Skip to content

Commit

Permalink
CVE-2020-25614: Update xmlquery, jsonquery and xpath packages. (#58)
Browse files Browse the repository at this point in the history
Updated xmlquery version from 1.2.1 to 1.3.1
Updated jsonquery version from 1.1.0 to 1.1.4
Updated xpath version from 1.1.2 to 1.1.10

Updated patch files as package version are updated.
  • Loading branch information
maheshwari-mayank authored Apr 19, 2022
1 parent 5156527 commit ec32690
Show file tree
Hide file tree
Showing 5 changed files with 137 additions and 245 deletions.
7 changes: 4 additions & 3 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@ module github.com/Azure/sonic-mgmt-common

require (
github.com/Workiva/go-datastructures v1.0.50
github.com/antchfx/jsonquery v1.1.0
github.com/antchfx/xmlquery v1.2.1
github.com/antchfx/xpath v1.1.2
github.com/antchfx/jsonquery v1.1.4
github.com/antchfx/xmlquery v1.3.1
github.com/antchfx/xpath v1.1.10
github.com/go-redis/redis v6.15.6+incompatible
github.com/go-redis/redis/v7 v7.0.0-beta.3.0.20190824101152-d19aba07b476
github.com/godbus/dbus/v5 v5.1.0
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
github.com/openconfig/gnmi v0.0.0-20200617225440-d2b4e6a45802
Expand Down
20 changes: 14 additions & 6 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,13 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/Workiva/go-datastructures v1.0.50 h1:slDmfW6KCHcC7U+LP3DDBbm4fqTwZGn1beOFPfGaLvo=
github.com/Workiva/go-datastructures v1.0.50/go.mod h1:Z+F2Rca0qCsVYDS8z7bAGm8f3UkzuWYS/oBZz5a7VVA=
github.com/antchfx/jsonquery v1.1.0 h1:ZeqeHheI8WsEN5blUqZXZ30w2jrbFvlQIq5B7X7Z86E=
github.com/antchfx/jsonquery v1.1.0/go.mod h1:h7950pvPrUZzJIflNqsELgDQovTpPNa0rAHf8NwjegY=
github.com/antchfx/xmlquery v1.2.1 h1:wE4xjHrqOScP440wdv23Xkg0Gr8JryW0ptqodPH+y2U=
github.com/antchfx/xmlquery v1.2.1/go.mod h1:/+CnyD/DzHRnv2eRxrVbieRU/FIF6N0C+7oTtyUtCKk=
github.com/antchfx/xpath v1.1.2 h1:YziPrtM0gEJBnhdUGxYcIVYXZ8FXbtbovxOi+UW/yWQ=
github.com/antchfx/xpath v1.1.2/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk=
github.com/antchfx/jsonquery v1.1.4 h1:+OlFO3QS9wjU0MKx9MgHm5f6o6hdd4e9mUTp0wTjxlM=
github.com/antchfx/jsonquery v1.1.4/go.mod h1:cHs8r6Bymd8j6HI6Ej1IJbjahKvLBcIEh54dfmo+E9A=
github.com/antchfx/xmlquery v1.3.1 h1:nIKWdtnhrXtj0/IRUAAw2I7TfpHUa3zMnHvNmPXFg+w=
github.com/antchfx/xmlquery v1.3.1/go.mod h1:64w0Xesg2sTaawIdNqMB+7qaW/bSqkQm+ssPaCMWNnc=
github.com/antchfx/xpath v1.1.7/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk=
github.com/antchfx/xpath v1.1.10 h1:cJ0pOvEdN/WvYXxvRrzQH9x5QWKpzHacYO8qzCcDYAg=
github.com/antchfx/xpath v1.1.10/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk=
github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
Expand All @@ -21,6 +22,8 @@ github.com/go-redis/redis v6.15.6+incompatible h1:H9evprGPLI8+ci7fxQx6WNZHJSb7be
github.com/go-redis/redis v6.15.6+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
github.com/go-redis/redis/v7 v7.0.0-beta.3.0.20190824101152-d19aba07b476 h1:WNSiFp8Ww4ZP7XUzW56zDYv5roKQ4VfsdHCLoh8oDj4=
github.com/go-redis/redis/v7 v7.0.0-beta.3.0.20190824101152-d19aba07b476/go.mod h1:xhhSbUMTsleRPur+Vgx9sUHtyN33bdjxY+9/0n9Ig8s=
github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
Expand Down Expand Up @@ -74,6 +77,7 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
Expand All @@ -87,6 +91,8 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0=
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc h1:zK/HqS5bZxDptfPJNq8v7vJfXtkU7r9TLIoSr1bXaP4=
golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
Expand All @@ -97,6 +103,8 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
Expand Down
10 changes: 5 additions & 5 deletions patches/jsonquery.patch
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
diff --git a/node.go b/node.go
index 76032bb..f6103d9 100644
index 4b28b32..afeed80 100644
--- a/node.go
+++ b/node.go
@@ -8,6 +8,7 @@ import (
Expand All @@ -10,7 +10,7 @@ index 76032bb..f6103d9 100644
)

// A NodeType is the type of a Node.
@@ -110,6 +111,29 @@ func parseValue(x interface{}, top *Node, level int) {
@@ -143,6 +144,29 @@ func parseValue(x interface{}, top *Node, level int) {
addNode(n)
parseValue(vv, n, level+1)
}
Expand Down Expand Up @@ -40,7 +40,7 @@ index 76032bb..f6103d9 100644
case map[string]interface{}:
// The Go’s map iteration order is random.
// (https://blog.golang.org/go-maps-in-action#Iteration-order)
@@ -119,9 +143,21 @@ func parseValue(x interface{}, top *Node, level int) {
@@ -152,9 +176,21 @@ func parseValue(x interface{}, top *Node, level int) {
}
sort.Strings(keys)
for _, key := range keys {
Expand All @@ -64,7 +64,7 @@ index 76032bb..f6103d9 100644
}
case string:
n := &Node{Data: v, Type: TextNode, level: level}
@@ -155,3 +191,9 @@ func Parse(r io.Reader) (*Node, error) {
@@ -188,3 +224,9 @@ func Parse(r io.Reader) (*Node, error) {
}
return parse(b)
}
Expand All @@ -75,7 +75,7 @@ index 76032bb..f6103d9 100644
+ return doc, nil
+}
diff --git a/query.go b/query.go
index d105962..e8db1d6 100644
index 6421801..e3df27a 100644
--- a/query.go
+++ b/query.go
@@ -120,6 +120,14 @@ func (a *NodeNavigator) MoveToRoot() {
Expand Down
14 changes: 7 additions & 7 deletions patches/xmlquery.patch
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
diff --git a/node.go b/node.go
index e86c0c3..028867c 100644
index e053748..1c9a529 100644
--- a/node.go
+++ b/node.go
@@ -48,7 +48,7 @@ type Node struct {
@@ -45,7 +45,7 @@ type Node struct {

// InnerText returns the text between the start and end tags of the object.
func (n *Node) InnerText() string {
- var output func(*bytes.Buffer, *Node)
+ /*var output func(*bytes.Buffer, *Node)
output = func(buf *bytes.Buffer, n *Node) {
switch n.Type {
case TextNode:
@@ -64,7 +64,18 @@ func (n *Node) InnerText() string {
case TextNode, CharDataNode:
@@ -60,7 +60,18 @@ func (n *Node) InnerText() string {

var buf bytes.Buffer
output(&buf, n)
Expand All @@ -32,7 +32,7 @@ index e86c0c3..028867c 100644

func (n *Node) sanitizedData(preserveSpaces bool) string {
diff --git a/query.go b/query.go
index 146c2a4..f21b61b 100644
index c148e5f..4ac76af 100644
--- a/query.go
+++ b/query.go
@@ -49,6 +49,29 @@ func CreateXPathNavigator(top *Node) *NodeNavigator {
Expand Down Expand Up @@ -65,7 +65,7 @@ index 146c2a4..f21b61b 100644
func getCurrentNode(it *xpath.NodeIterator) *Node {
n := it.Current().(*NodeNavigator)
if n.NodeType() == xpath.AttributeNode {
@@ -145,7 +168,7 @@ func FindEachWithBreak(top *Node, expr string, cb func(int, *Node) bool) {
@@ -146,7 +169,7 @@ func FindEachWithBreak(top *Node, expr string, cb func(int, *Node) bool) {
}

type NodeNavigator struct {
Expand All @@ -74,7 +74,7 @@ index 146c2a4..f21b61b 100644
attr int
}

@@ -212,6 +235,17 @@ func (x *NodeNavigator) MoveToRoot() {
@@ -217,6 +240,17 @@ func (x *NodeNavigator) MoveToRoot() {
x.curr = x.root
}

Expand Down
Loading

0 comments on commit ec32690

Please sign in to comment.