From 3ee9146ba8f40cc2135bb9fff4c9d24b0d5e9957 Mon Sep 17 00:00:00 2001
From: Tatiana Bradley <tatianabradley@google.com>
Date: Wed, 21 Sep 2022 11:46:16 -0400
Subject: [PATCH] data/reports: add ghsa for GO-2022-0978.yaml

For golang/vulndb#978

Change-Id: I406b786b54ac60aab524a83607459746a7ed972f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/432417
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
---
 data/osv/GO-2022-0978.json     | 5 +++--
 data/reports/GO-2022-0978.yaml | 4 +++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/data/osv/GO-2022-0978.json b/data/osv/GO-2022-0978.json
index 7cf6c512..c99165f3 100644
--- a/data/osv/GO-2022-0978.json
+++ b/data/osv/GO-2022-0978.json
@@ -3,9 +3,10 @@
   "published": "2022-09-13T17:40:16Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2022-36085"
+    "CVE-2022-36085",
+    "GHSA-f524-rf33-2jjr"
   ],
-  "details": "Open Policy Agent (OPA) is an open source, general-purpose policy engine.\nThe Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function,\nwhich allows users to provide a set of built-in functions that should be\ndeemed unsafe and rejected by the compiler if encountered in the policy\ncompilation stage.\n\nA bypass of this protection is possible when using the `with`\nkeyword to mock a built-in function that isn’t taken into account by\n`WithUnsafeBuiltins`.\n",
+  "details": "Open Policy Agent (OPA) is an open source, general-purpose policy engine.\nThe Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function,\nwhich allows users to provide a set of built-in functions that should be\ndeemed unsafe and rejected by the compiler if encountered in the policy\ncompilation stage.\n\nA bypass of this protection is possible when using the `with`\nkeyword to mock a built-in function that isn't taken into account by\n`WithUnsafeBuiltins`.\n",
   "affected": [
     {
       "package": {
diff --git a/data/reports/GO-2022-0978.yaml b/data/reports/GO-2022-0978.yaml
index 76a53960..395740fb 100644
--- a/data/reports/GO-2022-0978.yaml
+++ b/data/reports/GO-2022-0978.yaml
@@ -171,11 +171,13 @@ description: |
     compilation stage.
 
     A bypass of this protection is possible when using the `with`
-    keyword to mock a built-in function that isn’t taken into account by
+    keyword to mock a built-in function that isn't taken into account by
     `WithUnsafeBuiltins`.
 published: 2022-09-13T17:40:16Z
 cves:
   - CVE-2022-36085
+ghsas:
+  - GHSA-f524-rf33-2jjr
 credit: anderseknert@
 references:
   - advisory: https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr