fix and run govulncheck

2026-05-14 15:07:51 +03:00 · 2026-05-14 15:07:51 +03:00 · 5fa0ca0444
commit 5fa0ca0444
parent 5220fca398
6 changed files with 334 additions and 3 deletions
--- a/govulncheck/results.txt
+++ b/govulncheck/results.txt
@ -0,0 +1,25 @@
+=== Symbol Results ===
+
+Vulnerability #1: GO-2026-4341
+    Memory exhaustion in query parameter parsing in net/url
+  More info: https://pkg.go.dev/vuln/GO-2026-4341
+  Standard library
+    Found in: net/url@go1.24.4
+    Fixed in: net/url@go1.24.12
+    Example traces found:
+      #1: internal/db/sqlite.go:32:26: db.Init calls sql.Open, which eventually calls url.ParseQuery
+
+Vulnerability #2: GO-2025-3849
+    Incorrect results returned from Rows.Scan in database/sql
+  More info: https://pkg.go.dev/vuln/GO-2025-3849
+  Standard library
+    Found in: database/sql@go1.24.4
+    Fixed in: database/sql@go1.24.6
+    Example traces found:
+      #1: internal/db/sqlite.go:89:17: db.GetUser calls sql.Row.Scan
+
+Your code is affected by 2 vulnerabilities from the Go standard library.
+This scan also found 4 vulnerabilities in packages you import and 29
+vulnerabilities in modules you require, but your code doesn't appear to call
+these vulnerabilities.
+Use '-show verbose' for more details.