From 3c8b7f99cadaa000e642595d0fabcd9ac496f335 Mon Sep 17 00:00:00 2001 From: Dmitri Shuralyov Date: Fri, 13 Dec 2019 11:16:24 -0500 Subject: [PATCH] content/static/doc: copy Go Security Policy page from Go repo The Go Security Policy page is copied from Go master as of 2019/12/13 (commit golang/go@0497f911acbb33efbeac7271dc46e920fe26f4b8, CL 211177). This page not closely tied to specific Go releases, and thus is better suited to live in the x/website repo. Updates golang/go#29206 Change-Id: Ib23fa6ccd11218d5da231cca685f62e610d5c6c9 Reviewed-on: https://go-review.googlesource.com/c/website/+/211300 Run-TryBot: Dmitri Shuralyov TryBot-Result: Gobot Gobot Reviewed-by: Filippo Valsorda --- content/static/doc/security.html | 183 +++++++++++++++++++++++++++++++ content/static/gen.go | 1 + content/static/static.go | 2 + 3 files changed, 186 insertions(+) create mode 100644 content/static/doc/security.html diff --git a/content/static/doc/security.html b/content/static/doc/security.html new file mode 100644 index 0000000000..5f6ff23a9f --- /dev/null +++ b/content/static/doc/security.html @@ -0,0 +1,183 @@ + + +

Implementation

+ +

Reporting a Security Bug

+ +

+Please report to us any issues you find. +This document explains how to do that and what to expect in return. +

+ +

+All security bugs in the Go distribution should be reported by email to +security@golang.org. +This mail is delivered to a small security team. +Your email will be acknowledged within 24 hours, and you'll receive a more +detailed response to your email within 72 hours indicating the next steps in +handling your report. +

+ +

+To ensure your report is not marked as spam, please include the word "vulnerability" +anywhere in your email. Please use a descriptive subject line for your report email. +

+ +

+After the initial reply to your report, the security team will endeavor to keep +you informed of the progress being made towards a fix and full announcement. +These updates will be sent at least every five days. +In reality, this is more likely to be every 24-48 hours. +

+ +

+If you have not received a reply to your email within 48 hours or you have not +heard from the security team for the past five days please contact the Go +security team directly: +

+ + + +

+Please note that golang-dev is a public discussion forum. +When escalating on this list, please do not disclose the details of the issue. +Simply state that you're trying to reach a member of the security team. +

+ +

Flagging Existing Issues as Security-related

+ +

+If you believe that an existing issue +is security-related, we ask that you send an email to +security@golang.org. +The email should include the issue ID and a short description of why it should +be handled according to this security policy. +

+ +

Disclosure Process

+ +

The Go project uses the following disclosure process:

+ +
    +
  1. Once the security report is received it is assigned a primary handler. +This person coordinates the fix and release process.
  2. +
  3. The issue is confirmed and a list of affected software is determined.
  4. +
  5. Code is audited to find any potential similar problems.
  6. +
  7. If it is determined, in consultation with the submitter, that a CVE-ID is +required, the primary handler obtains one via email to +oss-distros.
  8. +
  9. Fixes are prepared for the two most recent major releases and the head/master +revision. These fixes are not yet committed to the public repository.
  10. +
  11. A notification is sent to the +golang-announce +mailing list to give users time to prepare their systems for the update.
  12. +
  13. Three working days following this notification, the fixes are applied to +the public repository and a new +Go release is issued.
  14. +
  15. On the date that the fixes are applied, announcements are sent to +golang-announce, +golang-dev, and +golang-nuts. +
+ +

+This process can take some time, especially when coordination is required with +maintainers of other projects. Every effort will be made to handle the bug in +as timely a manner as possible, however it's important that we follow the +process described above to ensure that disclosures are handled consistently. +

+ +

+For security issues that include the assignment of a CVE-ID, +the issue is listed publicly under the +"Golang" product on the CVEDetails website +as well as the +National Vulnerability Disclosure site. +

+ +

Receiving Security Updates

+ +

+The best way to receive security announcements is to subscribe to the +golang-announce +mailing list. Any messages pertaining to a security issue will be prefixed +with [security]. +

+ +

Comments on This Policy

+ +

+If you have any suggestions to improve this policy, please send an email to +golang-dev@golang.org for discussion. +

+ +

PGP Key for security@golang.org

+ +

+We accept PGP-encrypted email, but the majority of the security team +are not regular PGP users so it's somewhat inconvenient. Please only +use PGP for critical security reports. +

+ +
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFXI1h0BEADZdm05GDFWvjmQKutUVb0cJKS+VR+6XU3g/YQZGC8tnIL6i7te
++fPJHfQc2uIw0xeBgZX4Ni/S8yIqsbIjqYeaToX7QFUufJDQwrmlQRDVAvvT5HBT
+J80JEs7yHRreFoLzB6dnWehWXzWle4gFKeIy+hvLrYquZVvbeEYTnX7fNzZg0+5L
+ksvj7lnQlJIy1l3sL/7uPr9qsm45/hzd0WjTQS85Ry6Na3tMwRpqGENDh25Blz75
+8JgK9JmtTJa00my1zzeCXU04CKKEMRbkMLozzudOH4ZLiLWcFiKRpeCn860wC8l3
+oJcyyObuTSbr9o05ra3On+epjCEFkknGX1WxPv+TV34i0a23AtuVyTCloKb7RYXc
+7mUaskZpU2rFBqIkzZ4MQJ7RDtGlm5oBy36j2QL63jAZ1cKoT/yvjJNp2ObmWaVF
+X3tk/nYw2H0YDjTkTCgGtyAOj3Cfqrtsa5L0jG5K2p4RY8mtVgQ5EOh7QxuS+rmN
+JiA39SWh7O6uFCwkz/OCXzqeh6/nP10HAb9S9IC34QQxm7Fhd0ZXzEv9IlBTIRzk
+xddSdACPnLE1gJcFHxBd2LTqS/lmAFShCsf8S252kagKJfHRebQJZHCIs6kT9PfE
+0muq6KRKeDXv01afAUvoB4QW/3chUrtgL2HryyO8ugMu7leVGmoZhFkIrQARAQAB
+tCZHbyBTZWN1cml0eSBUZWFtIDxzZWN1cml0eUBnb2xhbmcub3JnPokCTgQTAQoA
+OAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBGROHzjvGgTlE7xbTTpG0ZF5
+Wlg4BQJd8rfQAAoJEDpG0ZF5Wlg4198P/2YDcEwEqWBWjriLFXdTGOcVxQ7AC/mX
+Fe576zwgmrbqO00IaHOOqZZYXKd078FZyg2qQKILvfSAQB7EtLwfPEgv3Wca/Jb/
+ma2hNz+AveiWDVuF4yPx8qvFer/6Yzv9+anfpUP//qfo/7L3VSYKwNAcqqNGvBMh
+fLb7oWDSkdRmcu57c4WYv8i5BtxMRXs581r836bG3U0z0WQG8j64RpYp6sipqJnv
+09l3R5SXd7kkS26ntLU4fgTNJ6Eim7YoXsqLtVe4VZHGYz3D0yHnvCBpbJa2WpP2
+QT6TtFizvKtQlC0k1uo88VV8DyRdp2V6BO9cSNecvXZh81H0SjtD9MwdMnpX3shT
+LKu3L6wlJtb/EJVZg6+usJo0VunUdNTiBmy4FJrko7YYOSVHKKBA6dooufGNUSjw
+9Tieqh4jnzpg6+aIrNugZIrABH2G0GD/SvUSfjli0i+D1mqQSsMcLzE1BBcichpS
+htjv6fU8nI5XXmloUn1P2WBwziemsb7YcfBLNVeCxlAmoJn1hnOPjNzmKfVZk95E
+VJNvVB76JCh+S/0bAba5+nBZ1HRn/FAbs9vfUpp1sOFf25jX9bDAZvkqwgyPpNv/
+jONK0zNXRD5AfKdCA1nkMI70NNS5oBxPowp95eKyuw4hCINvfuPq5sLJa3cIMj3M
+MVO91QDs9eXxuQINBFXI1h0BEACXD0f/XJtCzgrdcoDWOggjXqu1r0pLt7Dvr5qB
+ejSN5JHAwRB8i07Fi9+Gajz7J2flNaxNuJ8ZTwvf4QFMxFHLNaFtoY7RaLPDsFNU
+nufklb6d0+txSmn+KVSToBRXFo7/z9H735Ulmmh6gsddiWgUY25fnwYsjLWNIG8u
+wuX8qLkg6se8PUYrpN+06XmPwg8LUtIGvAYk7zTfHvBR1A/+2wo39A9HymcGe2sS
+CtAVIj5DeqsK9UyZecGVi6aN84G3ykoyAH3+LH4dY3ymJA1CInEP5eMQzpfBSZCo
+hHvLkYg0paC6d0Ka1gjNWBj2nYGvpQ+tMmLXYt8q/mzZHo2fEUe/9p3b0Kk9N4sl
+GxKoV+oEv3r0EKmP+KxeZASbgW3OJmJ0BFejXYqIYCc8X2i2Ks0enj7yHA0Hexx/
+twjnfLydmK871zAjsGgKVjpkhpuMNwnGMr7bh6ajPeYnlIelmlAtJv2jwZsst9c6
+r7i7MRfYDfR+Gu2xBv/HQYzi/cRTVo/aaO6SzJhuCV21jri0PfnCoAD2ZWXlTH6D
+UehQG8vDSH6XPCHfvQ0nD/8hO8FBVS0MwH3qt8g/h8vmliXmmZHP6+y4nSJfObTm
+oGAp9Ko7tOj1JbFA91fz1Hi7T9dUCXDQCT1lx6rdb3q+x4RRNHdqhkIwg+LB9wNq
+rrStZQARAQABiQI2BBgBCgAgAhsMFiEEZE4fOO8aBOUTvFtNOkbRkXlaWDgFAl3y
+uFYACgkQOkbRkXlaWDiMgw//YvO2nZxWNSnQxqCEi8RXHV/3qsDDe8LloviFFV/M
+GSiGZBOhLJ0bFm9aKKPoye5mrZXBKvEVPu0h1zn43+lZruhARPiTu2AecQ7fstET
+PyXMZJ4mfLSFIaAumuH9dQEQJA9RRaFK8uzPRgAxVKyuNYS89psz/RvSeRM3B7Li
+m9waLs42+5xtltR5F6HKPhrgS/rrFHKMrNiDNMMG2FYu1TjonA9QnzAxDPixH3A1
+VNEj6tVqVK8wCMpci3YaXZJntX0H3oO6qloL8qIpSMVrIiD4IDBDK13Jn3OJ7veq
+iDn1mbGFYtfu8R+QV2xeDSJ6nEKfV3Mc3PFDbJMdzkOCdvExC8qsuUOqO4J6dRt7
+9NVptL0xZqlBjpF9fq9XCt7ZcQLDqbUF/rUs58yKSqEGrruXTx4cTLtwkTLcqJOw
+/CSgFtE8cvY51uupuEFzfmt8JLNTxsm2X2NlsZYxFJhamVrGFroa55nqgKe3tF7e
+AQBU641SZRYloqGgPK+4PB79vV4RyEDETOpD3PvpN2IafVWDacI4LXW0a4EKnPUj
+7JwRBmZxESda3OixSONv/VcuEOyGAZUppbLM4XYTtslRIqdQJFr7Vkza/VIoUqaY
+MkFIioHf2QndVwDXt3d0b0aAGaLeMRD1MFGtLNigEDD45nPeEpuGzXkUATpVWGiV
+bIs=
+=Nx85
+-----END PGP PUBLIC KEY BLOCK-----
+
diff --git a/content/static/gen.go b/content/static/gen.go index edcdac28c3..5882c2f5e9 100644 --- a/content/static/gen.go +++ b/content/static/gen.go @@ -43,6 +43,7 @@ var files = []string{ "doc/devel/weekly.html", "doc/docs.html", "doc/root.html", + "doc/security.html", "error.html", "example.html", "godoc.html", diff --git a/content/static/static.go b/content/static/static.go index b51a15c9d6..f2f648a434 100644 --- a/content/static/static.go +++ b/content/static/static.go @@ -61,6 +61,8 @@ var Files = map[string]string{ "doc/root.html": "\x0a\x0a\x0a\x20\x20\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20Go\x20is\x20an\x20open\x20source\x20programming\x20language\x20that\x20makes\x20it\x20easy\x20to\x20build\x0a\x20\x20\x20\x20\x20\x20simple,\x20reliable,\x20and\x20efficient\x20software.\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20Download\x20Go\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20Binary\x20distributions\x20available\x20for
\x0a\x20\x20\x20\x20\x20\x20Linux,\x20macOS,\x20Windows,\x20and\x20more.\x0a\x20\x20\x20\x20

\x0a\x20\x20\x0a\x0a\x20\x20\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20Try\x20Go\x0a\x20\x20\x20\x20\x20\x20{{if\x20not\x20$.GoogleCN}}\x0a\x20\x20\x20\x20\x20\x20\x20\x20Open\x20in\x20Playground\x0a\x20\x20\x20\x20\x20\x20{{end}}\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20//\x20You\x20can\x20edit\x20this\x20code!\x0a//\x20Click\x20here\x20and\x20start\x20typing.\x0apackage\x20main\x0a\x0aimport\x20\"fmt\"\x0a\x0afunc\x20main()\x20{\x0a\x09fmt.Println(\"Hello,\x20\xe4\xb8\x96\xe7\x95\x8c\")\x0a}\x0a\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x20\x20Hello,\x20World!\x0a\x20\x20\x20\x20\x20\x20\x20\x20Conway's\x20Game\x20of\x20Life\x0a\x20\x20\x20\x20\x20\x20\x20\x20Fibonacci\x20Closure\x0a\x20\x20\x20\x20\x20\x20\x20\x20Peano\x20Integers\x0a\x20\x20\x20\x20\x20\x20\x20\x20Concurrent\x20pi\x0a\x20\x20\x20\x20\x20\x20\x20\x20Concurrent\x20Prime\x20Sieve\x0a\x20\x20\x20\x20\x20\x20\x20\x20Peg\x20Solitaire\x20Solver\x0a\x20\x20\x20\x20\x20\x20\x20\x20Tree\x20Comparison\x0a\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x20\x20Run\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20{{if\x20not\x20$.GoogleCN}}\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20Share\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20Tour\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20{{end}}\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x0a\x20\x20\x0a\x0a\x20\x20{{if\x20not\x20$.GoogleCN}}\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20Featured\x20articles\x0a\x20\x20\x20\x20\x20\x20Read\x20more\x20>\x0a\x20\x20\x20\x20\x0a\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20Featured\x20video\x0a\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x0a\x20\x20{{end}}\x0a\x0a\x0a", + "doc/security.html": "\x0a\x0a

Implementation

\x0a\x0a

Reporting\x20a\x20Security\x20Bug

\x0a\x0a

\x0aPlease\x20report\x20to\x20us\x20any\x20issues\x20you\x20find.\x0aThis\x20document\x20explains\x20how\x20to\x20do\x20that\x20and\x20what\x20to\x20expect\x20in\x20return.\x0a

\x0a\x0a

\x0aAll\x20security\x20bugs\x20in\x20the\x20Go\x20distribution\x20should\x20be\x20reported\x20by\x20email\x20to\x0asecurity@golang.org.\x0aThis\x20mail\x20is\x20delivered\x20to\x20a\x20small\x20security\x20team.\x0aYour\x20email\x20will\x20be\x20acknowledged\x20within\x2024\x20hours,\x20and\x20you'll\x20receive\x20a\x20more\x0adetailed\x20response\x20to\x20your\x20email\x20within\x2072\x20hours\x20indicating\x20the\x20next\x20steps\x20in\x0ahandling\x20your\x20report.\x0a

\x0a\x0a

\x0aTo\x20ensure\x20your\x20report\x20is\x20not\x20marked\x20as\x20spam,\x20please\x20include\x20the\x20word\x20\"vulnerability\"\x0aanywhere\x20in\x20your\x20email.\x20Please\x20use\x20a\x20descriptive\x20subject\x20line\x20for\x20your\x20report\x20email.\x0a

\x0a\x0a

\x0aAfter\x20the\x20initial\x20reply\x20to\x20your\x20report,\x20the\x20security\x20team\x20will\x20endeavor\x20to\x20keep\x0ayou\x20informed\x20of\x20the\x20progress\x20being\x20made\x20towards\x20a\x20fix\x20and\x20full\x20announcement.\x0aThese\x20updates\x20will\x20be\x20sent\x20at\x20least\x20every\x20five\x20days.\x0aIn\x20reality,\x20this\x20is\x20more\x20likely\x20to\x20be\x20every\x2024-48\x20hours.\x0a

\x0a\x0a

\x0aIf\x20you\x20have\x20not\x20received\x20a\x20reply\x20to\x20your\x20email\x20within\x2048\x20hours\x20or\x20you\x20have\x20not\x0aheard\x20from\x20the\x20security\x20team\x20for\x20the\x20past\x20five\x20days\x20please\x20contact\x20the\x20Go\x0asecurity\x20team\x20directly:\x0a

\x0a\x0a
    \x0a
  • Primary\x20security\x20coordinator:\x20Filippo\x20Valsorda.
  • \x0a
  • Secondary\x20coordinator:\x20Adam\x20Langley.
  • \x0a
  • If\x20you\x20receive\x20no\x20response,\x20mail\x20golang-dev@googlegroups.com\x20or\x20use\x20the\x20golang-dev\x20web\x20interface.
  • \x0a
\x0a\x0a

\x0aPlease\x20note\x20that\x20golang-dev\x20is\x20a\x20public\x20discussion\x20forum.\x0aWhen\x20escalating\x20on\x20this\x20list,\x20please\x20do\x20not\x20disclose\x20the\x20details\x20of\x20the\x20issue.\x0aSimply\x20state\x20that\x20you're\x20trying\x20to\x20reach\x20a\x20member\x20of\x20the\x20security\x20team.\x0a

\x0a\x0a

Flagging\x20Existing\x20Issues\x20as\x20Security-related

\x0a\x0a

\x0aIf\x20you\x20believe\x20that\x20an\x20existing\x20issue\x0ais\x20security-related,\x20we\x20ask\x20that\x20you\x20send\x20an\x20email\x20to\x0asecurity@golang.org.\x0aThe\x20email\x20should\x20include\x20the\x20issue\x20ID\x20and\x20a\x20short\x20description\x20of\x20why\x20it\x20should\x0abe\x20handled\x20according\x20to\x20this\x20security\x20policy.\x0a

\x0a\x0a

Disclosure\x20Process

\x0a\x0a

The\x20Go\x20project\x20uses\x20the\x20following\x20disclosure\x20process:

\x0a\x0a
    \x0a
  1. Once\x20the\x20security\x20report\x20is\x20received\x20it\x20is\x20assigned\x20a\x20primary\x20handler.\x0aThis\x20person\x20coordinates\x20the\x20fix\x20and\x20release\x20process.
  2. \x0a
  3. The\x20issue\x20is\x20confirmed\x20and\x20a\x20list\x20of\x20affected\x20software\x20is\x20determined.
  4. \x0a
  5. Code\x20is\x20audited\x20to\x20find\x20any\x20potential\x20similar\x20problems.
  6. \x0a
  7. If\x20it\x20is\x20determined,\x20in\x20consultation\x20with\x20the\x20submitter,\x20that\x20a\x20CVE-ID\x20is\x0arequired,\x20the\x20primary\x20handler\x20obtains\x20one\x20via\x20email\x20to\x0aoss-distros.
  8. \x0a
  9. Fixes\x20are\x20prepared\x20for\x20the\x20two\x20most\x20recent\x20major\x20releases\x20and\x20the\x20head/master\x0arevision.\x20These\x20fixes\x20are\x20not\x20yet\x20committed\x20to\x20the\x20public\x20repository.
  10. \x0a
  11. A\x20notification\x20is\x20sent\x20to\x20the\x0agolang-announce\x0amailing\x20list\x20to\x20give\x20users\x20time\x20to\x20prepare\x20their\x20systems\x20for\x20the\x20update.
  12. \x0a
  13. Three\x20working\x20days\x20following\x20this\x20notification,\x20the\x20fixes\x20are\x20applied\x20to\x0athe\x20public\x20repository\x20and\x20a\x20new\x0aGo\x20release\x20is\x20issued.
  14. \x0a
  15. On\x20the\x20date\x20that\x20the\x20fixes\x20are\x20applied,\x20announcements\x20are\x20sent\x20to\x0agolang-announce,\x0agolang-dev,\x20and\x0agolang-nuts.\x0a
\x0a\x0a

\x0aThis\x20process\x20can\x20take\x20some\x20time,\x20especially\x20when\x20coordination\x20is\x20required\x20with\x0amaintainers\x20of\x20other\x20projects.\x20Every\x20effort\x20will\x20be\x20made\x20to\x20handle\x20the\x20bug\x20in\x0aas\x20timely\x20a\x20manner\x20as\x20possible,\x20however\x20it's\x20important\x20that\x20we\x20follow\x20the\x0aprocess\x20described\x20above\x20to\x20ensure\x20that\x20disclosures\x20are\x20handled\x20consistently.\x0a

\x0a\x0a

\x0aFor\x20security\x20issues\x20that\x20include\x20the\x20assignment\x20of\x20a\x20CVE-ID,\x0athe\x20issue\x20is\x20listed\x20publicly\x20under\x20the\x0a\"Golang\"\x20product\x20on\x20the\x20CVEDetails\x20website\x0aas\x20well\x20as\x20the\x0aNational\x20Vulnerability\x20Disclosure\x20site.\x0a

\x0a\x0a

Receiving\x20Security\x20Updates

\x0a\x0a

\x0aThe\x20best\x20way\x20to\x20receive\x20security\x20announcements\x20is\x20to\x20subscribe\x20to\x20the\x0agolang-announce\x0amailing\x20list.\x20Any\x20messages\x20pertaining\x20to\x20a\x20security\x20issue\x20will\x20be\x20prefixed\x0awith\x20[security].\x0a

\x0a\x0a

Comments\x20on\x20This\x20Policy

\x0a\x0a

\x0aIf\x20you\x20have\x20any\x20suggestions\x20to\x20improve\x20this\x20policy,\x20please\x20send\x20an\x20email\x20to\x0agolang-dev@golang.org\x20for\x20discussion.\x0a

\x0a\x0a

PGP\x20Key\x20for\x20security@golang.org

\x0a\x0a

\x0aWe\x20accept\x20PGP-encrypted\x20email,\x20but\x20the\x20majority\x20of\x20the\x20security\x20team\x0aare\x20not\x20regular\x20PGP\x20users\x20so\x20it's\x20somewhat\x20inconvenient.\x20Please\x20only\x0ause\x20PGP\x20for\x20critical\x20security\x20reports.\x0a

\x0a\x0a
\x0a-----BEGIN\x20PGP\x20PUBLIC\x20KEY\x20BLOCK-----\x0a\x0amQINBFXI1h0BEADZdm05GDFWvjmQKutUVb0cJKS+VR+6XU3g/YQZGC8tnIL6i7te\x0a+fPJHfQc2uIw0xeBgZX4Ni/S8yIqsbIjqYeaToX7QFUufJDQwrmlQRDVAvvT5HBT\x0aJ80JEs7yHRreFoLzB6dnWehWXzWle4gFKeIy+hvLrYquZVvbeEYTnX7fNzZg0+5L\x0aksvj7lnQlJIy1l3sL/7uPr9qsm45/hzd0WjTQS85Ry6Na3tMwRpqGENDh25Blz75\x0a8JgK9JmtTJa00my1zzeCXU04CKKEMRbkMLozzudOH4ZLiLWcFiKRpeCn860wC8l3\x0aoJcyyObuTSbr9o05ra3On+epjCEFkknGX1WxPv+TV34i0a23AtuVyTCloKb7RYXc\x0a7mUaskZpU2rFBqIkzZ4MQJ7RDtGlm5oBy36j2QL63jAZ1cKoT/yvjJNp2ObmWaVF\x0aX3tk/nYw2H0YDjTkTCgGtyAOj3Cfqrtsa5L0jG5K2p4RY8mtVgQ5EOh7QxuS+rmN\x0aJiA39SWh7O6uFCwkz/OCXzqeh6/nP10HAb9S9IC34QQxm7Fhd0ZXzEv9IlBTIRzk\x0axddSdACPnLE1gJcFHxBd2LTqS/lmAFShCsf8S252kagKJfHRebQJZHCIs6kT9PfE\x0a0muq6KRKeDXv01afAUvoB4QW/3chUrtgL2HryyO8ugMu7leVGmoZhFkIrQARAQAB\x0atCZHbyBTZWN1cml0eSBUZWFtIDxzZWN1cml0eUBnb2xhbmcub3JnPokCTgQTAQoA\x0aOAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBGROHzjvGgTlE7xbTTpG0ZF5\x0aWlg4BQJd8rfQAAoJEDpG0ZF5Wlg4198P/2YDcEwEqWBWjriLFXdTGOcVxQ7AC/mX\x0aFe576zwgmrbqO00IaHOOqZZYXKd078FZyg2qQKILvfSAQB7EtLwfPEgv3Wca/Jb/\x0ama2hNz+AveiWDVuF4yPx8qvFer/6Yzv9+anfpUP//qfo/7L3VSYKwNAcqqNGvBMh\x0afLb7oWDSkdRmcu57c4WYv8i5BtxMRXs581r836bG3U0z0WQG8j64RpYp6sipqJnv\x0a09l3R5SXd7kkS26ntLU4fgTNJ6Eim7YoXsqLtVe4VZHGYz3D0yHnvCBpbJa2WpP2\x0aQT6TtFizvKtQlC0k1uo88VV8DyRdp2V6BO9cSNecvXZh81H0SjtD9MwdMnpX3shT\x0aLKu3L6wlJtb/EJVZg6+usJo0VunUdNTiBmy4FJrko7YYOSVHKKBA6dooufGNUSjw\x0a9Tieqh4jnzpg6+aIrNugZIrABH2G0GD/SvUSfjli0i+D1mqQSsMcLzE1BBcichpS\x0ahtjv6fU8nI5XXmloUn1P2WBwziemsb7YcfBLNVeCxlAmoJn1hnOPjNzmKfVZk95E\x0aVJNvVB76JCh+S/0bAba5+nBZ1HRn/FAbs9vfUpp1sOFf25jX9bDAZvkqwgyPpNv/\x0ajONK0zNXRD5AfKdCA1nkMI70NNS5oBxPowp95eKyuw4hCINvfuPq5sLJa3cIMj3M\x0aMVO91QDs9eXxuQINBFXI1h0BEACXD0f/XJtCzgrdcoDWOggjXqu1r0pLt7Dvr5qB\x0aejSN5JHAwRB8i07Fi9+Gajz7J2flNaxNuJ8ZTwvf4QFMxFHLNaFtoY7RaLPDsFNU\x0anufklb6d0+txSmn+KVSToBRXFo7/z9H735Ulmmh6gsddiWgUY25fnwYsjLWNIG8u\x0awuX8qLkg6se8PUYrpN+06XmPwg8LUtIGvAYk7zTfHvBR1A/+2wo39A9HymcGe2sS\x0aCtAVIj5DeqsK9UyZecGVi6aN84G3ykoyAH3+LH4dY3ymJA1CInEP5eMQzpfBSZCo\x0ahHvLkYg0paC6d0Ka1gjNWBj2nYGvpQ+tMmLXYt8q/mzZHo2fEUe/9p3b0Kk9N4sl\x0aGxKoV+oEv3r0EKmP+KxeZASbgW3OJmJ0BFejXYqIYCc8X2i2Ks0enj7yHA0Hexx/\x0atwjnfLydmK871zAjsGgKVjpkhpuMNwnGMr7bh6ajPeYnlIelmlAtJv2jwZsst9c6\x0ar7i7MRfYDfR+Gu2xBv/HQYzi/cRTVo/aaO6SzJhuCV21jri0PfnCoAD2ZWXlTH6D\x0aUehQG8vDSH6XPCHfvQ0nD/8hO8FBVS0MwH3qt8g/h8vmliXmmZHP6+y4nSJfObTm\x0aoGAp9Ko7tOj1JbFA91fz1Hi7T9dUCXDQCT1lx6rdb3q+x4RRNHdqhkIwg+LB9wNq\x0arrStZQARAQABiQI2BBgBCgAgAhsMFiEEZE4fOO8aBOUTvFtNOkbRkXlaWDgFAl3y\x0auFYACgkQOkbRkXlaWDiMgw//YvO2nZxWNSnQxqCEi8RXHV/3qsDDe8LloviFFV/M\x0aGSiGZBOhLJ0bFm9aKKPoye5mrZXBKvEVPu0h1zn43+lZruhARPiTu2AecQ7fstET\x0aPyXMZJ4mfLSFIaAumuH9dQEQJA9RRaFK8uzPRgAxVKyuNYS89psz/RvSeRM3B7Li\x0am9waLs42+5xtltR5F6HKPhrgS/rrFHKMrNiDNMMG2FYu1TjonA9QnzAxDPixH3A1\x0aVNEj6tVqVK8wCMpci3YaXZJntX0H3oO6qloL8qIpSMVrIiD4IDBDK13Jn3OJ7veq\x0aiDn1mbGFYtfu8R+QV2xeDSJ6nEKfV3Mc3PFDbJMdzkOCdvExC8qsuUOqO4J6dRt7\x0a9NVptL0xZqlBjpF9fq9XCt7ZcQLDqbUF/rUs58yKSqEGrruXTx4cTLtwkTLcqJOw\x0a/CSgFtE8cvY51uupuEFzfmt8JLNTxsm2X2NlsZYxFJhamVrGFroa55nqgKe3tF7e\x0aAQBU641SZRYloqGgPK+4PB79vV4RyEDETOpD3PvpN2IafVWDacI4LXW0a4EKnPUj\x0a7JwRBmZxESda3OixSONv/VcuEOyGAZUppbLM4XYTtslRIqdQJFr7Vkza/VIoUqaY\x0aMkFIioHf2QndVwDXt3d0b0aAGaLeMRD1MFGtLNigEDD45nPeEpuGzXkUATpVWGiV\x0abIs=\x0a=Nx85\x0a-----END\x20PGP\x20PUBLIC\x20KEY\x20BLOCK-----\x0a
\x0a", + "error.html": "\x0a\x0a

\x0a{{html\x20.}}\x0a

\x0a", "example.html": "\x0a\x20\x20\x0a\x20\x20\x20\x20\xe2\x96\xb9\x20Example{{example_suffix\x20.Name}}

\x0a\x20\x20\x0a\x20\x20\x0a\x20\x20\x20\x20\xe2\x96\xbe\x20Example{{example_suffix\x20.Name}}

\x0a\x20\x20\x20\x20{{with\x20.Doc}}

{{html\x20.}}

{{end}}\x0a\x20\x20\x20\x20{{$output\x20:=\x20.Output}}\x0a\x20\x20\x20\x20{{with\x20.Play}}\x0a\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x20\x20{{html\x20.}}\x0a\x20\x20\x20\x20\x20\x20\x20\x20
{{html\x20$output}}
\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20Run\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20Format\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20{{if\x20not\x20$.GoogleCN}}\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20Share\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20{{end}}\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20{{else}}\x0a\x20\x20\x20\x20\x20\x20

Code:

\x0a\x20\x20\x20\x20\x20\x20{{.Code}}\x0a\x20\x20\x20\x20\x20\x20{{with\x20.Output}}\x0a\x20\x20\x20\x20\x20\x20\x20\x20

Output:

\x0a\x20\x20\x20\x20\x20\x20\x20\x20{{html\x20.}}\x0a\x20\x20\x20\x20\x20\x20{{end}}\x0a\x20\x20\x20\x20{{end}}\x0a\x20\x20\x0a\x0a",