log.Error(err, ""unable to get the json plan output"") return nil, err } jsonBytes, err := json.Marshal(plan) if err != nil { log.Error(err, ""unable to marshal the plan to json"") return nil, err } return &ShowPlanFileReply{JsonOutput: jsonBytes}, nil }",True,Go,ShowPlanFile,server_show_plan.go,https://github.com/weaveworks/tf-controller,weaveworks,Chanwit Kaewkasi,2023-06-05 19:11:55+07:00,"fix logging in tf-runner

Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2023-34236,"func (m *NidEmbeddedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidEmbeddedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidEmbeddedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field200"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Field200.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field210"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } m.Field210 = bool(v != 0) default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3746,"func (r *TerraformRunnerServer) ShowPlanFileRaw(ctx context.Context, req *ShowPlanFileRawRequest) (*ShowPlanFileRawReply, error) { log := controllerruntime.LoggerFrom(ctx, ""instance-id"", r.InstanceID).WithName(loggerName) log.Info(""show the raw plan file"") if req.TfInstance != r.InstanceID { err := fmt.Errorf(""no TF instance found"") log.Error(err, ""no terraform"") return nil, err } rawOutput, err := r.tf.ShowPlanFileRaw(ctx, req.Filename) if err != nil { log.Error(err, ""unable to get the raw plan output"") return nil, err } return &ShowPlanFileRawReply{RawOutput: rawOutput}, nil }",True,Go,ShowPlanFileRaw,server_show_plan.go,https://github.com/weaveworks/tf-controller,weaveworks,Chanwit Kaewkasi,2023-06-05 19:11:55+07:00,"fix logging in tf-runner

Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2023-34236,"func (m *AndBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3751,"func (t *assetAction) checkERC20AssetList() error { return t.bridgeView.FindAssetList(t.erc20AL, t.blockHeight, t.logIndex) }",True,Go,checkERC20AssetList,asset_action.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *NinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3756,"func (t *assetAction) checkERC20Deposit() error { asset, _ := t.asset.ERC20() return t.bridgeView.FindDeposit( t.erc20D, t.blockHeight, t.logIndex, asset.Address(), ) }",True,Go,checkERC20Deposit,asset_action.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *CustomNameNinEmbeddedStructUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameNinEmbeddedStructUnion: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NidOptNative"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.NidOptNative == nil { m.NidOptNative = &NidOptNative{} } if err := m.NidOptNative.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 200: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.FieldA == nil { m.FieldA = &NinOptNative{} } if err := m.FieldA.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 210: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int(b&0x7F) << shift if b < 0x80 { break } } b := bool(v != 0) m.FieldB = &b default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3761,"func (mr *MockERC20BridgeViewMockRecorder) FindAssetLimitsUpdated(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, ""FindAssetLimitsUpdated"", reflect.TypeOf((*MockERC20BridgeView)(nil).FindAssetLimitsUpdated), arg0, arg1, arg2, arg3) }",True,Go,FindAssetLimitsUpdated,mocks.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *CustomNameEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomNameEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomNameEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field FieldA"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldA = &v case 2: if wireType == 0 { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } else if wireType == 2 { var packedLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ packedLen |= int(b&0x7F) << shift if b < 0x80 { break } } if packedLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + packedLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var elementCount int if elementCount != 0 && len(m.FieldB) == 0 { m.FieldB = make([]TheTestEnum, 0, elementCount) } for iNdEx < postIndex { var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.FieldB = append(m.FieldB, v) } } else { return fmt.Errorf(""proto: wrong wireType = %d for field FieldB"", wireType) } default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3763,"func (mr *MockERC20BridgeViewMockRecorder) FindBridgeStopped(arg0, arg1, arg2 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, ""FindBridgeStopped"", reflect.TypeOf((*MockERC20BridgeView)(nil).FindBridgeStopped), arg0, arg1, arg2) }",True,Go,FindBridgeStopped,mocks.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *Timer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Timer: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Timer: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time1"", wireType) } m.Time1 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time1 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 2: if wireType != 1 { return fmt.Errorf(""proto: wrong wireType = %d for field Time2"", wireType) } m.Time2 = 0 if (iNdEx + 8) > l { return io.ErrUnexpectedEOF } m.Time2 = int64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:])) iNdEx += 8 case 3: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Data"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) if m.Data == nil { m.Data = []byte{} } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3766,"func (m *MockERC20BridgeView) FindAssetList(arg0 *types.ERC20AssetList, arg1, arg2 uint64) error { m.ctrl.T.Helper() ret := m.ctrl.Call(m, ""FindAssetList"", arg0, arg1, arg2) ret0, _ := ret[0].(error) return ret0 }",True,Go,FindAssetList,mocks.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *NidOptCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidOptCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidOptCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Id.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3770,"func (m *MockERC20BridgeView) FindBridgeResumed(arg0 *types.ERC20EventBridgeResumed, arg1, arg2 uint64) error { m.ctrl.T.Helper() ret := m.ctrl.Call(m, ""FindBridgeResumed"", arg0, arg1, arg2) ret0, _ := ret[0].(error) return ret0 }",True,Go,FindBridgeResumed,mocks.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *NinNestedStruct) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinNestedStruct: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinNestedStruct: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &NinOptStruct{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field2 = append(m.Field2, &NinRepStruct{}) if err := m.Field2[len(m.Field2)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3773,"func (m *MockERC20BridgeView) FindDeposit(arg0 *types.ERC20Deposit, arg1, arg2 uint64, arg3 string) error { m.ctrl.T.Helper() ret := m.ctrl.Call(m, ""FindDeposit"", arg0, arg1, arg2, arg3) ret0, _ := ret[0].(error) return ret0 }",True,Go,FindDeposit,mocks.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *UnrecognizedWithInner) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithInner: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithInner: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Embedded = append(m.Embedded, &UnrecognizedWithInner_Inner{}) if err := m.Embedded[len(m.Embedded)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3775,"func (mr *MockERC20BridgeViewMockRecorder) FindBridgeResumed(arg0, arg1, arg2 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, ""FindBridgeResumed"", reflect.TypeOf((*MockERC20BridgeView)(nil).FindBridgeResumed), arg0, arg1, arg2) }",True,Go,FindBridgeResumed,mocks.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *ProtoType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ProtoType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ProtoType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3776,"func (mr *MockERC20BridgeViewMockRecorder) FindDeposit(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, ""FindDeposit"", reflect.TypeOf((*MockERC20BridgeView)(nil).FindDeposit), arg0, arg1, arg2, arg3) }",True,Go,FindDeposit,mocks.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *NestedDefinition_NestedMessage_NestedNestedMsg) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NestedNestedMsg: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NestedNestedMsg: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 10: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field NestedNestedField1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.NestedNestedField1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3777,"func (mr *MockERC20BridgeViewMockRecorder) FindAssetList(arg0, arg1, arg2 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, ""FindAssetList"", reflect.TypeOf((*MockERC20BridgeView)(nil).FindAssetList), arg0, arg1, arg2) }",True,Go,FindAssetList,mocks.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *ADeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: ADeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: ADeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Down"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Down.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3784,"func (e *ERC20LogicView) FindDeposit( d *types.ERC20Deposit, blockNumber, logIndex uint64, ethAssetAddress string, ) error { bf, err := bridgecontract.NewErc20BridgeLogicRestrictedFilterer( e.clt.CollateralBridgeAddress(), e.clt) if err != nil { return err } resp := ""ok"" defer func() { metrics.EthCallInc(""find_deposit"", d.VegaAssetID, resp) }() ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() iter, err := bf.FilterAssetDeposited( &bind.FilterOpts{ Start: blockNumber - 1, Context: ctx, }, []ethcommon.Address{ethcommon.HexToAddress(d.SourceEthereumAddress)}, []ethcommon.Address{ethcommon.HexToAddress(ethAssetAddress)}) if err != nil { resp = getMaybeHTTPStatus(err) return err } defer iter.Close() depamount := d.Amount.BigInt() var event *bridgecontract.Erc20BridgeLogicRestrictedAssetDeposited targetPartyID := strings.TrimPrefix(d.TargetPartyID, ""0x"") for iter.Next() { if hex.EncodeToString(iter.Event.VegaPublicKey[:]) == targetPartyID && iter.Event.Amount.Cmp(depamount) == 0 && iter.Event.Raw.BlockNumber == blockNumber && uint64(iter.Event.Raw.Index) == logIndex { event = iter.Event break } } if event == nil { return ErrUnableToFindERC20Deposit } if err := e.ethConfs.Check(event.Raw.BlockNumber); err != nil { return err } return nil }",True,Go,FindDeposit,erc20_logic_view.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *CustomDash) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: CustomDash: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: CustomDash: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom_dash_type.Bytes m.Value = &v if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3788,"func (e *ERC20LogicView) FindBridgeResumed( al *types.ERC20EventBridgeResumed, blockNumber, logIndex uint64, ) error { bf, err := bridgecontract.NewErc20BridgeLogicRestrictedFilterer( e.clt.CollateralBridgeAddress(), e.clt) if err != nil { return err } resp := ""ok"" defer func() { metrics.EthCallInc(""find_bridge_stopped"", resp) }() ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() iter, err := bf.FilterBridgeResumed( &bind.FilterOpts{ Start: blockNumber - 1, Context: ctx, }, ) if err != nil { resp = getMaybeHTTPStatus(err) return err } defer iter.Close() var event *bridgecontract.Erc20BridgeLogicRestrictedBridgeResumed for iter.Next() { if iter.Event.Raw.BlockNumber == blockNumber && uint64(iter.Event.Raw.Index) == logIndex { event = iter.Event break } } if event == nil { return ErrUnableToFindERC20BridgeStopped } if err := e.ethConfs.Check(event.Raw.BlockNumber); err != nil { return err } return nil }",True,Go,FindBridgeResumed,erc20_logic_view.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *NinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v TheTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= TheTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3790,"func (e *ERC20LogicView) FindWithdrawal( w *types.ERC20Withdrawal, blockNumber, logIndex uint64, ethAssetAddress string, ) (*big.Int, string, uint, error) { bf, err := bridgecontract.NewErc20BridgeLogicRestrictedFilterer( e.clt.CollateralBridgeAddress(), e.clt) if err != nil { return nil, """", 0, err } resp := ""ok"" defer func() { metrics.EthCallInc(""find_withdrawal"", w.VegaAssetID, resp) }() ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() iter, err := bf.FilterAssetWithdrawn( &bind.FilterOpts{ Start: blockNumber - 1, Context: ctx, }, []ethcommon.Address{ethcommon.HexToAddress(w.TargetEthereumAddress)}, []ethcommon.Address{ethcommon.HexToAddress(ethAssetAddress)}) if err != nil { resp = getMaybeHTTPStatus(err) return nil, """", 0, err } defer iter.Close() var event *bridgecontract.Erc20BridgeLogicRestrictedAssetWithdrawn nonce := &big.Int{} _, ok := nonce.SetString(w.ReferenceNonce, 10) if !ok { return nil, """", 0, fmt.Errorf(""could not use reference nonce, expected base 10 integer: %v"", w.ReferenceNonce) } for iter.Next() { if nonce.Cmp(iter.Event.Nonce) == 0 && iter.Event.Raw.BlockNumber == blockNumber && uint64(iter.Event.Raw.Index) == logIndex { event = iter.Event break } } if event == nil { return nil, """", 0, ErrUnableToFindERC20Withdrawal } if err := e.ethConfs.Check(event.Raw.BlockNumber); err != nil { return nil, """", 0, err } return nonce, event.Raw.TxHash.Hex(), event.Raw.Index, nil }",True,Go,FindWithdrawal,erc20_logic_view.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *NinOptNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinOptNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinOptNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.Field1 == nil { m.Field1 = &T{} } if err := m.Field1.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3791,"func (e *ERC20LogicView) FindBridgeStopped( al *types.ERC20EventBridgeStopped, blockNumber, logIndex uint64, ) error { bf, err := bridgecontract.NewErc20BridgeLogicRestrictedFilterer( e.clt.CollateralBridgeAddress(), e.clt) if err != nil { return err } resp := ""ok"" defer func() { metrics.EthCallInc(""find_bridge_stopped"", resp) }() ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() iter, err := bf.FilterBridgeStopped( &bind.FilterOpts{ Start: blockNumber - 1, Context: ctx, }, ) if err != nil { resp = getMaybeHTTPStatus(err) return err } defer iter.Close() var event *bridgecontract.Erc20BridgeLogicRestrictedBridgeStopped for iter.Next() { if iter.Event.Raw.BlockNumber == blockNumber && uint64(iter.Event.Raw.Index) == logIndex { event = iter.Event break } } if event == nil { return ErrUnableToFindERC20BridgeStopped } if err := e.ethConfs.Check(event.Raw.BlockNumber); err != nil { return err } return nil }",True,Go,FindBridgeStopped,erc20_logic_view.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *Leaf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Leaf: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Leaf: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } m.Value = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ m.Value |= int64(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field StrValue"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.StrValue = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3793,"func (*BridgeViewStub) FindBridgeResumed(al *types.ERC20EventBridgeResumed, blockNumber, logIndex uint64) error { return nil }",True,Go,FindBridgeResumed,bridge_view_stub.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *AnotherNinOptEnumDefault) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnumDefault: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3794,"func (*BridgeViewStub) FindBridgeStopped(al *types.ERC20EventBridgeStopped, blockNumber, logIndex uint64) error { return nil }",True,Go,FindBridgeStopped,bridge_view_stub.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *Unrecognized) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Unrecognized: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Unrecognized: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field1 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3801,"func (*BridgeViewStub) FindAssetList(al *types.ERC20AssetList, blockNumber, logIndex uint64) error { return nil }",True,Go,FindAssetList,bridge_view_stub.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *NinRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NinRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NinRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3802,"func (o *OnChainVerifier) CheckStakeRemoved(event *types.StakeRemoved) error { o.mu.RLock() defer o.mu.RUnlock() if o.log.GetLevel() <= logging.DebugLevel { o.log.Debug(""checking stake removed event on chain"", logging.String(""event"", event.String()), ) } decodedPubKeySlice, err := hex.DecodeString(event.VegaPubKey) if err != nil { o.log.Error(""invalid pubkey inn stake deposited event"", logging.Error(err)) return err } var decodedPubKey [32]byte copy(decodedPubKey[:], decodedPubKeySlice[0:32]) for _, address := range o.stakingBridgeAddresses { if o.log.GetLevel() <= logging.DebugLevel { o.log.Debug(""checking stake removed event on chain"", logging.String(""bridge-address"", address.Hex()), logging.String(""event"", event.String()), ) } filterer, err := NewStakingFilterer(address, o.ethClient) if err != nil { o.log.Error(""could not instantiate staking bridge filterer"", logging.String(""address"", address.Hex())) continue } ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() iter, err := filterer.FilterStakeRemoved( &bind.FilterOpts{ Start: event.BlockNumber, End: &event.BlockNumber, Context: ctx, }, []ethcmn.Address{ethcmn.HexToAddress(event.EthereumAddress)}, [][32]byte{decodedPubKey}) if err != nil { o.log.Error(""could not start stake deposited filter"", logging.Error(err)) continue } defer iter.Close() vegaPubKey := strings.TrimPrefix(event.VegaPubKey, ""0x"") amountDeposited := event.Amount.BigInt() for iter.Next() { if o.log.GetLevel() <= logging.DebugLevel { o.log.Debug(""found stake removed event on chain"", logging.String(""bridge-address"", address.Hex()), logging.String(""amount"", iter.Event.Amount.String()), logging.String(""user"", iter.Event.User.Hex()), ) } if hex.EncodeToString(iter.Event.VegaPublicKey[:]) == vegaPubKey && iter.Event.Amount.Cmp(amountDeposited) == 0 && iter.Event.Raw.BlockNumber == event.BlockNumber && uint64(iter.Event.Raw.Index) == event.LogIndex { return o.ethConfirmations.Check(event.BlockNumber) } } } return ErrNoStakeRemovedEventFound }",True,Go,CheckStakeRemoved,on_chain_verifier.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *MyExtendable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: MyExtendable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: MyExtendable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v default: if (fieldNum >= 100) && (fieldNum < 200) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3807,"func (o *OnChainVerifier) filterSignerRemoved( ctx context.Context, filterer *multisig.MultisigControlFilterer, event *types.SignerEvent, ) error { iter, err := filterer.FilterSignerRemoved( &bind.FilterOpts{ Start: event.BlockNumber, End: &event.BlockNumber, Context: ctx, }, ) if err != nil { o.log.Error(""Couldn't start filtering on signer removed event"", logging.Error(err)) return err } defer iter.Close() for iter.Next() { if o.log.GetLevel() <= logging.DebugLevel { o.log.Debug(""found signer removed event on chain"", logging.String(""old-signer"", iter.Event.OldSigner.Hex()), ) } nonce, _ := big.NewInt(0).SetString(event.Nonce, 10) if iter.Event.Raw.BlockNumber == event.BlockNumber && uint64(iter.Event.Raw.Index) == event.LogIndex && iter.Event.OldSigner.Hex() == event.Address && nonce.Cmp(iter.Event.Nonce) == 0 { return o.ethConfirmations.Check(event.BlockNumber) } } return ErrNoSignerEventFound }",True,Go,filterSignerRemoved,on_chain_verifier.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *NidRepNonByteCustomType) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepNonByteCustomType: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepNonByteCustomType: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Field1 = append(m.Field1, T{}) if err := m.Field1[len(m.Field1)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3809,"func (o *OnChainVerifier) CheckThresholdSetEvent( event *types.SignerThresholdSetEvent, ) error { o.mu.RLock() defer o.mu.RUnlock() if o.log.GetLevel() <= logging.DebugLevel { o.log.Debug(""checking threshold set event on chain"", logging.String(""contract-address"", o.multiSigAddress.Hex()), logging.String(""event"", event.String()), ) } filterer, err := multisig.NewMultisigControlFilterer( o.multiSigAddress, o.ethClient, ) if err != nil { o.log.Error(""could not instantiate multisig control filterer"", logging.Error(err)) return err } ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() iter, err := filterer.FilterThresholdSet( &bind.FilterOpts{ Start: event.BlockNumber, End: &event.BlockNumber, Context: ctx, }, ) if err != nil { o.log.Error(""Couldn't start filtering on signer added event"", logging.Error(err)) return err } defer iter.Close() for iter.Next() { if o.log.GetLevel() <= logging.DebugLevel { o.log.Debug(""found threshold set event on chain"", logging.Uint16(""new-threshold"", iter.Event.NewThreshold), ) } nonce, _ := big.NewInt(0).SetString(event.Nonce, 10) if iter.Event.Raw.BlockNumber == event.BlockNumber && uint64(iter.Event.Raw.Index) == event.LogIndex && iter.Event.NewThreshold == uint16(event.Threshold) && nonce.Cmp(iter.Event.Nonce) == 0 { return o.ethConfirmations.Check(event.BlockNumber) } } return ErrNoThresholdSetEventFound }",True,Go,CheckThresholdSetEvent,on_chain_verifier.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *OtherExtenable) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: OtherExtenable: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: OtherExtenable: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field M"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if m.M == nil { m.M = &MyExtendable{} } if err := m.M.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 13: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field13"", wireType) } var v int64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= int64(b&0x7F) << shift if b < 0x80 { break } } m.Field13 = &v default: if ((fieldNum >= 14) && (fieldNum < 17)) || ((fieldNum >= 10) && (fieldNum < 13)) { var sizeOfWire int for { sizeOfWire++ wire >>= 7 if wire == 0 { break } } iNdEx -= sizeOfWire skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } github_com_gogo_protobuf_proto.AppendExtension(m, int32(fieldNum), dAtA[iNdEx:iNdEx+skippy]) iNdEx += skippy } else { iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3810,"func (o *OnChainVerifier) filterSignerAdded( ctx context.Context, filterer *multisig.MultisigControlFilterer, event *types.SignerEvent, ) error { iter, err := filterer.FilterSignerAdded( &bind.FilterOpts{ Start: event.BlockNumber, End: &event.BlockNumber, Context: ctx, }, ) if err != nil { o.log.Error(""Couldn't start filtering on signer added event"", logging.Error(err)) return err } defer iter.Close() for iter.Next() { if o.log.GetLevel() <= logging.DebugLevel { o.log.Debug(""found signer added event on chain"", logging.String(""new-signer"", iter.Event.NewSigner.Hex()), ) } nonce, _ := big.NewInt(0).SetString(event.Nonce, 10) if iter.Event.Raw.BlockNumber == event.BlockNumber && uint64(iter.Event.Raw.Index) == event.LogIndex && iter.Event.NewSigner.Hex() == event.Address && nonce.Cmp(iter.Event.Nonce) == 0 { return o.ethConfirmations.Check(event.BlockNumber) } } return ErrNoSignerEventFound }",True,Go,filterSignerAdded,on_chain_verifier.go,https://github.com/vegaprotocol/vega,vegaprotocol,Jeremy Letang,2023-06-20 10:22:03+01:00,"Merge pull request from GHSA-8rc9-vxjh-qjf2

fix: on-chain verification comparison",CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2023-35163,"func (m *AnotherNinOptEnum) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AnotherNinOptEnum: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AnotherNinOptEnum: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field1"", wireType) } var v AnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= AnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field1 = &v case 2: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var v YetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field2 = &v case 3: if wireType != 0 { return fmt.Errorf(""proto: wrong wireType = %d for field Field3"", wireType) } var v YetYetAnotherTestEnum for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ v |= YetYetAnotherTestEnum(b&0x7F) << shift if b < 0x80 { break } } m.Field3 = &v default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3814,"func (r *Reader) readBytes(op string) []byte { size := int(r.ReadLong()) if size < 0 { r.ReportError(""ReadString"", ""invalid ""+op+"" length"") return nil } if size == 0 { return []byte{} } if r.head+size <= r.tail && size <= 1024 { if cap(r.slab) < size { r.slab = make([]byte, 1024) } dst := r.slab[:size] r.slab = r.slab[size:] copy(dst, r.buf[r.head:r.head+size]) r.head += size return dst } buf := make([]byte, size) r.Read(buf) return buf }",True,Go,readBytes,reader.go,https://github.com/hamba/avro,hamba,GitHub,2023-07-16 19:22:09+02:00,feat: add max byte slice size config (#273),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2023-37475,"func (m *NidRepCustom) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: NidRepCustom: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: NidRepCustom: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Id"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v Uuid m.Id = append(m.Id, v) if err := m.Id[len(m.Id)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Value"", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } if byteLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } var v github_com_gogo_protobuf_test_custom.Uint128 m.Value = append(m.Value, v) if err := m.Value[len(m.Value)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3821,"func OperateFirewallPort(oldPorts, newPorts []int) error { client, err := firewall.NewFirewallClient() if err != nil { return err } for _, port := range newPorts { if err := client.Port(fireClient.FireInfo{Port: strconv.Itoa(port), Protocol: ""tcp"", Strategy: ""accept""}, ""add""); err != nil { return err } } for _, port := range oldPorts { if err := client.Port(fireClient.FireInfo{Port: strconv.Itoa(port), Protocol: ""tcp"", Strategy: ""accept""}, ""remove""); err != nil { return err } } return client.Reload() }",True,Go,OperateFirewallPort,firewall.go,https://github.com/1Panel-dev/1Panel,1Panel-dev,GitHub,2023-07-17 08:34:29+00:00,fix: 解决部分接口命令注入问题 (#1690),CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2023-37477,"func (m *Node) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: Node: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: Node: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Label"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Label = &s iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Children"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } m.Children = append(m.Children, &Node{}) if err := m.Children[len(m.Children)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3827,"func useAPIAuthentication(next fasthttp.RequestHandler) fasthttp.RequestHandler { token := auth.GetAPIToken() if token == """" { return next } log.Info(""enabled token authentication on http server"") return func(ctx *fasthttp.RequestCtx) { v := ctx.Request.Header.Peek(authConsts.APITokenHeader) if auth.ExcludedRoute(string(ctx.Request.URI().FullURI())) || string(v) == token { ctx.Request.Header.Del(authConsts.APITokenHeader) next(ctx) } else { ctx.Error(""invalid api token"", http.StatusUnauthorized) } } }",True,Go,useAPIAuthentication,server.go,https://github.com/dapr/dapr,dapr,Artur Souza,2023-07-20 15:33:57-07:00,"Fixed API token authentication bypassed when path contains `/healthz`

The APITokenAuthMiddleware allowed bypassing the check if the path included `/healthz`. An attacker only needed to include `/healthz` in the URL, even the querystring, to bypass the API token check, for example `/v1.0/invoke/myapp/method/something?foo=/healthz`.

Additionally, this was not checking the method of the request, so requests to `POST /healthz` would cause a service invocation to happen.

This fixes the issue by making the check a lot more strict. The API token check can be bypassed only if:

- The path is exactly `/v1.0/healthz` or `/v1.0/healthz/outbound` (slashes are trimmed on each side)
- The method is `GET`

Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2023-37918,"func (m *UnrecognizedWithEmbed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: UnrecognizedWithEmbed: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field UnrecognizedWithEmbed_Embedded"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.UnrecognizedWithEmbed_Embedded.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Field2"", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } intStringLen := int(stringLen) if intStringLen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } s := string(dAtA[iNdEx:postIndex]) m.Field2 = &s iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"
3833,"func PostHook(c *gin.Context) { _store := store.FromContext(c) forge := server.Config.Services.Forge tmpRepo, tmpBuild, err := forge.Hook(c, c.Request) if err != nil { if errors.Is(err, &types.ErrIgnoreEvent{}) { msg := fmt.Sprintf(""forge driver: %s"", err) log.Debug().Err(err).Msg(msg) c.String(http.StatusOK, msg) return } msg := ""failure to parse hook"" log.Debug().Err(err).Msg(msg) c.String(http.StatusBadRequest, msg) return } if tmpBuild == nil { msg := ""ignoring hook: hook parsing resulted in empty pipeline"" log.Debug().Msg(msg) c.String(http.StatusOK, msg) return } if tmpRepo == nil { msg := ""failure to ascertain repo from hook"" log.Debug().Msg(msg) c.String(http.StatusBadRequest, msg) return } skipMatch := skipRe.FindString(tmpBuild.Message) if len(skipMatch) > 0 { msg := fmt.Sprintf(""ignoring hook: %s found in %s"", skipMatch, tmpBuild.Commit) log.Debug().Msg(msg) c.String(http.StatusNoContent, msg) return } repo, err := _store.GetRepoNameFallback(tmpRepo.ForgeRemoteID, tmpRepo.FullName) if err != nil { msg := fmt.Sprintf(""failure to get repo %s from store"", tmpRepo.FullName) log.Error().Err(err).Msg(msg) c.String(http.StatusNotFound, msg) return } if !repo.IsActive { msg := fmt.Sprintf(""ignoring hook: repo %s is inactive"", tmpRepo.FullName) log.Debug().Msg(msg) c.String(http.StatusNoContent, msg) return } oldFullName := repo.FullName if oldFullName != tmpRepo.FullName { err = _store.CreateRedirection(&model.Redirection{RepoID: repo.ID, FullName: repo.FullName}) if err != nil { _ = c.AbortWithError(http.StatusInternalServerError, err) return } } repo.Update(tmpRepo) err = _store.UpdateRepo(repo) if err != nil { c.String(http.StatusInternalServerError, err.Error()) return } parsed, err := token.ParseRequest(c.Request, func(_ *token.Token) (string, error) { return repo.Hash, nil }) if err != nil { msg := fmt.Sprintf(""failure to parse token from hook for %s"", repo.FullName) log.Error().Err(err).Msg(msg) c.String(http.StatusBadRequest, msg) return } verifiedKey := parsed.Text == oldFullName if !verifiedKey { verifiedKey, err = _store.HasRedirectionForRepo(repo.ID, repo.FullName) if err != nil { msg := ""failure to verify token from hook. Could not check for redirections of the repo"" log.Error().Err(err).Msg(msg) c.String(http.StatusInternalServerError, msg) return } } if !verifiedKey { msg := fmt.Sprintf(""failure to verify token from hook. Expected %s, got %s"", repo.FullName, parsed.Text) log.Debug().Msg(msg) c.String(http.StatusForbidden, msg) return } if repo.UserID == 0 { msg := fmt.Sprintf(""ignoring hook. repo %s has no owner."", repo.FullName) log.Warn().Msg(msg) c.String(http.StatusNoContent, msg) return } if tmpBuild.Event == model.EventPull && !repo.AllowPull { msg := ""ignoring hook: pull requests are disabled for this repo in woodpecker"" log.Debug().Str(""repo"", repo.FullName).Msg(msg) c.String(http.StatusNoContent, msg) return } pl, err := pipeline.Create(c, _store, repo, tmpBuild) if err != nil { handlePipelineErr(c, err) } else { c.JSON(http.StatusOK, pl) } }",True,Go,PostHook,hook.go,https://github.com/woodpecker-ci/woodpecker,woodpecker-ci,GitHub,2023-08-16 16:19:10+02:00,"Validate webhook before change any data (#2221) (#2222)

Backport #2221",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2023-40034,"func (m *AndDeepBranch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ wire |= uint64(b&0x7F) << shift if b < 0x80 { break } } fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { return fmt.Errorf(""proto: AndDeepBranch: wiretype end group for non-group"") } if fieldNum <= 0 { return fmt.Errorf(""proto: AndDeepBranch: illegal tag %d (wire type %d)"", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Left"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Left.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf(""proto: wrong wireType = %d for field Right"", wireType) } var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowThetest } if iNdEx >= l { return io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ msglen |= int(b&0x7F) << shift if b < 0x80 { break } } if msglen < 0 { return ErrInvalidLengthThetest } postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthThetest } if postIndex > l { return io.ErrUnexpectedEOF } if err := m.Right.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipThetest(dAtA[iNdEx:]) if err != nil { return err } if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthThetest } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } if iNdEx > l { return io.ErrUnexpectedEOF } return nil }"