From 46b190b9fd0be3ef6a8ec7fd4c02bc0cf4077d0b Mon Sep 17 00:00:00 2001 From: Christian Zunker Date: Tue, 19 Dec 2023 12:51:08 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix=20vuln=20report=20for=20debi?= =?UTF-8?q?an=20origin=20packages?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian Zunker --- go.mod | 2 +- go.sum | 4 ++-- providers/aws/go.mod | 4 ++-- providers/github/go.mod | 2 +- providers/github/go.sum | 4 ++-- providers/google-workspace/go.mod | 2 +- providers/google-workspace/go.sum | 4 ++-- providers/k8s/go.mod | 2 +- providers/k8s/go.sum | 4 ++-- providers/os/resources/vulnmgmt.go | 1 + providers/slack/go.mod | 2 +- providers/vsphere/go.mod | 2 +- providers/vsphere/go.sum | 4 ++-- 13 files changed, 19 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index d30fa21cb5..a74395e552 100644 --- a/go.mod +++ b/go.mod @@ -370,7 +370,7 @@ require ( github.com/yeya24/promlinter v0.2.0 // indirect github.com/ykadowak/zerologlint v0.1.3 // indirect gitlab.com/bosi/decorder v0.4.1 // indirect - go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb + go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496 go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/otel/trace v1.21.0 // indirect go.tmz.dev/musttag v0.7.2 // indirect diff --git a/go.sum b/go.sum index 5129efbdcc..9c74077746 100644 --- a/go.sum +++ b/go.sum @@ -1113,8 +1113,8 @@ go-simpler.org/sloglint v0.1.2/go.mod h1:2LL+QImPfTslD5muNPydAEYmpXIj6o/WYcqnJjL go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= -go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb h1:M32tLS8NVmDbfG7pw/cH2aqUZiFE6lcBJDTJ++wTCSg= -go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb/go.mod h1:elugDWMp6Tnk1tSpTf/7HHewkb0ORjMA2ubeFLI+FwQ= +go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496 h1:1/ygmRQZwmCBpj80QJj0TFr0F/+iT2EmfMyMAfSI5bU= +go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496/go.mod h1:elugDWMp6Tnk1tSpTf/7HHewkb0ORjMA2ubeFLI+FwQ= go.mondoo.com/ranger-rpc v0.5.3 h1:914JOFTrxWFtBu1qrvuTyTyMibuT7g1GAX3HaUcbFqI= go.mondoo.com/ranger-rpc v0.5.3/go.mod h1:p+aaD7IpfhlnjeZ/uJ9ytS1655kaAyspWAzNYUZJHZw= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= diff --git a/providers/aws/go.mod b/providers/aws/go.mod index b01d5032f8..fd3cecd37e 100644 --- a/providers/aws/go.mod +++ b/providers/aws/go.mod @@ -52,8 +52,10 @@ require ( github.com/aws/aws-sdk-go-v2/service/sns v1.26.5 github.com/aws/aws-sdk-go-v2/service/ssm v1.44.5 github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 + github.com/aws/aws-sdk-go-v2/service/wafv2 v1.43.5 github.com/aws/smithy-go v1.19.0 github.com/cockroachdb/errors v1.11.1 + github.com/google/uuid v1.4.0 github.com/rs/zerolog v1.31.0 github.com/spf13/afero v1.11.0 github.com/stretchr/testify v1.8.4 @@ -90,7 +92,6 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.9 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect - github.com/aws/aws-sdk-go-v2/service/wafv2 v1.43.5 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231121224113-b6714ac5eb13 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect @@ -122,7 +123,6 @@ require ( github.com/golang/protobuf v1.5.3 // indirect github.com/google/go-containerregistry v0.17.0 // indirect github.com/google/s2a-go v0.1.7 // indirect - github.com/google/uuid v1.4.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/googleapis/gax-go/v2 v2.12.0 // indirect github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect diff --git a/providers/github/go.mod b/providers/github/go.mod index 0e25c17243..a77419d141 100644 --- a/providers/github/go.mod +++ b/providers/github/go.mod @@ -302,7 +302,7 @@ require ( github.com/ykadowak/zerologlint v0.1.5 // indirect gitlab.com/bosi/decorder v0.4.1 // indirect go-simpler.org/sloglint v0.3.0 // indirect - go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb // indirect + go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/otel v1.21.0 // indirect go.opentelemetry.io/otel/metric v1.21.0 // indirect diff --git a/providers/github/go.sum b/providers/github/go.sum index a0816b737b..a3decca854 100644 --- a/providers/github/go.sum +++ b/providers/github/go.sum @@ -1013,8 +1013,8 @@ go-simpler.org/sloglint v0.3.0/go.mod h1:/RQr0TeTf89IyRjLJ9ogUbIp1Zs5zJJAj02pwQo go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= -go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb h1:M32tLS8NVmDbfG7pw/cH2aqUZiFE6lcBJDTJ++wTCSg= -go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb/go.mod h1:elugDWMp6Tnk1tSpTf/7HHewkb0ORjMA2ubeFLI+FwQ= +go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496 h1:1/ygmRQZwmCBpj80QJj0TFr0F/+iT2EmfMyMAfSI5bU= +go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496/go.mod h1:elugDWMp6Tnk1tSpTf/7HHewkb0ORjMA2ubeFLI+FwQ= go.mondoo.com/ranger-rpc v0.5.3 h1:914JOFTrxWFtBu1qrvuTyTyMibuT7g1GAX3HaUcbFqI= go.mondoo.com/ranger-rpc v0.5.3/go.mod h1:p+aaD7IpfhlnjeZ/uJ9ytS1655kaAyspWAzNYUZJHZw= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= diff --git a/providers/google-workspace/go.mod b/providers/google-workspace/go.mod index a67c54b68b..9d156e19fe 100644 --- a/providers/google-workspace/go.mod +++ b/providers/google-workspace/go.mod @@ -297,7 +297,7 @@ require ( github.com/ykadowak/zerologlint v0.1.5 // indirect gitlab.com/bosi/decorder v0.4.1 // indirect go-simpler.org/sloglint v0.3.0 // indirect - go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb // indirect + go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496 // indirect go.mondoo.com/ranger-rpc v0.5.3 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/otel v1.21.0 // indirect diff --git a/providers/google-workspace/go.sum b/providers/google-workspace/go.sum index 134bae406f..a1f85118b8 100644 --- a/providers/google-workspace/go.sum +++ b/providers/google-workspace/go.sum @@ -1009,8 +1009,8 @@ go-simpler.org/sloglint v0.3.0/go.mod h1:/RQr0TeTf89IyRjLJ9ogUbIp1Zs5zJJAj02pwQo go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= -go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb h1:M32tLS8NVmDbfG7pw/cH2aqUZiFE6lcBJDTJ++wTCSg= -go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb/go.mod h1:elugDWMp6Tnk1tSpTf/7HHewkb0ORjMA2ubeFLI+FwQ= +go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496 h1:1/ygmRQZwmCBpj80QJj0TFr0F/+iT2EmfMyMAfSI5bU= +go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496/go.mod h1:elugDWMp6Tnk1tSpTf/7HHewkb0ORjMA2ubeFLI+FwQ= go.mondoo.com/ranger-rpc v0.5.3 h1:914JOFTrxWFtBu1qrvuTyTyMibuT7g1GAX3HaUcbFqI= go.mondoo.com/ranger-rpc v0.5.3/go.mod h1:p+aaD7IpfhlnjeZ/uJ9ytS1655kaAyspWAzNYUZJHZw= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= diff --git a/providers/k8s/go.mod b/providers/k8s/go.mod index 938b3d6ea2..55b830b87a 100644 --- a/providers/k8s/go.mod +++ b/providers/k8s/go.mod @@ -318,7 +318,7 @@ require ( github.com/ykadowak/zerologlint v0.1.5 // indirect gitlab.com/bosi/decorder v0.4.1 // indirect go-simpler.org/sloglint v0.3.0 // indirect - go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb // indirect + go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496 // indirect go.mondoo.com/ranger-rpc v0.5.3 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/otel v1.21.0 // indirect diff --git a/providers/k8s/go.sum b/providers/k8s/go.sum index 9dac66532b..d88cab2cad 100644 --- a/providers/k8s/go.sum +++ b/providers/k8s/go.sum @@ -1045,8 +1045,8 @@ go-simpler.org/sloglint v0.3.0/go.mod h1:/RQr0TeTf89IyRjLJ9ogUbIp1Zs5zJJAj02pwQo go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= -go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb h1:M32tLS8NVmDbfG7pw/cH2aqUZiFE6lcBJDTJ++wTCSg= -go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb/go.mod h1:elugDWMp6Tnk1tSpTf/7HHewkb0ORjMA2ubeFLI+FwQ= +go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496 h1:1/ygmRQZwmCBpj80QJj0TFr0F/+iT2EmfMyMAfSI5bU= +go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496/go.mod h1:elugDWMp6Tnk1tSpTf/7HHewkb0ORjMA2ubeFLI+FwQ= go.mondoo.com/ranger-rpc v0.5.3 h1:914JOFTrxWFtBu1qrvuTyTyMibuT7g1GAX3HaUcbFqI= go.mondoo.com/ranger-rpc v0.5.3/go.mod h1:p+aaD7IpfhlnjeZ/uJ9ytS1655kaAyspWAzNYUZJHZw= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= diff --git a/providers/os/resources/vulnmgmt.go b/providers/os/resources/vulnmgmt.go index 9301258732..6f785615da 100644 --- a/providers/os/resources/vulnmgmt.go +++ b/providers/os/resources/vulnmgmt.go @@ -243,6 +243,7 @@ func (v *mqlVulnmgmt) getIncognitoReport(mondooClient *gql.MondooClient) (*gql.V Name: mondoogql.String(mqlPkg.Name.Data), Version: mondoogql.String(mqlPkg.Version.Data), Arch: mondoogql.NewStringPtr(mondoogql.String(mqlPkg.Arch.Data)), + Origin: mondoogql.NewStringPtr(mondoogql.String(mqlPkg.Origin.Data)), } } diff --git a/providers/slack/go.mod b/providers/slack/go.mod index e41a2c44eb..fb2aa71590 100644 --- a/providers/slack/go.mod +++ b/providers/slack/go.mod @@ -7,6 +7,7 @@ go 1.21 toolchain go1.21.3 require ( + github.com/hashicorp/go-retryablehttp v0.7.5 github.com/rs/zerolog v1.31.0 github.com/slack-go/slack v0.12.3 go.mondoo.com/cnquery/v9 v9.10.0 @@ -69,7 +70,6 @@ require ( github.com/hashicorp/go-hclog v1.6.1 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.6.0 // indirect - github.com/hashicorp/go-retryablehttp v0.7.5 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect diff --git a/providers/vsphere/go.mod b/providers/vsphere/go.mod index baba618c1e..0fe7e22596 100644 --- a/providers/vsphere/go.mod +++ b/providers/vsphere/go.mod @@ -12,7 +12,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/vmware/govmomi v0.33.1 go.mondoo.com/cnquery/v9 v9.10.0 - go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb + go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496 ) require ( diff --git a/providers/vsphere/go.sum b/providers/vsphere/go.sum index a75491b840..bd555f4285 100644 --- a/providers/vsphere/go.sum +++ b/providers/vsphere/go.sum @@ -557,8 +557,8 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= -go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb h1:M32tLS8NVmDbfG7pw/cH2aqUZiFE6lcBJDTJ++wTCSg= -go.mondoo.com/mondoo-go v0.0.0-20231208095824-90b6fcd58afb/go.mod h1:elugDWMp6Tnk1tSpTf/7HHewkb0ORjMA2ubeFLI+FwQ= +go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496 h1:1/ygmRQZwmCBpj80QJj0TFr0F/+iT2EmfMyMAfSI5bU= +go.mondoo.com/mondoo-go v0.0.0-20231219150337-47ab9e2aa496/go.mod h1:elugDWMp6Tnk1tSpTf/7HHewkb0ORjMA2ubeFLI+FwQ= go.mondoo.com/ranger-rpc v0.5.3 h1:914JOFTrxWFtBu1qrvuTyTyMibuT7g1GAX3HaUcbFqI= go.mondoo.com/ranger-rpc v0.5.3/go.mod h1:p+aaD7IpfhlnjeZ/uJ9ytS1655kaAyspWAzNYUZJHZw= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=