From e172ea6e03d0286167a4d13ecb426236dd53fe15 Mon Sep 17 00:00:00 2001 From: miryamfoiferCX Date: Mon, 9 Sep 2024 12:53:31 +0300 Subject: [PATCH 1/5] update go version to fix CVE-2024-34156 --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index e8811356e..62fe88e30 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/checkmarx/ast-cli -go 1.22.5 +go 1.23.1 require ( github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 From 727401e02283240724819304fae752e4de4ba568 Mon Sep 17 00:00:00 2001 From: miryamfoiferCX Date: Mon, 9 Sep 2024 13:25:57 +0300 Subject: [PATCH 2/5] change Go version to 1.22.7 --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 62fe88e30..c005abf66 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/checkmarx/ast-cli -go 1.23.1 +go 1.22.7 require ( github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 From 2fe05104cd3093169a37ead258006d3990f3313e Mon Sep 17 00:00:00 2001 From: miryamfoiferCX Date: Mon, 9 Sep 2024 15:18:53 +0300 Subject: [PATCH 3/5] update chainguard version to solve CVE-2024-6119 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7ca51422e..e0b5e294e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM cgr.dev/chainguard/bash@sha256:6f0c9e28cbbe206781cb6b0ace299d1d4edbb2450bfadffb8b2e125596d0f6b0 +FROM cgr.dev/chainguard/bash@sha256:2faccc3e8ab049d82dec0e4d2dd8b45718c71ce640608584d95a39092b5006b5 USER nonroot From 0532d6026ca7b04cfcb9eae2320ad0731fa86118 Mon Sep 17 00:00:00 2001 From: miryamfoiferCX Date: Mon, 9 Sep 2024 15:35:48 +0300 Subject: [PATCH 4/5] add fix of BOM prefix for running tests --- internal/wrappers/export-http.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/internal/wrappers/export-http.go b/internal/wrappers/export-http.go index 95d990974..597696491 100644 --- a/internal/wrappers/export-http.go +++ b/internal/wrappers/export-http.go @@ -172,8 +172,16 @@ func (e *ExportHTTPWrapper) GetScaPackageCollectionExport(fileURL string) (*ScaP } defer resp.Body.Close() + body, err := io.ReadAll(resp.Body) + if err != nil { + return nil, err + } + + // Remove BOM if present + body = bytes.TrimPrefix(body, []byte("\xef\xbb\xbf")) + var scaPackageCollection ScaPackageCollectionExport - if err := json.NewDecoder(resp.Body).Decode(&scaPackageCollection); err != nil { + if err := json.Unmarshal(body, &scaPackageCollection); err != nil { return nil, err } From ffd02958c9077496e4a32b2df0257d5e451fad06 Mon Sep 17 00:00:00 2001 From: miryamfoiferCX Date: Wed, 11 Sep 2024 13:47:50 +0300 Subject: [PATCH 5/5] revert fix of BOM prefix --- internal/wrappers/export-http.go | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/internal/wrappers/export-http.go b/internal/wrappers/export-http.go index 597696491..95d990974 100644 --- a/internal/wrappers/export-http.go +++ b/internal/wrappers/export-http.go @@ -172,16 +172,8 @@ func (e *ExportHTTPWrapper) GetScaPackageCollectionExport(fileURL string) (*ScaP } defer resp.Body.Close() - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - // Remove BOM if present - body = bytes.TrimPrefix(body, []byte("\xef\xbb\xbf")) - var scaPackageCollection ScaPackageCollectionExport - if err := json.Unmarshal(body, &scaPackageCollection); err != nil { + if err := json.NewDecoder(resp.Body).Decode(&scaPackageCollection); err != nil { return nil, err }