johnsonjh / gfcptun Goto Github PK
View Code? Open in Web Editor NEWgfcptun: A fast and low-latency tunnel using GFCP over UDP
License: MIT License
gfcptun's Issues
(CRT-A0014) `switch` with single case can be rewritten as `if-else`
Description
Single-statement switch can be replaced by if-else. For single statements, if-else appears to be more readable. Example: go switch x := x.(type) { case int: body() } should be written as: go if x, ok := x.(int); ok { body() }
Occurrences
There are 2 occurrences of this issue in the repository.
See all occurrences on DeepSource → deepsource.io/gh/johnsonjh/gfcptun/issue/CRT-A0014/occurrences/
(GSC-G302) Poor file permissions used when creation file or using chmod
Description
Excessive permissions granted to a file/directory. This warning is triggered whenever a permission greater than 0600 is granted. In general, all security rules follow the principle of least privilege, except when the file being created needs to be accessed by anyone other than the user creating it.
Occurrences
There are 3 occurrences of this issue in the repository.
See all occurrences on DeepSource → deepsource.io/gh/johnsonjh/gfcptun/issue/GSC-G302/occurrences/
CVE-2022-41717 (Medium) detected in golang.org/x/sys-v0.0.0-20220403205710-6acee93ad0eb - autoclosed
CVE-2022-41717 - Medium Severity Vulnerability
Vulnerable Library - golang.org/x/sys-v0.0.0-20220403205710-6acee93ad0eb
Library home page: https://proxy.golang.org/golang.org/x/sys/@v/v0.0.0-20220403205710-6acee93ad0eb.zip
Dependency Hierarchy:
- github.com/johnsonjh/gfcp-v0.0.0-20220412142542-7d928d68853f (Root Library)
- golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b
- ❌ golang.org/x/sys-v0.0.0-20220403205710-6acee93ad0eb (Vulnerable Library)
- golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b
Found in HEAD commit: 7954dc36e78dd60323087cd10fee1ff24eec0ceb
Found in base branch: master
Vulnerability Details
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Publish Date: 2022-12-08
URL: CVE-2022-41717
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-12-08
Fix Resolution: go1.19.4
Step up your Open Source Security Game with Mend here
CVE-2022-29526 (Medium) detected in golang.org/x/sys-v0.0.0-20220403205710-6acee93ad0eb - autoclosed
CVE-2022-29526 - Medium Severity Vulnerability
Vulnerable Library - golang.org/x/sys-v0.0.0-20220403205710-6acee93ad0eb
Library home page: https://proxy.golang.org/golang.org/x/sys/@v/v0.0.0-20220403205710-6acee93ad0eb.zip
Dependency Hierarchy:
- github.com/johnsonjh/gfcp-v0.0.0-20220412142542-7d928d68853f (Root Library)
- golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b
- ❌ golang.org/x/sys-v0.0.0-20220403205710-6acee93ad0eb (Vulnerable Library)
- golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b
Found in HEAD commit: 7954dc36e78dd60323087cd10fee1ff24eec0ceb
Found in base branch: master
Vulnerability Details
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
Publish Date: 2022-06-23
URL: CVE-2022-29526
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2022-29526
Release Date: 2022-06-23
Fix Resolution: go1.17.10,go1.18.2,go1.19
Step up your Open Source Security Game with Mend here
(SCC-S1000) Use plain channel send or receive
Description
Select statements with a single case can be replaced with a simple send or receive. If you intend to handle the case when there is no value received from channel, add a default case to make the select statement non-blocking. Bad pattern: ```go select { case x := <-ch: fmt.Println(x) …
Occurrences
There is 1 occurrence of this issue in the repository.
See all occurrences on DeepSource → deepsource.io/gh/johnsonjh/gfcptun/issue/SCC-S1000/occurrences/
(SCC-S1000) Use plain channel send or receive
Description
Select statements with a single case can be replaced with a simple send or receive. If you intend to handle the case when there is no value received from channel, add a default case to make the select statement non-blocking. Bad pattern: ```go select { case x := <-ch: fmt.Println(x) …
Occurrences
There is 1 occurrence of this issue in the repository.
See all occurrences on DeepSource → deepsource.io/gh/johnsonjh/gfcptun/issue/SCC-S1000/occurrences/
CVE-2022-28131 (High) detected in golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b - autoclosed
CVE-2022-28131 - High Severity Vulnerability
Vulnerable Library - golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b
Library home page: https://proxy.golang.org/golang.org/x/net/@v/v0.0.0-20220403103023-749bd193bc2b.zip
Dependency Hierarchy:
- github.com/johnsonjh/gfcp-v0.0.0-20220412142542-7d928d68853f (Root Library)
- ❌ golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b (Vulnerable Library)
Found in HEAD commit: 7954dc36e78dd60323087cd10fee1ff24eec0ceb
Found in base branch: master
Vulnerability Details
In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before 1.18.4, stack exhaustion and a panic can occur via a deeply nested XML document.
Publish Date: 2022-08-10
URL: CVE-2022-28131
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2022-28131
Release Date: 2022-03-29
Fix Resolution: go1.17.12,go1.18.4
Step up your Open Source Security Game with Mend here
Dependency Dashboard
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
Detected dependencies
github-actions
.github/workflows/codeql.yml
actions/checkout v4github/codeql-action v3github/codeql-action v3github/codeql-action v3
gomod
go.mod
go 1.19github.com/golang/snappy v0.0.4github.com/johnsonjh/gfcp v0.0.0-20240419121919-a79bfa58fa2d@a79bfa58fa2dgithub.com/johnsonjh/gfsmux v0.0.0-20240425202302-5a8b407e1dc1@5a8b407e1dc1github.com/pkg/errors v0.9.2-0.20201214064552-5dd12d0cfe7f@5dd12d0cfe7fgithub.com/urfave/cli/v2 v2.27.2github.com/urfave/cli/v2 v2.27.2github.com/xtaci/tcpraw v1.2.25
- Check this box to trigger a request for Renovate to run again on this repository
(CRT-A0014) `switch` with single case can be rewritten as `if-else`
Description
Single-statement switch can be replaced by if-else. For single statements, if-else appears to be more readable. Example: go switch x := x.(type) { case int: body() } should be written as: go if x, ok := x.(int); ok { body() }
Occurrences
There are 2 occurrences of this issue in the repository.
See all occurrences on DeepSource → deepsource.io/gh/johnsonjh/gfcptun/issue/CRT-A0014/occurrences/
CVE-2022-30633 (High) detected in golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b - autoclosed
CVE-2022-30633 - High Severity Vulnerability
Vulnerable Library - golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b
Library home page: https://proxy.golang.org/golang.org/x/net/@v/v0.0.0-20220403103023-749bd193bc2b.zip
Dependency Hierarchy:
- github.com/johnsonjh/gfcp-v0.0.0-20220412142542-7d928d68853f (Root Library)
- ❌ golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b (Vulnerable Library)
Found in HEAD commit: 7954dc36e78dd60323087cd10fee1ff24eec0ceb
Found in base branch: master
Vulnerability Details
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.
Publish Date: 2022-08-10
URL: CVE-2022-30633
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2022-30633
Release Date: 2022-05-13
Fix Resolution: go1.17.12,go1.18.4
Step up your Open Source Security Game with Mend here
CVE-2022-27664 (High) detected in golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b - autoclosed
CVE-2022-27664 - High Severity Vulnerability
Vulnerable Library - golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b
Library home page: https://proxy.golang.org/golang.org/x/net/@v/v0.0.0-20220403103023-749bd193bc2b.zip
Dependency Hierarchy:
- github.com/johnsonjh/gfcp-v0.0.0-20220412142542-7d928d68853f (Root Library)
- ❌ golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b (Vulnerable Library)
Found in HEAD commit: 92499f5b3359bc1077fbfdd891f56772a910efce
Found in base branch: master
Vulnerability Details
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Publish Date: 2022-09-06
URL: CVE-2022-27664
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with Mend here
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.