data/reports: add ghsa for GO-2022-0978.yaml

For #978 Change-Id: I406b786b54ac60aab524a83607459746a7ed972f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/432417 Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Tatiana Bradley <tatiana@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
golang · Sep 21, 2022 · 3ee9146 · 3ee9146
1 parent c9514b2
commit 3ee9146
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/data/osv/GO-2022-0978.json b/data/osv/GO-2022-0978.json
@@ -3,9 +3,10 @@
   "published": "2022-09-13T17:40:16Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2022-36085"
+    "CVE-2022-36085",
+    "GHSA-f524-rf33-2jjr"
   ],
-  "details": "Open Policy Agent (OPA) is an open source, general-purpose policy engine.\nThe Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function,\nwhich allows users to provide a set of built-in functions that should be\ndeemed unsafe and rejected by the compiler if encountered in the policy\ncompilation stage.\n\nA bypass of this protection is possible when using the `with`\nkeyword to mock a built-in function that isn’t taken into account by\n`WithUnsafeBuiltins`.\n",
+  "details": "Open Policy Agent (OPA) is an open source, general-purpose policy engine.\nThe Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function,\nwhich allows users to provide a set of built-in functions that should be\ndeemed unsafe and rejected by the compiler if encountered in the policy\ncompilation stage.\n\nA bypass of this protection is possible when using the `with`\nkeyword to mock a built-in function that isn't taken into account by\n`WithUnsafeBuiltins`.\n",
   "affected": [
     {
       "package": {

diff --git a/data/reports/GO-2022-0978.yaml b/data/reports/GO-2022-0978.yaml
@@ -171,11 +171,13 @@ description: |
     compilation stage.
 
     A bypass of this protection is possible when using the `with`
-    keyword to mock a built-in function that isn’t taken into account by
+    keyword to mock a built-in function that isn't taken into account by
     `WithUnsafeBuiltins`.
 published: 2022-09-13T17:40:16Z
 cves:
   - CVE-2022-36085
+ghsas:
+  - GHSA-f524-rf33-2jjr
 credit: anderseknert@
 references:
   - advisory: https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr