From e75c1298b059d80cbfe3e5e122d73bc9d76ed108 Mon Sep 17 00:00:00 2001 From: Julie Qiu Date: Tue, 13 Sep 2022 13:30:58 -0400 Subject: [PATCH] data/reports: add GO-2022-0978.yaml for CVE-2022-36085 Fixes golang/vulndb#978 Change-Id: I62274f5281e7c00674ad0ed6a5321fe076a44e36 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430362 Reviewed-by: Julie Qiu Reviewed-by: Tatiana Bradley --- data/reports/GO-2022-0978.yaml | 185 +++++++++++++++++++++++++++++++++ 1 file changed, 185 insertions(+) create mode 100644 data/reports/GO-2022-0978.yaml diff --git a/data/reports/GO-2022-0978.yaml b/data/reports/GO-2022-0978.yaml new file mode 100644 index 00000000..ba2c3140 --- /dev/null +++ b/data/reports/GO-2022-0978.yaml @@ -0,0 +1,185 @@ +modules: + - module: github.com/open-policy-agent/opa + versions: + - introduced: 0.40.0 + fixed: 0.44.0 + vulnerable_at: 0.43.0 + packages: + - package: github.com/open-policy-agent/opa/ast + symbols: + - Compiler.rewriteWithModifiers + - isBuiltinRefOrVar + - queryCompiler.checkDeprecatedBuiltins + - queryCompiler.checkUnsafeBuiltins + - rewriteWithModifier + - rewriteWithModifiersInBody + - validateWith + - validateWithFunctionValue + derived_symbols: + - Args.Copy + - Args.Vars + - Array.Copy + - Array.Foreach + - Array.Iter + - Array.Until + - ArrayComprehension.Copy + - BeforeAfterVisitor.Walk + - Body.Copy + - Body.Vars + - Call.Copy + - CompileModules + - CompileModulesWithOpt + - Compiler.Compile + - Compiler.GetRulesDynamic + - Compiler.GetRulesDynamicWithOpts + - Compiler.PassesTypeCheck + - ContainsClosures + - ContainsComprehensions + - ContainsRefs + - Copy + - Every.Copy + - Every.KeyValueVars + - Expr.Copy + - Expr.CopyWithoutTerms + - Expr.Vars + - GenericTransformer.Transform + - GenericVisitor.Walk + - Head.Copy + - Head.Vars + - Import.Copy + - IsConstant + - JSON + - JSONWithOpt + - Module.Copy + - Module.UnmarshalJSON + - MustCompileModules + - MustCompileModulesWithOpts + - MustJSON + - MustParseBody + - MustParseBodyWithOpts + - MustParseExpr + - MustParseImports + - MustParseModule + - MustParseModuleWithOpts + - MustParsePackage + - MustParseRef + - MustParseRule + - MustParseStatement + - MustParseStatements + - MustParseTerm + - NewGraph + - ObjectComprehension.Copy + - OutputVarsFromBody + - OutputVarsFromExpr + - Package.Copy + - ParseBody + - ParseBodyWithOpts + - ParseExpr + - ParseImports + - ParseModule + - ParseModuleWithOpts + - ParsePackage + - ParseRef + - ParseRule + - ParseStatement + - ParseStatements + - ParseStatementsWithOpts + - ParseTerm + - Parser.Parse + - Pretty + - QueryContext.Copy + - Ref.ConstantPrefix + - Ref.Copy + - Ref.Dynamic + - Ref.Extend + - Ref.OutputVars + - Rule.Copy + - SetComprehension.Copy + - SomeDecl.Copy + - Term.Copy + - Term.Vars + - Transform + - TransformComprehensions + - TransformRefs + - TransformVars + - TreeNode.DepthFirst + - TypeEnv.Get + - Unify + - ValueMap.Copy + - ValueMap.Equal + - ValueMap.Hash + - ValueMap.Iter + - ValueMap.MarshalJSON + - ValueMap.String + - ValueToInterface + - VarVisitor.Walk + - Walk + - WalkBeforeAndAfter + - WalkBodies + - WalkClosures + - WalkExprs + - WalkNodes + - WalkRefs + - WalkRules + - WalkTerms + - WalkVars + - WalkWiths + - With.Copy + - baseDocEqIndex.AllRules + - baseDocEqIndex.Build + - baseDocEqIndex.Lookup + - bodySafetyTransformer.Visit + - comprehensionIndexNestedCandidateVisitor.Walk + - comprehensionIndexRegressionCheckVisitor.Walk + - metadataParser.Parse + - object.Copy + - object.Diff + - object.Filter + - object.Foreach + - object.Intersect + - object.Iter + - object.Map + - object.Merge + - object.MergeWith + - object.Until + - queryCompiler.Compile + - refChecker.Visit + - refindices.Sorted + - refindices.Update + - rewriteNestedHeadVarLocalTransform.Visit + - ruleArgLocalRewriter.Visit + - ruleWalker.Do + - set.Copy + - set.Diff + - set.Foreach + - set.Intersect + - set.Iter + - set.Map + - set.Reduce + - set.Union + - set.Until + - trieNode.Do + - trieNode.Traverse + - trieTraversalResult.Add + - typeChecker.CheckBody + - typeChecker.CheckTypes +description: | + Open Policy Agent (OPA) is an open source, general-purpose policy engine. + The Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function, + which allows users to provide a set of built-in functions that should be + deemed unsafe and rejected by the compiler if encountered in the policy + compilation stage. + + A bypass of this protection is possible when using the `with` + keyword to mock a built-in function that isn’t taken into account by + `WithUnsafeBuiltins`. +cves: + - CVE-2022-36085 +credit: anderseknert@ +references: + - advisory: https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr + - fix: https://github.com/open-policy-agent/opa/pull/4540 + - fix: https://github.com/open-policy-agent/opa/pull/4616 + - fix: https://github.com/open-policy-agent/opa/commit/25a597bc3f4985162e7f65f9c36599f4f8f55823 + - fix: https://github.com/open-policy-agent/opa/commit/3e8c754ed007b22393cf65e48751ad9f6457fee8 + - web: https://github.com/open-policy-agent/opa/releases/tag/v0.43.1