vulndb/data/excluded/GO-2022-0326.yaml

id: GO-2022-0326
excluded: EFFECTIVELY_PRIVATE
modules:
  - module: github.com/sigstore/cosign
cves:
  - CVE-2022-23649
ghsas:
  - GHSA-ccxc-vr6p-4858
data: add lint check for ID and add ID to all YAML reports Adds the ID field to all YAML reports and adds a lint check to enforce that all reports have the correct value for the field. Also adds a step to "vulnreport fix" to fix the ID if needed. Change-Id: I51f4654e127528e1dbbfcb9c59da3658ad52098b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/498281 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> 2023-05-24 21:02:12 +03:00			`id: GO-2022-0326`
data/excluded: create entries for excluded reports Change-Id: I49b44a49eba4332601aaae38a2ce70ee2f9ba399 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/423494 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Julie Qiu <julieqiu@google.com> 2022-08-13 02:03:53 +03:00			`excluded: EFFECTIVELY_PRIVATE`
internal/report, cmd/vulnreport, data/excluded: require excluded reports to have module information. Modify report.Lint() so that it requires all excluded report (aside from Not Go Code) to also have module information. Also modifies createExcluded to be more robust against malformed and unreachable module paths in github issue titles. This (in addition to go/dev/cl/446868) allows us to add some module information to every report. Ideally, this will allow us to check if anyone is importing the modules mentioned in the excluded reports for our metrics. Change-Id: I783aea978760a70a0cccd30ad454d1fadfb85997 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/448837 Run-TryBot: Maceo Thompson <maceothompson@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-11-08 23:15:12 +03:00			`modules:`
			`- module: github.com/sigstore/cosign`
data/excluded: create entries for excluded reports Change-Id: I49b44a49eba4332601aaae38a2ce70ee2f9ba399 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/423494 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Julie Qiu <julieqiu@google.com> 2022-08-13 02:03:53 +03:00			`cves:`
			`- CVE-2022-23649`
data/excluded: regenerate all excluded reports An earlier version of vulnreport wasn't filling in all CVE/GHSA IDs from the GitHub issue. Regenerate to add these IDs. Change-Id: I3e5cdb4d9acc20837c603454b72386a69a026624 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430755 Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> 2022-09-14 00:28:31 +03:00			`ghsas:`
			`- GHSA-ccxc-vr6p-4858`