hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12396 from porcupineyhairs/GoJwtSignImprovements

Browse Source 
Go: Add more JWT sinks
This commit is contained in:
Owen Mansel-Chan
2023-04-04 13:28:38 +01:00
committed by GitHub
parent 86fd2d5309 e9615c57e9
commit 00fd23d7b9
11 changed files with 814 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
go/ql/src/experimental/CWE-321/HardcodedKeysLib.qll
View File

@@ -79,6 +79,69 @@ module HardcodedKeys {
}
}
private class KatarasJwt extends Sink {
KatarasJwt() {
exists(string pkg |
pkg = package("github.com/kataras/jwt", "") and
(
exists(DataFlow::MethodCallNode m |
// Model the `Register` method of the type `Keys`
// func (keys Keys) Register(alg Alg, kid string, pubKey PublicKey, privKey PrivateKey)
m.getTarget().hasQualifiedName(pkg, "Keys", "Register")
|
this = m.getArgument(3)
)
or
exists(DataFlow::CallNode m, string names |
// Model the `Sign` method of the `SigningMethod` interface
// func Sign(alg Alg, key PrivateKey, claims interface{}, opts ...SignOption) ([]byte, error)
// func SignEncrypted(alg Alg, key PrivateKey, encrypt InjectFunc, claims interface{}, ...) ([]byte, error)
// func SignEncryptedWithHeader(alg Alg, key PrivateKey, encrypt InjectFunc, claims interface{}, ...) ([]byte, error)
// func SignWithHeader(alg Alg, key PrivateKey, claims interface{}, customHeader interface{}, ...) ([]byte, error)
m.getTarget().hasQualifiedName(pkg, names) and
names = ["Sign", "SignEncrypted", "SignEncryptedWithHeader", "SignWithHeader"]
|
this = m.getArgument(1)
)
)
)
}
}
private class IrisJwt extends Sink {
IrisJwt() {
exists(string pkg |
pkg = "github.com/kataras/iris/v12/middleware/jwt" and
(
exists(DataFlow::CallNode m |
//func NewSigner(signatureAlg Alg, signatureKey interface{}, maxAge time.Duration) *Signer
m.getTarget().hasQualifiedName(pkg, "NewSigner")
|
this = m.getArgument(1)
)
or
exists(Field f |
// Models the `key` field of the `Signer` type
// https://github.com/kataras/iris/blob/dccd57263617f5ca95d7621acfadf9dd37752dd6/middleware/jwt/signer.go#L17
f.hasQualifiedName(pkg, "Signer", "Key") and
f.getAWrite().getRhs() = this
)
)
)
}
}
private class GogfJwtSign extends Sink {
GogfJwtSign() {
exists(Field f, string pkg |
pkg = package("github.com/gogf/gf-jwt", "") and
// https://github.com/gogf/gf-jwt/blob/40503f05bc0a2bcd7aeba550163112afbb5c221f/auth_jwt.go#L27
f.hasQualifiedName(pkg, "GfJWTMiddleware", "Key") and
f.getAWrite().getRhs() = this
)
}
}
private class GinJwtSign extends Sink {
GinJwtSign() {
exists(Field f |

168
go/ql/test/experimental/CWE-321/HardcodedKeys.expected
View File

@@ -1,74 +1,126 @@
edges
| HardcodedKeysBad.go:11:18:11:38 | type conversion | HardcodedKeysBad.go:19:28:19:39 | mySigningKey |
| HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | HardcodedKeysBad.go:11:18:11:38 | type conversion |
| main.go:25:18:25:31 | type conversion | main.go:34:28:34:39 | mySigningKey |
| main.go:25:25:25:30 | "key1" | main.go:25:18:25:31 | type conversion |
| main.go:42:23:42:28 | "key2" | main.go:42:16:42:29 | type conversion |
| main.go:60:9:60:22 | type conversion | main.go:61:44:61:46 | key |
| main.go:60:16:60:21 | `key3` | main.go:60:9:60:22 | type conversion |
| main.go:65:9:65:22 | type conversion | main.go:66:66:66:68 | key |
| main.go:65:16:65:21 | "key4" | main.go:65:9:65:22 | type conversion |
| main.go:69:10:69:23 | type conversion | main.go:74:15:74:18 | key2 |
| main.go:69:17:69:22 | "key5" | main.go:69:10:69:23 | type conversion |
| main.go:80:9:80:22 | type conversion | main.go:84:41:84:43 | key |
| main.go:80:16:80:21 | "key6" | main.go:80:9:80:22 | type conversion |
| main.go:89:10:89:23 | type conversion | main.go:91:66:91:69 | key2 |
| main.go:89:17:89:22 | "key7" | main.go:89:10:89:23 | type conversion |
| main.go:97:9:97:22 | type conversion | main.go:102:30:102:32 | key |
| main.go:97:16:97:21 | "key8" | main.go:97:9:97:22 | type conversion |
| main.go:106:15:106:28 | type conversion | main.go:107:16:107:24 | sharedKey |
| main.go:106:22:106:27 | "key9" | main.go:106:15:106:28 | type conversion |
| main.go:110:23:110:37 | type conversion | main.go:113:16:113:30 | sharedKeyglobal |
| main.go:110:30:110:36 | "key10" | main.go:110:23:110:37 | type conversion |
| main.go:33:18:33:31 | type conversion | main.go:42:28:42:39 | mySigningKey |
| main.go:33:25:33:30 | "key1" | main.go:33:18:33:31 | type conversion |
| main.go:50:23:50:28 | "key2" | main.go:50:16:50:29 | type conversion |
| main.go:68:9:68:22 | type conversion | main.go:69:44:69:46 | key |
| main.go:68:16:68:21 | `key3` | main.go:68:9:68:22 | type conversion |
| main.go:73:9:73:22 | type conversion | main.go:74:66:74:68 | key |
| main.go:73:16:73:21 | "key4" | main.go:73:9:73:22 | type conversion |
| main.go:77:10:77:23 | type conversion | main.go:82:15:82:18 | key2 |
| main.go:77:17:77:22 | "key5" | main.go:77:10:77:23 | type conversion |
| main.go:88:9:88:22 | type conversion | main.go:92:41:92:43 | key |
| main.go:88:16:88:21 | "key6" | main.go:88:9:88:22 | type conversion |
| main.go:97:10:97:23 | type conversion | main.go:99:66:99:69 | key2 |
| main.go:97:17:97:22 | "key7" | main.go:97:10:97:23 | type conversion |
| main.go:105:9:105:22 | type conversion | main.go:110:30:110:32 | key |
| main.go:105:16:105:21 | "key8" | main.go:105:9:105:22 | type conversion |
| main.go:114:15:114:28 | type conversion | main.go:115:16:115:24 | sharedKey |
| main.go:114:22:114:27 | "key9" | main.go:114:15:114:28 | type conversion |
| main.go:118:23:118:37 | type conversion | main.go:121:16:121:30 | sharedKeyglobal |
| main.go:118:30:118:36 | "key10" | main.go:118:23:118:37 | type conversion |
| main.go:127:27:127:33 | "key11" | main.go:127:20:127:34 | type conversion |
| main.go:142:14:142:28 | type conversion | main.go:144:39:144:46 | mySecret |
| main.go:142:21:142:27 | "key12" | main.go:142:14:142:28 | type conversion |
| main.go:149:14:149:28 | type conversion | main.go:153:11:153:18 | mySecret |
| main.go:149:21:149:27 | "key13" | main.go:149:14:149:28 | type conversion |
| main.go:160:12:160:26 | type conversion | main.go:161:34:161:39 | secret |
| main.go:160:19:160:25 | "key14" | main.go:160:12:160:26 | type conversion |
| main.go:166:12:166:26 | type conversion | main.go:167:32:167:37 | secret |
| main.go:166:19:166:25 | "key15" | main.go:166:12:166:26 | type conversion |
| main.go:172:12:172:26 | type conversion | main.go:173:41:173:46 | secret |
| main.go:172:19:172:25 | "key16" | main.go:172:12:172:26 | type conversion |
| main.go:178:12:178:26 | type conversion | main.go:179:51:179:56 | secret |
| main.go:178:19:178:25 | "key17" | main.go:178:12:178:26 | type conversion |
| main.go:184:12:184:26 | type conversion | main.go:185:42:185:47 | secret |
| main.go:184:19:184:25 | "key18" | main.go:184:12:184:26 | type conversion |
| main.go:190:12:190:26 | type conversion | main.go:193:33:193:38 | secret |
| main.go:190:19:190:25 | "key19" | main.go:190:12:190:26 | type conversion |
| sanitizer.go:17:9:17:21 | type conversion | sanitizer.go:18:44:18:46 | key |
| sanitizer.go:17:16:17:20 | `key` | sanitizer.go:17:9:17:21 | type conversion |
nodes
| HardcodedKeysBad.go:11:18:11:38 | type conversion | semmle.label | type conversion |
| HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | semmle.label | "AllYourBase" |
| HardcodedKeysBad.go:19:28:19:39 | mySigningKey | semmle.label | mySigningKey |
| main.go:25:18:25:31 | type conversion | semmle.label | type conversion |
| main.go:25:25:25:30 | "key1" | semmle.label | "key1" |
| main.go:34:28:34:39 | mySigningKey | semmle.label | mySigningKey |
| main.go:42:16:42:29 | type conversion | semmle.label | type conversion |
| main.go:42:23:42:28 | "key2" | semmle.label | "key2" |
| main.go:60:9:60:22 | type conversion | semmle.label | type conversion |
| main.go:60:16:60:21 | `key3` | semmle.label | `key3` |
| main.go:61:44:61:46 | key | semmle.label | key |
| main.go:65:9:65:22 | type conversion | semmle.label | type conversion |
| main.go:65:16:65:21 | "key4" | semmle.label | "key4" |
| main.go:66:66:66:68 | key | semmle.label | key |
| main.go:69:10:69:23 | type conversion | semmle.label | type conversion |
| main.go:69:17:69:22 | "key5" | semmle.label | "key5" |
| main.go:74:15:74:18 | key2 | semmle.label | key2 |
| main.go:80:9:80:22 | type conversion | semmle.label | type conversion |
| main.go:80:16:80:21 | "key6" | semmle.label | "key6" |
| main.go:84:41:84:43 | key | semmle.label | key |
| main.go:89:10:89:23 | type conversion | semmle.label | type conversion |
| main.go:89:17:89:22 | "key7" | semmle.label | "key7" |
| main.go:91:66:91:69 | key2 | semmle.label | key2 |
| main.go:97:9:97:22 | type conversion | semmle.label | type conversion |
| main.go:97:16:97:21 | "key8" | semmle.label | "key8" |
| main.go:102:30:102:32 | key | semmle.label | key |
| main.go:106:15:106:28 | type conversion | semmle.label | type conversion |
| main.go:106:22:106:27 | "key9" | semmle.label | "key9" |
| main.go:107:16:107:24 | sharedKey | semmle.label | sharedKey |
| main.go:110:23:110:37 | type conversion | semmle.label | type conversion |
| main.go:110:30:110:36 | "key10" | semmle.label | "key10" |
| main.go:113:16:113:30 | sharedKeyglobal | semmle.label | sharedKeyglobal |
| main.go:33:18:33:31 | type conversion | semmle.label | type conversion |
| main.go:33:25:33:30 | "key1" | semmle.label | "key1" |
| main.go:42:28:42:39 | mySigningKey | semmle.label | mySigningKey |
| main.go:50:16:50:29 | type conversion | semmle.label | type conversion |
| main.go:50:23:50:28 | "key2" | semmle.label | "key2" |
| main.go:68:9:68:22 | type conversion | semmle.label | type conversion |
| main.go:68:16:68:21 | `key3` | semmle.label | `key3` |
| main.go:69:44:69:46 | key | semmle.label | key |
| main.go:73:9:73:22 | type conversion | semmle.label | type conversion |
| main.go:73:16:73:21 | "key4" | semmle.label | "key4" |
| main.go:74:66:74:68 | key | semmle.label | key |
| main.go:77:10:77:23 | type conversion | semmle.label | type conversion |
| main.go:77:17:77:22 | "key5" | semmle.label | "key5" |
| main.go:82:15:82:18 | key2 | semmle.label | key2 |
| main.go:88:9:88:22 | type conversion | semmle.label | type conversion |
| main.go:88:16:88:21 | "key6" | semmle.label | "key6" |
| main.go:92:41:92:43 | key | semmle.label | key |
| main.go:97:10:97:23 | type conversion | semmle.label | type conversion |
| main.go:97:17:97:22 | "key7" | semmle.label | "key7" |
| main.go:99:66:99:69 | key2 | semmle.label | key2 |
| main.go:105:9:105:22 | type conversion | semmle.label | type conversion |
| main.go:105:16:105:21 | "key8" | semmle.label | "key8" |
| main.go:110:30:110:32 | key | semmle.label | key |
| main.go:114:15:114:28 | type conversion | semmle.label | type conversion |
| main.go:114:22:114:27 | "key9" | semmle.label | "key9" |
| main.go:115:16:115:24 | sharedKey | semmle.label | sharedKey |
| main.go:118:23:118:37 | type conversion | semmle.label | type conversion |
| main.go:118:30:118:36 | "key10" | semmle.label | "key10" |
| main.go:121:16:121:30 | sharedKeyglobal | semmle.label | sharedKeyglobal |
| main.go:127:20:127:34 | type conversion | semmle.label | type conversion |
| main.go:127:27:127:33 | "key11" | semmle.label | "key11" |
| main.go:142:14:142:28 | type conversion | semmle.label | type conversion |
| main.go:142:21:142:27 | "key12" | semmle.label | "key12" |
| main.go:144:39:144:46 | mySecret | semmle.label | mySecret |
| main.go:149:14:149:28 | type conversion | semmle.label | type conversion |
| main.go:149:21:149:27 | "key13" | semmle.label | "key13" |
| main.go:153:11:153:18 | mySecret | semmle.label | mySecret |
| main.go:160:12:160:26 | type conversion | semmle.label | type conversion |
| main.go:160:19:160:25 | "key14" | semmle.label | "key14" |
| main.go:161:34:161:39 | secret | semmle.label | secret |
| main.go:166:12:166:26 | type conversion | semmle.label | type conversion |
| main.go:166:19:166:25 | "key15" | semmle.label | "key15" |
| main.go:167:32:167:37 | secret | semmle.label | secret |
| main.go:172:12:172:26 | type conversion | semmle.label | type conversion |
| main.go:172:19:172:25 | "key16" | semmle.label | "key16" |
| main.go:173:41:173:46 | secret | semmle.label | secret |
| main.go:178:12:178:26 | type conversion | semmle.label | type conversion |
| main.go:178:19:178:25 | "key17" | semmle.label | "key17" |
| main.go:179:51:179:56 | secret | semmle.label | secret |
| main.go:184:12:184:26 | type conversion | semmle.label | type conversion |
| main.go:184:19:184:25 | "key18" | semmle.label | "key18" |
| main.go:185:42:185:47 | secret | semmle.label | secret |
| main.go:190:12:190:26 | type conversion | semmle.label | type conversion |
| main.go:190:19:190:25 | "key19" | semmle.label | "key19" |
| main.go:193:33:193:38 | secret | semmle.label | secret |
| sanitizer.go:17:9:17:21 | type conversion | semmle.label | type conversion |
| sanitizer.go:17:16:17:20 | `key` | semmle.label | `key` |
| sanitizer.go:18:44:18:46 | key | semmle.label | key |
subpaths
#select
| HardcodedKeysBad.go:19:28:19:39 | mySigningKey | HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | HardcodedKeysBad.go:19:28:19:39 | mySigningKey | $@ is used to sign a JWT token. | HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | Hardcoded String |
| main.go:34:28:34:39 | mySigningKey | main.go:25:25:25:30 | "key1" | main.go:34:28:34:39 | mySigningKey | $@ is used to sign a JWT token. | main.go:25:25:25:30 | "key1" | Hardcoded String |
| main.go:42:16:42:29 | type conversion | main.go:42:23:42:28 | "key2" | main.go:42:16:42:29 | type conversion | $@ is used to sign a JWT token. | main.go:42:23:42:28 | "key2" | Hardcoded String |
| main.go:61:44:61:46 | key | main.go:60:16:60:21 | `key3` | main.go:61:44:61:46 | key | $@ is used to sign a JWT token. | main.go:60:16:60:21 | `key3` | Hardcoded String |
| main.go:66:66:66:68 | key | main.go:65:16:65:21 | "key4" | main.go:66:66:66:68 | key | $@ is used to sign a JWT token. | main.go:65:16:65:21 | "key4" | Hardcoded String |
| main.go:74:15:74:18 | key2 | main.go:69:17:69:22 | "key5" | main.go:74:15:74:18 | key2 | $@ is used to sign a JWT token. | main.go:69:17:69:22 | "key5" | Hardcoded String |
| main.go:84:41:84:43 | key | main.go:80:16:80:21 | "key6" | main.go:84:41:84:43 | key | $@ is used to sign a JWT token. | main.go:80:16:80:21 | "key6" | Hardcoded String |
| main.go:91:66:91:69 | key2 | main.go:89:17:89:22 | "key7" | main.go:91:66:91:69 | key2 | $@ is used to sign a JWT token. | main.go:89:17:89:22 | "key7" | Hardcoded String |
| main.go:102:30:102:32 | key | main.go:97:16:97:21 | "key8" | main.go:102:30:102:32 | key | $@ is used to sign a JWT token. | main.go:97:16:97:21 | "key8" | Hardcoded String |
| main.go:107:16:107:24 | sharedKey | main.go:106:22:106:27 | "key9" | main.go:107:16:107:24 | sharedKey | $@ is used to sign a JWT token. | main.go:106:22:106:27 | "key9" | Hardcoded String |
| main.go:113:16:113:30 | sharedKeyglobal | main.go:110:30:110:36 | "key10" | main.go:113:16:113:30 | sharedKeyglobal | $@ is used to sign a JWT token. | main.go:110:30:110:36 | "key10" | Hardcoded String |
| main.go:42:28:42:39 | mySigningKey | main.go:33:25:33:30 | "key1" | main.go:42:28:42:39 | mySigningKey | $@ is used to sign a JWT token. | main.go:33:25:33:30 | "key1" | Hardcoded String |
| main.go:50:16:50:29 | type conversion | main.go:50:23:50:28 | "key2" | main.go:50:16:50:29 | type conversion | $@ is used to sign a JWT token. | main.go:50:23:50:28 | "key2" | Hardcoded String |
| main.go:69:44:69:46 | key | main.go:68:16:68:21 | `key3` | main.go:69:44:69:46 | key | $@ is used to sign a JWT token. | main.go:68:16:68:21 | `key3` | Hardcoded String |
| main.go:74:66:74:68 | key | main.go:73:16:73:21 | "key4" | main.go:74:66:74:68 | key | $@ is used to sign a JWT token. | main.go:73:16:73:21 | "key4" | Hardcoded String |
| main.go:82:15:82:18 | key2 | main.go:77:17:77:22 | "key5" | main.go:82:15:82:18 | key2 | $@ is used to sign a JWT token. | main.go:77:17:77:22 | "key5" | Hardcoded String |
| main.go:92:41:92:43 | key | main.go:88:16:88:21 | "key6" | main.go:92:41:92:43 | key | $@ is used to sign a JWT token. | main.go:88:16:88:21 | "key6" | Hardcoded String |
| main.go:99:66:99:69 | key2 | main.go:97:17:97:22 | "key7" | main.go:99:66:99:69 | key2 | $@ is used to sign a JWT token. | main.go:97:17:97:22 | "key7" | Hardcoded String |
| main.go:110:30:110:32 | key | main.go:105:16:105:21 | "key8" | main.go:110:30:110:32 | key | $@ is used to sign a JWT token. | main.go:105:16:105:21 | "key8" | Hardcoded String |
| main.go:115:16:115:24 | sharedKey | main.go:114:22:114:27 | "key9" | main.go:115:16:115:24 | sharedKey | $@ is used to sign a JWT token. | main.go:114:22:114:27 | "key9" | Hardcoded String |
| main.go:121:16:121:30 | sharedKeyglobal | main.go:118:30:118:36 | "key10" | main.go:121:16:121:30 | sharedKeyglobal | $@ is used to sign a JWT token. | main.go:118:30:118:36 | "key10" | Hardcoded String |
| main.go:127:20:127:34 | type conversion | main.go:127:27:127:33 | "key11" | main.go:127:20:127:34 | type conversion | $@ is used to sign a JWT token. | main.go:127:27:127:33 | "key11" | Hardcoded String |
| main.go:144:39:144:46 | mySecret | main.go:142:21:142:27 | "key12" | main.go:144:39:144:46 | mySecret | $@ is used to sign a JWT token. | main.go:142:21:142:27 | "key12" | Hardcoded String |
| main.go:153:11:153:18 | mySecret | main.go:149:21:149:27 | "key13" | main.go:153:11:153:18 | mySecret | $@ is used to sign a JWT token. | main.go:149:21:149:27 | "key13" | Hardcoded String |
| main.go:161:34:161:39 | secret | main.go:160:19:160:25 | "key14" | main.go:161:34:161:39 | secret | $@ is used to sign a JWT token. | main.go:160:19:160:25 | "key14" | Hardcoded String |
| main.go:167:32:167:37 | secret | main.go:166:19:166:25 | "key15" | main.go:167:32:167:37 | secret | $@ is used to sign a JWT token. | main.go:166:19:166:25 | "key15" | Hardcoded String |
| main.go:173:41:173:46 | secret | main.go:172:19:172:25 | "key16" | main.go:173:41:173:46 | secret | $@ is used to sign a JWT token. | main.go:172:19:172:25 | "key16" | Hardcoded String |
| main.go:179:51:179:56 | secret | main.go:178:19:178:25 | "key17" | main.go:179:51:179:56 | secret | $@ is used to sign a JWT token. | main.go:178:19:178:25 | "key17" | Hardcoded String |
| main.go:185:42:185:47 | secret | main.go:184:19:184:25 | "key18" | main.go:185:42:185:47 | secret | $@ is used to sign a JWT token. | main.go:184:19:184:25 | "key18" | Hardcoded String |
| main.go:193:33:193:38 | secret | main.go:190:19:190:25 | "key19" | main.go:193:33:193:38 | secret | $@ is used to sign a JWT token. | main.go:190:19:190:25 | "key19" | Hardcoded String |
| sanitizer.go:18:44:18:46 | key | sanitizer.go:17:16:17:20 | `key` | sanitizer.go:18:44:18:46 | key | $@ is used to sign a JWT token. | sanitizer.go:17:16:17:20 | `key` | Hardcoded String |

72
go/ql/test/experimental/CWE-321/go.mod
View File

@@ -6,14 +6,33 @@ require (
github.com/appleboy/gin-jwt/v2 v2.8.0
github.com/cristalhq/jwt/v3 v3.1.0
github.com/go-kit/kit v0.12.0
github.com/golang-jwt/jwt/v4 v4.4.1
github.com/gogf/gf-jwt/v2 v2.0.1
github.com/golang-jwt/jwt/v4 v4.5.0
github.com/iris-contrib/middleware/jwt v0.0.0-20230311205048-b568fe9b470f
github.com/kataras/iris/v12 v12.2.0
github.com/kataras/jwt v0.1.8
github.com/lestrrat/go-jwx v0.9.1
github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693
gopkg.in/square/go-jose.v2 v2.6.0
)
require (
github.com/BurntSushi/toml v1.2.1 // indirect
github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53 // indirect
github.com/CloudyKit/jet/v6 v6.2.0 // indirect
github.com/Joker/jade v1.1.3 // indirect
github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06 // indirect
github.com/andybalholm/brotli v1.0.5 // indirect
github.com/aymerick/douceur v0.2.0 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/clbanning/mxj/v2 v2.5.5 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385 // indirect
github.com/fatih/color v1.13.0 // indirect
github.com/fatih/structs v1.1.0 // indirect
github.com/flosch/pongo2/v4 v4.0.2 // indirect
github.com/fsnotify/fsnotify v1.5.4 // indirect
github.com/gin-contrib/sse v0.1.0 // indirect
github.com/gin-gonic/gin v1.7.7 // indirect
github.com/go-kit/log v0.2.0 // indirect
@@ -21,21 +40,58 @@ require (
github.com/go-playground/locales v0.13.0 // indirect
github.com/go-playground/universal-translator v0.17.0 // indirect
github.com/go-playground/validator/v10 v10.4.1 // indirect
github.com/go-redis/redis/v8 v8.11.5 // indirect
github.com/go-sql-driver/mysql v1.6.0 // indirect
github.com/gogf/gf/v2 v2.0.0-rc3 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/gorilla/css v1.0.0 // indirect
github.com/gorilla/websocket v1.5.0 // indirect
github.com/grokify/html-strip-tags-go v0.0.1 // indirect
github.com/iris-contrib/schema v0.0.6 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kataras/blocks v0.0.7 // indirect
github.com/kataras/golog v0.1.8 // indirect
github.com/kataras/pio v0.0.11 // indirect
github.com/kataras/sitemap v0.0.6 // indirect
github.com/kataras/tunnel v0.0.4 // indirect
github.com/klauspost/compress v1.16.0 // indirect
github.com/leodido/go-urn v1.2.0 // indirect
github.com/lestrrat/go-pdebug v0.0.0-20180220043741-569c97477ae8 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mailgun/raymond/v2 v2.0.48 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.9 // indirect
github.com/mattn/go-isatty v0.0.17 // indirect
github.com/mattn/go-runewidth v0.0.9 // indirect
github.com/microcosm-cc/bluemonday v1.0.23 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/olekukonko/tablewriter v0.0.5 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/schollz/closestmatch v2.1.0+incompatible // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/tdewolff/minify/v2 v2.12.4 // indirect
github.com/tdewolff/parse/v2 v2.6.4 // indirect
github.com/ugorji/go/codec v1.1.7 // indirect
golang.org/x/crypto v0.0.0-20210915214749-c084706c2272 // indirect
golang.org/x/net v0.0.0-20210917221730-978cfadd31cf // indirect
golang.org/x/sys v0.0.0-20210917161153-d61c044b1678 // indirect
golang.org/x/text v0.3.7 // indirect
github.com/valyala/bytebufferpool v1.0.0 // indirect
github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
github.com/yosssi/ace v0.0.5 // indirect
go.opentelemetry.io/otel v1.0.0 // indirect
go.opentelemetry.io/otel/sdk v1.0.0 // indirect
go.opentelemetry.io/otel/trace v1.0.0 // indirect
golang.org/x/crypto v0.7.0 // indirect
golang.org/x/net v0.8.0 // indirect
golang.org/x/sys v0.6.0 // indirect
golang.org/x/text v0.8.0 // indirect
golang.org/x/time v0.3.0 // indirect
google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4 // indirect
google.golang.org/grpc v1.40.0 // indirect
google.golang.org/protobuf v1.27.1 // indirect
gopkg.in/yaml.v2 v2.2.8 // indirect
google.golang.org/protobuf v1.29.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)

82
go/ql/test/experimental/CWE-321/main.go
View File

@@ -1,13 +1,17 @@
package main
//go:generate depstubber -vendor github.com/appleboy/gin-jwt/v2 GinJWTMiddleware New
//go:generate depstubber -vendor github.com/golang-jwt/jwt/v4 MapClaims,RegisteredClaims,SigningMethodRSA,SigningMethodHMAC,Token NewNumericDate,NewWithClaims
//go:generate depstubber -vendor github.com/golang-jwt/jwt/v4 MapClaims,RegisteredClaims,SigningMethodRSA,SigningMethodHMAC,Token NewNumericDate,NewWithClaims,New
//go:generate depstubber -vendor github.com/gin-gonic/gin Context New
//go:generate depstubber -vendor github.com/go-kit/kit/auth/jwt "" NewSigner
//go:generate depstubber -vendor github.com/lestrrat/go-jwx/jwk "" New
//go:generate depstubber -vendor github.com/square/go-jose/v3 Recipient NewEncrypter,NewSigner
//go:generate depstubber -vendor gopkg.in/square/go-jose.v2 Recipient NewEncrypter,NewSigner
//go:generate depstubber -vendor github.com/cristalhq/jwt/v3 Signer NewSignerHS,HS256
//go:generate depstubber -vendor github.com/iris-contrib/middleware/jwt "" NewToken,NewTokenWithClaims
//go:generate depstubber -vendor github.com/kataras/iris/v12/middleware/jwt Signer,Verifier NewSigner,NewVerifier
//go:generate depstubber -vendor github.com/kataras/jwt Keys,Alg Sign,SignEncrypted,SignEncryptedWithHeader,SignWithHeader
//go:generate depstubber -vendor github.com/gogf/gf-jwt/v2 GfJWTMiddleware
import (
"time"
@@ -15,7 +19,11 @@ import (
jwt "github.com/appleboy/gin-jwt/v2"
cristal "github.com/cristalhq/jwt/v3"
gokit "github.com/go-kit/kit/auth/jwt"
gogf "github.com/gogf/gf-jwt/v2"
gjwt "github.com/golang-jwt/jwt/v4"
iris "github.com/iris-contrib/middleware/jwt"
iris12 "github.com/kataras/iris/v12/middleware/jwt"
kataras "github.com/kataras/jwt"
le "github.com/lestrrat/go-jwx/jwk"
jose_v3 "github.com/square/go-jose/v3"
jose_v2 "gopkg.in/square/go-jose.v2"
@@ -113,6 +121,78 @@ func lejwt2() (interface{}, error) {
return le.New(sharedKeyglobal) // BAD
}
func gogfjwt() interface{} {
return &gogf.GfJWTMiddleware{
Realm: "test zone",
Key: []byte("key11"),
Timeout: time.Minute * 5,
MaxRefresh: time.Minute * 5,
IdentityKey: "id",
TokenLookup: "header: Authorization, query: token, cookie: jwt",
TokenHeadName: "Bearer",
TimeFunc: time.Now,
Authenticator: nil,
Unauthorized: nil,
PayloadFunc: nil,
IdentityHandler: nil,
}
}
func irisjwt() interface{} {
mySecret := []byte("key12")
token := iris.NewTokenWithClaims(nil, nil)
tokenString, _ := token.SignedString(mySecret)
return tokenString
}
func iris12jwt2() interface{} {
mySecret := []byte("key13")
s := &iris12.Signer{
Alg: nil,
Key: mySecret,
MaxAge: 3 * time.Second,
}
return s
}
func irisjwt3() interface{} {
secret := []byte("key14")
signer := iris12.NewSigner(nil, secret, 3*time.Second)
return signer
}
func katarasJwt() interface{} {
secret := []byte("key15")
token, _ := kataras.Sign(nil, secret, nil, nil)
return token
}
func katarasJwt2() interface{} {
secret := []byte("key16")
token, _ := kataras.SignEncrypted(nil, secret, nil, nil)
return token
}
func katarasJwt3() interface{} {
secret := []byte("key17")
token, _ := kataras.SignEncryptedWithHeader(nil, secret, nil, nil, nil)
return token
}
func katarasJwt4() interface{} {
secret := []byte("key18")
token, _ := kataras.SignWithHeader(nil, secret, nil, nil)
return token
}
func katarasJwt5() {
secret := []byte("key19")
var keys kataras.Keys
var alg kataras.Alg
keys.Register(alg, "api", nil, secret)
}
func main() {
return
}

5
go/ql/test/experimental/CWE-321/vendor/github.com/gin-gonic/gin/stub.go generated vendored
View File

@@ -14,6 +14,7 @@ import (
multipart "mime/multipart"
net "net"
http "net/http"
template0 "text/template"
time "time"
)
@@ -388,7 +389,7 @@ type Engine struct {
TrustedPlatform string
MaxMultipartMemory int64
HTMLRender interface{}
FuncMap template.FuncMap
FuncMap template0.FuncMap
}
func (_ *Engine) Any(_ string, _ ...HandlerFunc) IRoutes {
@@ -479,7 +480,7 @@ func (_ *Engine) SecureJsonPrefix(_ string) *Engine {
func (_ *Engine) ServeHTTP(_ http.ResponseWriter, _ *http.Request) {}
func (_ *Engine) SetFuncMap(_ template.FuncMap) {}
func (_ *Engine) SetFuncMap(_ template0.FuncMap) {}
func (_ *Engine) SetHTMLTemplate(_ *template.Template) {}

90
go/ql/test/experimental/CWE-321/vendor/github.com/gogf/gf-jwt/v2/stub.go generated vendored Normal file
View File

@@ -0,0 +1,90 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/gogf/gf-jwt/v2, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/gogf/gf-jwt/v2 (exports: GfJWTMiddleware; functions: )
// Package gf is a stub of github.com/gogf/gf-jwt/v2, generated by depstubber.
package gf
import (
context "context"
time "time"
)
type GfJWTMiddleware struct {
Realm string
SigningAlgorithm string
Key []byte
KeyFunc func(interface{}) (interface{}, error)
Timeout time.Duration
MaxRefresh time.Duration
Authenticator func(context.Context) (interface{}, error)
Authorizator func(interface{}, context.Context) bool
PayloadFunc func(interface{}) MapClaims
Unauthorized func(context.Context, int, string)
IdentityHandler func(context.Context) interface{}
IdentityKey string
TokenLookup string
TokenHeadName string
TimeFunc func() time.Time
HTTPStatusMessageFunc func(error, context.Context) string
PrivKeyFile string
PrivKeyBytes []byte
PubKeyFile string
PrivateKeyPassphrase string
PubKeyBytes []byte
SendCookie bool
CookieMaxAge time.Duration
SecureCookie bool
CookieHTTPOnly bool
CookieDomain string
SendAuthorization bool
DisabledAbort bool
CookieName string
CacheAdapter interface{}
}
func (_ *GfJWTMiddleware) CheckIfTokenExpire(_ context.Context) (interface{}, string, error) {
return nil, "", nil
}
func (_ *GfJWTMiddleware) GetClaimsFromJWT(_ context.Context) (MapClaims, string, error) {
return nil, "", nil
}
func (_ *GfJWTMiddleware) GetIdentity(_ context.Context) interface{} {
return nil
}
func (_ *GfJWTMiddleware) GetPayload(_ context.Context) string {
return ""
}
func (_ *GfJWTMiddleware) GetToken(_ context.Context) string {
return ""
}
func (_ *GfJWTMiddleware) LoginHandler(_ context.Context) (string, time.Time) {
return "", time.Time{}
}
func (_ *GfJWTMiddleware) LogoutHandler(_ context.Context) {}
func (_ *GfJWTMiddleware) MiddlewareFunc() func(interface{}) {
return nil
}
func (_ *GfJWTMiddleware) RefreshHandler(_ context.Context) (string, time.Time) {
return "", time.Time{}
}
func (_ *GfJWTMiddleware) RefreshToken(_ context.Context) (string, time.Time, error) {
return "", time.Time{}, nil
}
func (_ *GfJWTMiddleware) TokenGenerator(_ interface{}) (string, time.Time, error) {
return "", time.Time{}, nil
}
type MapClaims map[string]interface{}

10
go/ql/test/experimental/CWE-321/vendor/github.com/golang-jwt/jwt/v4/stub.go generated vendored
View File

@@ -2,7 +2,7 @@
// This is a simple stub for github.com/golang-jwt/jwt/v4, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/golang-jwt/jwt/v4 (exports: MapClaims,RegisteredClaims,SigningMethodRSA,SigningMethodHMAC,Token; functions: NewNumericDate,NewWithClaims)
// Source: github.com/golang-jwt/jwt/v4 (exports: MapClaims,RegisteredClaims,SigningMethodRSA,SigningMethodHMAC,Token; functions: NewNumericDate,NewWithClaims,New)
// Package jwt is a stub of github.com/golang-jwt/jwt/v4, generated by depstubber.
package jwt
@@ -52,6 +52,10 @@ func (_ MapClaims) VerifyNotBefore(_ int64, _ bool) bool {
return false
}
func New(_ SigningMethod) *Token {
return nil
}
func NewNumericDate(_ time.Time) *NumericDate {
return nil
}
@@ -220,6 +224,10 @@ func (_ NumericDate) Zone() (string, int) {
return "", 0
}
func (_ NumericDate) ZoneBounds() (time.Time, time.Time) {
return time.Time{}, time.Time{}
}
func (_ *NumericDate) GobDecode(_ []byte) error {
return nil
}

29
go/ql/test/experimental/CWE-321/vendor/github.com/iris-contrib/middleware/jwt/stub.go generated vendored Normal file
View File

@@ -0,0 +1,29 @@
// Package jwt is a stub of github.com/iris-contrib/middleware/jwt, manually generated.
package jwt
import (
gj "github.com/golang-jwt/jwt/v4"
)
type (
// Token for JWT. Different fields will be used depending on whether you're
// creating or parsing/verifying a token.
//
// A type alias for jwt.Token.
Token = gj.Token
// MapClaims type that uses the map[string]interface{} for JSON decoding
// This is the default claims type if you don't supply one
//
// A type alias for jwt.MapClaims.
MapClaims = gj.MapClaims
// Claims must just have a Valid method that determines
// if the token is invalid for any supported reason.
//
// A type alias for jwt.Claims.
Claims = gj.Claims
)
var (
NewToken = gj.New
NewTokenWithClaims = gj.NewWithClaims
)

81
go/ql/test/experimental/CWE-321/vendor/github.com/kataras/iris/v12/middleware/jwt/stub.go generated vendored Normal file
View File

@@ -0,0 +1,81 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/kataras/iris/v12/middleware/jwt, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/kataras/iris/v12/middleware/jwt (exports: Signer,Verifier; functions: NewSigner,NewVerifier)
// Package jwt is a stub of github.com/kataras/iris/v12/middleware/jwt, generated by depstubber.
package jwt
import (
time "time"
)
type Blocklist interface {
Count() (int64, error)
Del(_ string) error
Has(_ string) (bool, error)
InvalidateToken(_ []byte, _ interface{}) error
ValidateToken(_ []byte, _ interface{}, _ error) error
}
func NewSigner(_ interface{}, _ interface{}, _ time.Duration) *Signer {
return nil
}
func NewVerifier(_ interface{}, _ interface{}, _ ...interface{}) *Verifier {
return nil
}
type Signer struct {
Alg interface{}
Key interface{}
MaxAge time.Duration
Options []interface{}
Encrypt func([]byte) ([]byte, error)
}
func (_ *Signer) NewTokenPair(_ interface{}, _ interface{}, _ time.Duration, _ ...interface{}) (interface{}, error) {
return nil, nil
}
func (_ *Signer) Sign(_ interface{}, _ ...interface{}) ([]byte, error) {
return nil, nil
}
func (_ *Signer) WithEncryption(_ []byte, _ []byte) *Signer {
return nil
}
type TokenExtractor func(interface{}) string
type Verifier struct {
Alg interface{}
Key interface{}
Decrypt func([]byte) ([]byte, error)
Extractors []TokenExtractor
Blocklist Blocklist
Validators []interface{}
ErrorHandler func(interface{}, error)
DisableContextUser bool
}
func (_ *Verifier) RequestToken(_ interface{}) string {
return ""
}
func (_ *Verifier) Verify(_ func() interface{}, _ ...interface{}) interface{} {
return nil
}
func (_ *Verifier) VerifyToken(_ []byte, _ ...interface{}) (interface{}, error) {
return nil, nil
}
func (_ *Verifier) WithDecryption(_ []byte, _ []byte) *Verifier {
return nil
}
func (_ *Verifier) WithDefaultBlocklist() *Verifier {
return nil
}

105
go/ql/test/experimental/CWE-321/vendor/github.com/kataras/jwt/stub.go generated vendored Normal file
View File

@@ -0,0 +1,105 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/kataras/jwt, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/kataras/jwt (exports: Keys,Alg; functions: Sign,SignEncrypted,SignEncryptedWithHeader,SignWithHeader)
// Package jwt is a stub of github.com/kataras/jwt, generated by depstubber.
package jwt
import (
time "time"
)
type Alg interface {
Name() string
Sign(_ interface{}, _ []byte) ([]byte, error)
Verify(_ interface{}, _ []byte, _ []byte) error
}
type Audience []string
func (_ *Audience) UnmarshalJSON(_ []byte) error {
return nil
}
type Claims struct {
NotBefore int64
IssuedAt int64
Expiry int64
ID string
OriginID string
Issuer string
Subject string
Audience Audience
}
func (_ Claims) Age() time.Duration {
return 0
}
func (_ Claims) ApplyClaims(_ *Claims) {}
func (_ Claims) ExpiresAt() time.Time {
return time.Time{}
}
func (_ Claims) Timeleft() time.Duration {
return 0
}
type InjectFunc func([]byte) ([]byte, error)
type Key struct {
ID string
Alg Alg
Public interface{}
Private interface{}
MaxAge time.Duration
Encrypt InjectFunc
Decrypt InjectFunc
}
type Keys map[string]*Key
func (_ Keys) Get(_ string) (*Key, bool) {
return nil, false
}
func (_ Keys) Register(_ Alg, _ string, _ interface{}, _ interface{}) {}
func (_ Keys) SignToken(_ string, _ interface{}, _ ...SignOption) ([]byte, error) {
return nil, nil
}
func (_ Keys) ValidateHeader(_ string, _ []byte) (Alg, interface{}, InjectFunc, error) {
return nil, nil, nil, nil
}
func (_ Keys) VerifyToken(_ []byte, _ interface{}, _ ...TokenValidator) error {
return nil
}
func Sign(_ Alg, _ interface{}, _ interface{}, _ ...SignOption) ([]byte, error) {
return nil, nil
}
func SignEncrypted(_ Alg, _ interface{}, _ InjectFunc, _ interface{}, _ ...SignOption) ([]byte, error) {
return nil, nil
}
func SignEncryptedWithHeader(_ Alg, _ interface{}, _ InjectFunc, _ interface{}, _ interface{}, _ ...SignOption) ([]byte, error) {
return nil, nil
}
type SignOption interface {
ApplyClaims(_ *Claims)
}
func SignWithHeader(_ Alg, _ interface{}, _ interface{}, _ interface{}, _ ...SignOption) ([]byte, error) {
return nil, nil
}
type TokenValidator interface {
ValidateToken(_ []byte, _ Claims, _ error) error
}

190
go/ql/test/experimental/CWE-321/vendor/modules.txt vendored
View File

@@ -4,15 +4,24 @@ github.com/appleboy/gin-jwt/v2
# github.com/cristalhq/jwt/v3 v3.1.0
## explicit
github.com/cristalhq/jwt/v3
# github.com/gin-gonic/gin v1.7.7
## explicit
github.com/gin-gonic/gin
# github.com/go-kit/kit v0.12.0
## explicit
github.com/go-kit/kit
# github.com/golang-jwt/jwt/v4 v4.4.1
# github.com/gogf/gf-jwt/v2 v2.0.1
## explicit
github.com/gogf/gf-jwt/v2
# github.com/golang-jwt/jwt/v4 v4.5.0
## explicit
github.com/golang-jwt/jwt/v4
# github.com/iris-contrib/middleware/jwt v0.0.0-20230311205048-b568fe9b470f
## explicit
github.com/iris-contrib/middleware/jwt
# github.com/kataras/iris/v12 v12.2.0
## explicit
github.com/kataras/iris/v12
# github.com/kataras/jwt v0.1.8
## explicit
github.com/kataras/jwt
# github.com/lestrrat/go-jwx v0.9.1
## explicit
github.com/lestrrat/go-jwx
@@ -22,12 +31,60 @@ github.com/square/go-jose/v3
# gopkg.in/square/go-jose.v2 v2.6.0
## explicit
gopkg.in/square/go-jose.v2
# github.com/BurntSushi/toml v1.2.1
## explicit
github.com/BurntSushi/toml
# github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53
## explicit
github.com/CloudyKit/fastprinter
# github.com/CloudyKit/jet/v6 v6.2.0
## explicit
github.com/CloudyKit/jet/v6
# github.com/Joker/jade v1.1.3
## explicit
github.com/Joker/jade
# github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06
## explicit
github.com/Shopify/goreferrer
# github.com/andybalholm/brotli v1.0.5
## explicit
github.com/andybalholm/brotli
# github.com/aymerick/douceur v0.2.0
## explicit
github.com/aymerick/douceur
# github.com/cespare/xxhash/v2 v2.1.2
## explicit
github.com/cespare/xxhash/v2
# github.com/clbanning/mxj/v2 v2.5.5
## explicit
github.com/clbanning/mxj/v2
# github.com/davecgh/go-spew v1.1.1
## explicit
github.com/davecgh/go-spew
# github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f
## explicit
github.com/dgryski/go-rendezvous
# github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385
## explicit
github.com/eknkc/amber
# github.com/fatih/color v1.13.0
## explicit
github.com/fatih/color
# github.com/fatih/structs v1.1.0
## explicit
github.com/fatih/structs
# github.com/flosch/pongo2/v4 v4.0.2
## explicit
github.com/flosch/pongo2/v4
# github.com/fsnotify/fsnotify v1.5.4
## explicit
github.com/fsnotify/fsnotify
# github.com/gin-contrib/sse v0.1.0
## explicit
github.com/gin-contrib/sse
# github.com/gin-gonic/gin v1.7.7
## explicit
github.com/gin-gonic/gin
# github.com/go-kit/log v0.2.0
## explicit
github.com/go-kit/log
@@ -43,54 +100,165 @@ github.com/go-playground/universal-translator
# github.com/go-playground/validator/v10 v10.4.1
## explicit
github.com/go-playground/validator/v10
# github.com/go-redis/redis/v8 v8.11.5
## explicit
github.com/go-redis/redis/v8
# github.com/go-sql-driver/mysql v1.6.0
## explicit
github.com/go-sql-driver/mysql
# github.com/gogf/gf/v2 v2.0.0-rc3
## explicit
github.com/gogf/gf/v2
# github.com/golang/protobuf v1.5.2
## explicit
github.com/golang/protobuf
# github.com/golang/snappy v0.0.4
## explicit
github.com/golang/snappy
# github.com/google/uuid v1.3.0
## explicit
github.com/google/uuid
# github.com/gorilla/css v1.0.0
## explicit
github.com/gorilla/css
# github.com/gorilla/websocket v1.5.0
## explicit
github.com/gorilla/websocket
# github.com/grokify/html-strip-tags-go v0.0.1
## explicit
github.com/grokify/html-strip-tags-go
# github.com/iris-contrib/schema v0.0.6
## explicit
github.com/iris-contrib/schema
# github.com/josharian/intern v1.0.0
## explicit
github.com/josharian/intern
# github.com/json-iterator/go v1.1.12
## explicit
github.com/json-iterator/go
# github.com/kataras/blocks v0.0.7
## explicit
github.com/kataras/blocks
# github.com/kataras/golog v0.1.8
## explicit
github.com/kataras/golog
# github.com/kataras/pio v0.0.11
## explicit
github.com/kataras/pio
# github.com/kataras/sitemap v0.0.6
## explicit
github.com/kataras/sitemap
# github.com/kataras/tunnel v0.0.4
## explicit
github.com/kataras/tunnel
# github.com/klauspost/compress v1.16.0
## explicit
github.com/klauspost/compress
# github.com/leodido/go-urn v1.2.0
## explicit
github.com/leodido/go-urn
# github.com/lestrrat/go-pdebug v0.0.0-20180220043741-569c97477ae8
## explicit
github.com/lestrrat/go-pdebug
# github.com/mattn/go-isatty v0.0.14
# github.com/mailgun/raymond/v2 v2.0.48
## explicit
github.com/mailgun/raymond/v2
# github.com/mailru/easyjson v0.7.7
## explicit
github.com/mailru/easyjson
# github.com/mattn/go-colorable v0.1.9
## explicit
github.com/mattn/go-colorable
# github.com/mattn/go-isatty v0.0.17
## explicit
github.com/mattn/go-isatty
# github.com/mattn/go-runewidth v0.0.9
## explicit
github.com/mattn/go-runewidth
# github.com/microcosm-cc/bluemonday v1.0.23
## explicit
github.com/microcosm-cc/bluemonday
# github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
## explicit
github.com/modern-go/concurrent
# github.com/modern-go/reflect2 v1.0.2
## explicit
github.com/modern-go/reflect2
# github.com/olekukonko/tablewriter v0.0.5
## explicit
github.com/olekukonko/tablewriter
# github.com/pkg/errors v0.9.1
## explicit
github.com/pkg/errors
# github.com/russross/blackfriday/v2 v2.1.0
## explicit
github.com/russross/blackfriday/v2
# github.com/schollz/closestmatch v2.1.0+incompatible
## explicit
github.com/schollz/closestmatch
# github.com/sirupsen/logrus v1.8.1
## explicit
github.com/sirupsen/logrus
# github.com/tdewolff/minify/v2 v2.12.4
## explicit
github.com/tdewolff/minify/v2
# github.com/tdewolff/parse/v2 v2.6.4
## explicit
github.com/tdewolff/parse/v2
# github.com/ugorji/go/codec v1.1.7
## explicit
github.com/ugorji/go/codec
# golang.org/x/crypto v0.0.0-20210915214749-c084706c2272
# github.com/valyala/bytebufferpool v1.0.0
## explicit
github.com/valyala/bytebufferpool
# github.com/vmihailenco/msgpack/v5 v5.3.5
## explicit
github.com/vmihailenco/msgpack/v5
# github.com/vmihailenco/tagparser/v2 v2.0.0
## explicit
github.com/vmihailenco/tagparser/v2
# github.com/yosssi/ace v0.0.5
## explicit
github.com/yosssi/ace
# go.opentelemetry.io/otel v1.0.0
## explicit
go.opentelemetry.io/otel
# go.opentelemetry.io/otel/sdk v1.0.0
## explicit
go.opentelemetry.io/otel/sdk
# go.opentelemetry.io/otel/trace v1.0.0
## explicit
go.opentelemetry.io/otel/trace
# golang.org/x/crypto v0.7.0
## explicit
golang.org/x/crypto
# golang.org/x/net v0.0.0-20210917221730-978cfadd31cf
# golang.org/x/net v0.8.0
## explicit
golang.org/x/net
# golang.org/x/sys v0.0.0-20210917161153-d61c044b1678
# golang.org/x/sys v0.6.0
## explicit
golang.org/x/sys
# golang.org/x/text v0.3.7
# golang.org/x/text v0.8.0
## explicit
golang.org/x/text
# golang.org/x/time v0.3.0
## explicit
golang.org/x/time
# google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4
## explicit
google.golang.org/genproto
# google.golang.org/grpc v1.40.0
## explicit
google.golang.org/grpc
# google.golang.org/protobuf v1.27.1
# google.golang.org/protobuf v1.29.0
## explicit
google.golang.org/protobuf
# gopkg.in/yaml.v2 v2.2.8
# gopkg.in/ini.v1 v1.67.0
## explicit
gopkg.in/ini.v1
# gopkg.in/yaml.v2 v2.4.0
## explicit
gopkg.in/yaml.v2
# gopkg.in/yaml.v3 v3.0.1
## explicit
gopkg.in/yaml.v3