From eb8877274c317cbeb319f02fa33a790cdedb3fee Mon Sep 17 00:00:00 2001 From: Gianni Carafa Date: Mon, 21 Mar 2022 15:40:50 +0100 Subject: [PATCH] remove vulnerable mod gjson since since json is not validated anyway --- go.mod | 4 ---- go.sum | 8 -------- pkg/api/api.go | 3 ++- 3 files changed, 2 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 5ef2445..974c2fd 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,6 @@ require ( github.com/google/uuid v1.3.0 github.com/klustair/cvssv3 v0.0.0-20220111135141-c39f8571cafd github.com/klustair/trivy v0.22.1-0.20211228084627-1aed6e6950a5 - github.com/miladibra10/vjson v0.2.1 github.com/sirupsen/logrus v1.8.1 github.com/umisama/go-cvss v0.0.0-20150430082624-a4ad666ead9b github.com/urfave/cli/v2 v2.3.0 @@ -144,9 +143,6 @@ require ( github.com/spf13/pflag v1.0.5 // indirect github.com/stretchr/objx v0.3.0 // indirect github.com/stretchr/testify v1.7.0 // indirect - github.com/tidwall/gjson v1.7.5 // indirect - github.com/tidwall/match v1.0.3 // indirect - github.com/tidwall/pretty v1.1.0 // indirect github.com/tmccombs/hcl2json v0.3.1 // indirect github.com/twitchtv/twirp v8.1.0+incompatible // indirect github.com/ulikunitz/xz v0.5.8 // indirect diff --git a/go.sum b/go.sum index 5caaa43..64182a4 100644 --- a/go.sum +++ b/go.sum @@ -1349,8 +1349,6 @@ github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKju github.com/miekg/dns v1.1.34/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/miladibra10/vjson v0.2.1 h1:UGbg10Hxun05+bIC+cGbnpXpY/fn7dOKV0Ho0druF8o= -github.com/miladibra10/vjson v0.2.1/go.mod h1:2ux61EIRFvZC2dQHjGXJXi+/fo5RQApo02B4dWEDo3Q= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= @@ -1754,13 +1752,7 @@ github.com/tdakkota/asciicheck v0.0.0-20200416200610-e657995f937b/go.mod h1:yHp0 github.com/testcontainers/testcontainers-go v0.11.1/go.mod h1:/V0UVq+1e7NWYoqTPog179clf0Qp9TOyp4EcXaEFQz8= github.com/tetafro/godot v0.3.7/go.mod h1:/7NLHhv08H1+8DNj0MElpAACw1ajsCuf3TKNQxA5S+0= github.com/tetafro/godot v0.4.2/go.mod h1:/7NLHhv08H1+8DNj0MElpAACw1ajsCuf3TKNQxA5S+0= -github.com/tidwall/gjson v1.7.5 h1:zmAN/xmX7OtpAkv4Ovfso60r/BiCi5IErCDYGNJu+uc= -github.com/tidwall/gjson v1.7.5/go.mod h1:5/xDoumyyDNerp2U36lyolv46b3uF/9Bu6OfyQ9GImk= -github.com/tidwall/match v1.0.3 h1:FQUVvBImDutD8wJLN6c5eMzWtjgONK9MwIBCOrUJKeE= -github.com/tidwall/match v1.0.3/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= -github.com/tidwall/pretty v1.1.0 h1:K3hMW5epkdAVwibsQEfR/7Zj0Qgt4DxtNumTq/VloO8= -github.com/tidwall/pretty v1.1.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= github.com/timakin/bodyclose v0.0.0-20200424151742-cb6215831a94/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= diff --git a/pkg/api/api.go b/pkg/api/api.go index 433b2df..7f90920 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -7,7 +7,6 @@ import ( "net/http" "strings" - "github.com/miladibra10/vjson" log "github.com/sirupsen/logrus" ) @@ -89,6 +88,7 @@ func (c *ApiClient) Submit(method string, path string, data string, schema strin return nil } +/* func (c *ApiClient) validate(json string, schema string) error { sma, err := vjson.ReadFromFile("./pkg/api/schema/" + schema + ".json") @@ -104,3 +104,4 @@ func (c *ApiClient) validate(json string, schema string) error { } return nil } +*/