data/reports: update 4 reports

Remove/fix non-existent packages. - data/reports/GO-2021-0064.yaml - data/reports/GO-2021-0065.yaml - data/reports/GO-2024-0701.yaml - data/reports/GO-2024-2912.yaml Updates #64 Updates #65 Updates #701 Updates #2912 Change-Id: Id36b6a47f75c4afb79318d0c3b9ff3b62c5be601 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/599177 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
golang · Jul 19, 2024 · 37c5cbe · 37c5cbe
1 parent 76c7a5b
commit 37c5cbe
Show file tree

Hide file tree

Showing 8 changed files with 6 additions and 82 deletions.
diff --git a/data/osv/GO-2021-0064.json b/data/osv/GO-2021-0064.json
@@ -43,35 +43,6 @@
           }
         ]
       }
-    },
-    {
-      "package": {
-        "name": "k8s.io/kubernetes",
-        "ecosystem": "Go"
-      },
-      "ranges": [
-        {
-          "type": "SEMVER",
-          "events": [
-            {
-              "introduced": "0"
-            },
-            {
-              "fixed": "1.20.0-alpha.2"
-            }
-          ]
-        }
-      ],
-      "ecosystem_specific": {
-        "imports": [
-          {
-            "path": "k8s.io/kubernetes/staging/src/k8s.io/client-go/transport",
-            "symbols": [
-              "requestInfo.toCurl"
-            ]
-          }
-        ]
-      }
     }
   ],
   "references": [

diff --git a/data/osv/GO-2021-0065.json b/data/osv/GO-2021-0065.json
@@ -42,35 +42,6 @@
           }
         ]
       }
-    },
-    {
-      "package": {
-        "name": "k8s.io/kubernetes",
-        "ecosystem": "Go"
-      },
-      "ranges": [
-        {
-          "type": "SEMVER",
-          "events": [
-            {
-              "introduced": "0"
-            },
-            {
-              "fixed": "1.16.0-beta.1"
-            }
-          ]
-        }
-      ],
-      "ecosystem_specific": {
-        "imports": [
-          {
-            "path": "k8s.io/kubernetes/staging/src/k8s.io/client-go/transport",
-            "symbols": [
-              "debuggingRoundTripper.RoundTrip"
-            ]
-          }
-        ]
-      }
     }
   ],
   "references": [

diff --git a/data/osv/GO-2022-0701.json b/data/osv/GO-2022-0701.json
@@ -43,7 +43,7 @@
             ]
           },
           {
-            "path": "k8s.io/kubernetes/pkg/storage",
+            "path": "k8s.io/kubernetes/pkg/api/storage",
             "symbols": [
               "NamespaceKeyFunc",
               "NoNamespaceKeyFunc"

diff --git a/data/osv/GO-2024-2912.json b/data/osv/GO-2024-2912.json
@@ -31,14 +31,14 @@
       "ecosystem_specific": {
         "imports": [
           {
-            "path": "github.com/docker/cli/command",
+            "path": "github.com/docker/cli/cli/command",
             "symbols": [
               "GetDefaultAuthConfig",
               "RegistryAuthenticationPrivilegedFunc"
             ]
           },
           {
-            "path": "github.com/docker/cli/command/registry",
+            "path": "github.com/docker/cli/cli/command/registry",
             "symbols": [
               "runLogin"
             ]

diff --git a/data/reports/GO-2021-0064.yaml b/data/reports/GO-2021-0064.yaml
@@ -14,15 +14,6 @@ modules:
             - debuggingRoundTripper.RoundTrip
             - impersonatingRoundTripper.RoundTrip
             - userAgentRoundTripper.RoundTrip
-    - module: k8s.io/kubernetes
-      versions:
-        - fixed: 1.20.0-alpha.2
-      vulnerable_at: 1.20.0-alpha.1
-      packages:
-        - package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport
-          symbols:
-            - requestInfo.toCurl
-          skip_fix: 'TODO: revisit this reason (module does not contain package k8s.io/kubernetes/staging/src/k8s.io/client-go/transport)'
 summary: |-
     Unauthorized credential disclosure via debug logs in k8s.io/kubernetes and
     k8s.io/client-go

diff --git a/data/reports/GO-2021-0065.yaml b/data/reports/GO-2021-0065.yaml
@@ -13,15 +13,6 @@ modules:
             - bearerAuthRoundTripper.RoundTrip
             - impersonatingRoundTripper.RoundTrip
             - userAgentRoundTripper.RoundTrip
-    - module: k8s.io/kubernetes
-      versions:
-        - fixed: 1.16.0-beta.1
-      vulnerable_at: 1.16.0-beta.0
-      packages:
-        - package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport
-          symbols:
-            - debuggingRoundTripper.RoundTrip
-          skip_fix: 'TODO: revisit this reason (module does not contain package k8s.io/kubernetes/staging/src/k8s.io/client-go/transport)'
 summary: Unauthorized credential disclosure in k8s.io/kubernetes and k8s.io/client-go
 description: |-
     Authorization tokens may be inappropriately logged if the verbosity level is set

diff --git a/data/reports/GO-2022-0701.yaml b/data/reports/GO-2022-0701.yaml
@@ -13,7 +13,7 @@ modules:
           symbols:
             - NamespaceKeyFunc
           skip_fix: 'TODO: Revisit this reason (Dependency github.com/docker/docker/pkg/units no longer exists)'
-        - package: k8s.io/kubernetes/pkg/storage
+        - package: k8s.io/kubernetes/pkg/api/storage
           symbols:
             - NamespaceKeyFunc
             - NoNamespaceKeyFunc

diff --git a/data/reports/GO-2024-2912.yaml b/data/reports/GO-2024-2912.yaml
@@ -5,12 +5,12 @@ modules:
         - fixed: 20.10.9+incompatible
       vulnerable_at: 20.10.8+incompatible
       packages:
-        - package: github.com/docker/cli/command
+        - package: github.com/docker/cli/cli/command
           symbols:
             - RegistryAuthenticationPrivilegedFunc
             - GetDefaultAuthConfig
           skip_fix: fix error due to incompatible version
-        - package: github.com/docker/cli/command/registry
+        - package: github.com/docker/cli/cli/command/registry
           symbols:
             - runLogin
           skip_fix: fix error due to incompatible version