Silverfish/proton-bridge
1
0
Fork 1
mirror of https://github.com/ProtonMail/proton-bridge.git synced 2026-02-04 00:08:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

chore(BRIDGE-440): supress govulnechk findings

Browse Source
This commit is contained in:
Atanas Janeshliev
2025-10-30 14:48:40 +01:00
parent 6ab8558e17
commit 131a663578
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
utils/govulncheck.sh
View File

@ -36,6 +36,15 @@ main(){
ignore GO-2025-3754 "BRIDGE-388 github.com/cloudflare/circl indirect import from gopenpgp; need to wait for upstream to patch"
ignore GO-2025-3849 "BRIDGE-416 database/sql race condition leading to potential data overwrite"
ignore GO-2025-3956 "BRIDGE-428 LookPath from os/exec may result in binaries listed in the path to be returned"
ignore GO-2025-4010 "BRIDGE-440 IPv6 parsing"
ignore GO-2025-4007 "BRIDGE-440 non-linear scaling w.r.t cert chain lenght when validating chains"
ignore GO-2025-4009 "BRIDGE-440 non-linear scaling w.r.t parsing PEM inputs"
ignore GO-2025-4015 "BRIDGE-440 Reader.ReadResponse excessive CPU usage"
ignore GO-2025-4008 "BRIDGE-440 ALPN negotiation failure contains attacker controlled information (not-escaped)"
ignore GO-2025-4012 "BRIDGE-440 potentially excessive memory usage on HTTP servers via cookies"
ignore GO-2025-4013 "BRIDGE-440 validating cert chains with DSA public keys may cause programs to panic"
ignore GO-2025-4011 "BRIDGE-440 pasing a maliciously crafted DER payloads could allocate excessive memory"
ignore GO-2025-4014 "BRIDGE-440 tarball extraction may read an unbounded amount of data from the archive into memory"
has_vulns