Go Vuln the Golang 漏洞数据库
2022/11/11 2:23:53
本文主要是介绍Go Vuln the Golang 漏洞数据库,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
什么是govuln?
Govuln 是一个新的漏洞数据库,用于查找代码中易受攻击的软件包并防止供应链攻击
如何安装 thecligovulncheck
govulncheck
是用于与数据库交互并对照数据库检查代码的命令行推理,请使用以下命令安装它:
go install golang.org/x/vuln/cmd/govulncheck@latest
然后在项目中运行它,如下所示:
govulncheck .
它将在您的依赖项中搜索易受攻击的包。下面是输出的示例:
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback. Scanning for dependencies with known vulnerabilities... No vulnerabilities found. === Informational === The vulnerabilities below are in packages that you import, but your code doesn't appear to call any vulnerable functions. You may not need to take any action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details. Vulnerability #1: GO-2022-1095 Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D". Found in: syscall@go1.19.1 Fixed in: syscall@go1.19.3 More info: https://pkg.go.dev/vuln/GO-2022-1095
有关更多详细信息
这篇关于Go Vuln the Golang 漏洞数据库的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-12-20go-zero 框架的 RPC 服务 启动start和停止 底层是怎么实现的?-icode9专业技术文章分享
- 2024-12-19Go-Zero 框架的 RPC 服务启动和停止的基本机制和过程是怎么实现的?-icode9专业技术文章分享
- 2024-12-18怎么在golang中使用gRPC测试mock数据?-icode9专业技术文章分享
- 2024-12-15掌握PageRank算法核心!你离Google优化高手只差一步!
- 2024-12-15GORM 中的标签 gorm:"index"是什么?-icode9专业技术文章分享
- 2024-12-11怎么在 Go 语言中获取 Open vSwitch (OVS) 的桥接信息(Bridge)?-icode9专业技术文章分享
- 2024-12-11怎么用Go 语言的库来与 Open vSwitch 进行交互?-icode9专业技术文章分享
- 2024-12-11怎么在 go-zero 项目中发送阿里云短信?-icode9专业技术文章分享
- 2024-12-11怎么使用阿里云 Go SDK (alibaba-cloud-sdk-go) 发送短信?-icode9专业技术文章分享
- 2024-12-10搭建个人博客网站之一、使用hugo创建个人博客网站