From 647ae64ff133794376c5bd80a2a6259a4647cd12 Mon Sep 17 00:00:00 2001 From: l50 Date: Sat, 25 Mar 2023 23:13:33 +0000 Subject: [PATCH] Add XSS #3 - Closes #10 - Incorporated XSS #3 into srp and baseline actions - Minor updates and fixes --- .github/workflows/baseline.yaml | 11 +- .github/workflows/srp.yaml | 15 +- .vscode/launch.json | 11 +- README.md | 32 +-- cmd/caldera.go | 8 +- cmd/{StoredXSSDos.go => storedXSSDos.go} | 17 +- cmd/storedXSSTres.go | 235 +++++++++++++++++++++++ cmd/{StoredXSSUno.go => storedXSSUno.go} | 18 +- cmd/{TestEnv.go => testEnv.go} | 48 ++--- go.mod | 8 +- go.sum | 27 ++- 11 files changed, 337 insertions(+), 93 deletions(-) rename cmd/{StoredXSSDos.go => storedXSSDos.go} (95%) create mode 100644 cmd/storedXSSTres.go rename cmd/{StoredXSSUno.go => storedXSSUno.go} (92%) rename cmd/{TestEnv.go => testEnv.go} (80%) diff --git a/.github/workflows/baseline.yaml b/.github/workflows/baseline.yaml index 5fd1c6b..63ca2ab 100644 --- a/.github/workflows/baseline.yaml +++ b/.github/workflows/baseline.yaml @@ -69,7 +69,7 @@ jobs: popd - name: Create vulnerable test environment - run: ./caldera-security-tests TestEnv -v + run: ./caldera-security-tests testEnv -v - name: Wait until container is running run: | @@ -79,13 +79,16 @@ jobs: shell: bash - name: Run security regression test for first XSS - run: ./caldera-security-tests StoredXSSUno + run: ./caldera-security-tests storedXSSUno - name: Run security regression test for second XSS - run: ./caldera-security-tests StoredXSSDos + run: ./caldera-security-tests storedXSSDos + + - name: Run security regression test for third XSS + run: ./caldera-security-tests storedXSSTres - name: Destroy test environment - run: ./caldera-security-tests TestEnv -d + run: ./caldera-security-tests testEnv -d - name: Report failure uses: nashmaniac/create-issue-action@v1.1 diff --git a/.github/workflows/srp.yaml b/.github/workflows/srp.yaml index 727ff62..c53e587 100644 --- a/.github/workflows/srp.yaml +++ b/.github/workflows/srp.yaml @@ -53,8 +53,8 @@ jobs: - name: Set git config run: | - git config --global user.name "John Doe" - git config --global user.email johndoe@example.com + git config --global user.name "Github Actions" + git config --global user.email actions@example.com - name: Clone CALDERA repo run: | @@ -63,7 +63,7 @@ jobs: popd - name: Create test environment with the most recent caldera release - run: ./caldera-security-tests TestEnv -r + run: ./caldera-security-tests testEnv -r - name: Wait until container is running run: | @@ -74,13 +74,16 @@ jobs: shell: bash - name: Run security regression test for first XSS - run: ./caldera-security-tests StoredXSSUno + run: ./caldera-security-tests storedXSSUno - name: Run security regression test for second XSS - run: ./caldera-security-tests StoredXSSDos + run: ./caldera-security-tests storedXSSDos + + - name: Run security regression test for third XSS + run: ./caldera-security-tests storedXSSTres - name: Destroy test environment - run: ./caldera-security-tests TestEnv -d + run: ./caldera-security-tests testEnv -d - name: Report failure uses: nashmaniac/create-issue-action@v1.1 diff --git a/.vscode/launch.json b/.vscode/launch.json index b5944bb..0922fbd 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -1,16 +1,17 @@ { - // Use IntelliSense to learn about possible attributes. - // Hover to view descriptions of existing attributes. - // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 "version": "0.2.0", "configurations": [ { - "name": "Debug", + "name": "Run XSS #3.", "type": "go", "request": "launch", "mode": "debug", "program": "${workspaceRoot}", - "args": ["--debug", "StoredXSSDos"] + "args": [ + // Verbose output + "--debug", + "StoredXSSTres" + ] } ] } diff --git a/README.md b/README.md index e5cf9ba..011dee3 100644 --- a/README.md +++ b/README.md @@ -105,18 +105,27 @@ Create vulnerable test environment, run the [first XSS](https://github.com/metar and tear the test environment down: ```bash -./caldera-security-tests TestEnv -v -./caldera-security-tests StoredXSSUno -./caldera-security-tests TestEnv -d +./caldera-security-tests testEnv -v +./caldera-security-tests storedXSSUno +./caldera-security-tests testEnv -d ``` Create vulnerable test environment, run the [second XSS](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-2gjc-v4hv-m4p9), and tear the test environment down: ```bash -./caldera-security-tests TestEnv -v -./caldera-security-tests StoredXSSDos -./caldera-security-tests TestEnv -d +./caldera-security-tests testEnv -v +./caldera-security-tests storedXSSDos +./caldera-security-tests testEnv -d +``` + +Create vulnerable test environment, run the [third XSS](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-7344-4pg9-qf45), +and tear the test environment down: + +```bash +./caldera-security-tests testEnv -v +./caldera-security-tests storedXSSTres +./caldera-security-tests testEnv -d ``` Create test environment using the most recent commit @@ -124,13 +133,14 @@ to the default CALDERA branch, try running all attacks, and tear the test environment down: ```bash -./caldera-security-tests TestEnv -r -./caldera-security-tests StoredXSSUno -./caldera-security-tests StoredXSSDos -./caldera-security-tests TestEnv -d +./caldera-security-tests testEnv -r +./caldera-security-tests storedXSSUno +./caldera-security-tests storedXSSDos +./caldera-security-tests storedXSSTres +./caldera-security-tests testEnv -d ``` Parameters for the tests can be modified in the generated `config/config.yaml` file. -This file is created as soon as the `TestEnv` +This file is created as soon as the `testEnv` command in the above example is run. diff --git a/cmd/caldera.go b/cmd/caldera.go index a929a70..7c9bc60 100644 --- a/cmd/caldera.go +++ b/cmd/caldera.go @@ -90,9 +90,9 @@ func setupChrome(caldera Caldera) (ChromeDP, []func(), error) { return chrome, cancels, nil } -// Login logs into CALDERA using Google Chrome with the input +// login logs into CALDERA using Google Chrome with the input // credentials and returns an authenticated session. -func Login(caldera Caldera) (Caldera, error) { +func login(caldera Caldera) (Caldera, error) { // Selectors for chromeDP rocketSelector := "#home > div.modal.is-active > div.modal-card > footer > button" userSelector := "body > div > div > form > div:nth-child(1) > div > input" @@ -119,9 +119,9 @@ func Login(caldera Caldera) (Caldera, error) { } -// GetRedCreds navigates to the input calderaPath to +// getRedCreds navigates to the input calderaPath to // retrieve the red user credentials for MITRE CALDERA. -func GetRedCreds(calderaPath string) (Credentials, error) { +func getRedCreds(calderaPath string) (Credentials, error) { creds := Credentials{} cwd := goutils.Gwd() found := false diff --git a/cmd/StoredXSSDos.go b/cmd/storedXSSDos.go similarity index 95% rename from cmd/StoredXSSDos.go rename to cmd/storedXSSDos.go index d139fe3..bb01dee 100644 --- a/cmd/StoredXSSDos.go +++ b/cmd/storedXSSDos.go @@ -44,17 +44,16 @@ import ( ) var ( - // StoredXSSDosCmd runs the XSS vulnerability found after DEF CON 30. - StoredXSSDosCmd = &cobra.Command{ - Use: "StoredXSSDos", - Short: "Stored XSS found in addition to the previously reported one", + storedXSSDosCmd = &cobra.Command{ + Use: "storedXSSDos", + Short: "Second stored XSS found in MITRE Caldera by Jayson Grace from Meta's Purple Team", Run: func(cmd *cobra.Command, args []string) { fmt.Println(color.YellowString( "Introducing stored XSS vulnerability #2, please wait...")) caldera.URL = viper.GetString("login_url") caldera.RepoPath = viper.GetString("repo_path") - caldera.Creds, err = GetRedCreds(caldera.RepoPath) + caldera.Creds, err = getRedCreds(caldera.RepoPath) if err != nil { log.WithError(err).Fatalf( "failed to get Caldera credentials: %v", err) @@ -70,7 +69,7 @@ var ( caldera.Driver = driver - caldera, err = Login(caldera) + caldera, err = login(caldera) if err != nil { log.WithError(err).Fatal("failed to login to caldera") } @@ -89,7 +88,7 @@ var ( ) func init() { - rootCmd.AddCommand(StoredXSSDosCmd) + rootCmd.AddCommand(storedXSSDosCmd) storedXSSDosSuccess = false introPayload = false } @@ -224,7 +223,7 @@ func storedXSSDosVuln(payload string) error { // Select Tactic from the operation graph dropdown menu chromedp.SendKeys(tacticSelector, "Tactic"), chromedp.Sleep(Wait(2000)), - // Trigger the vulnerability + // Trigger the exploit chromedp.Evaluate(triggerVulnJS, &res), chromedp.Sleep(Wait(2000)), chromedp.ActionFunc(func(ctx context.Context) error { @@ -267,7 +266,7 @@ func storedXSSDosVuln(payload string) error { })); err != nil { log.WithError(err).WithFields(log.Fields{ "Payload": payload, - }).Error("unexpected error while introducing the exploit") + }).Error("unexpected error while exploiting the vulnerability") return err } diff --git a/cmd/storedXSSTres.go b/cmd/storedXSSTres.go new file mode 100644 index 0000000..90a07da --- /dev/null +++ b/cmd/storedXSSTres.go @@ -0,0 +1,235 @@ +/* +Copyright © 2022-present, Meta Platforms, Inc. and affiliates + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +*/ + +package cmd + +import ( + "context" + "errors" + "fmt" + "math" + "os" + + "github.com/chromedp/cdproto/emulation" + "github.com/chromedp/cdproto/network" + "github.com/chromedp/cdproto/page" + "github.com/chromedp/cdproto/runtime" + "github.com/chromedp/chromedp" + "github.com/fatih/color" + log "github.com/sirupsen/logrus" + "github.com/spf13/cobra" + "github.com/spf13/viper" +) + +var ( + storedXSSTresCmd = &cobra.Command{ + Use: "storedXSSTres", + Short: "Third stored XSS found in MITRE Caldera by Jayson Grace from Meta's Purple Team", + Run: func(cmd *cobra.Command, args []string) { + fmt.Println(color.YellowString( + "Introducing stored XSS vulnerability #3, please wait...")) + + caldera.URL = viper.GetString("login_url") + caldera.RepoPath = viper.GetString("repo_path") + caldera.Creds, err = getRedCreds(caldera.RepoPath) + if err != nil { + log.WithError(err).Fatalf( + "failed to get Caldera credentials: %v", err) + } + + caldera.Driver.Headless = viper.GetBool("headless") + driver, cancels, err := setupChrome(caldera) + if err != nil { + log.WithError(err).Fatal("failed to setup Chrome") + } + + defer cancelAll(cancels) + + caldera.Driver = driver + + caldera, err = login(caldera) + if err != nil { + log.WithError(err).Fatal("failed to login to caldera") + } + + caldera.Payload = viper.GetString("payload") + + if err = storedXSSTresVuln(caldera.Payload); err != nil { + log.WithError(err).WithFields(log.Fields{ + "Payload": caldera.Payload, + }).Error(color.RedString(err.Error())) + } + }, + } + storedXSSTresSuccess bool +) + +func init() { + rootCmd.AddCommand(storedXSSTresCmd) + storedXSSTresSuccess = false + introPayload = false +} + +// // Payload is used to represent the POST +// // body associated with the source for the attack. +// type Payload struct { +// Name string `json:"name"` +// AutoClose bool `json:"auto_close"` +// State string `json:"state"` +// Autonomous int `json:"autonomous"` +// UseLearningParsers bool `json:"use_learning_parsers"` +// Obfuscator string `json:"obfuscator"` +// Jitter string `json:"jitter"` +// Visibility string `json:"visibility"` +// } + +func storedXSSTresVuln(payload string) error { + var buf []byte + var res *runtime.RemoteObject + + // XPath and selectors for chromeDP + configLinkXPath := "/html/body/main/div[1]/aside/ul[3]/li[6]/a" + gistInputXPath := "/html/body/main/div[2]/div[2]/div/div/div[2]/div[2]/table/tbody/tr[9]/td[2]/input" + updateGistButtonXPath := "/html/body/main/div[2]/div[2]/div/div/div[2]/div[2]/table/tbody/tr[9]/td[3]/button" + debriefLinkXPath := "/html/body/main/div[1]/aside/ul[2]/li[4]/a" + firstOperationXPath := "/html/body/main/div[2]/div[2]/div[2]/div/div[2]/div[2]/div[1]/form/div/div/div/select/option[1]" + triggerVulnJS := "nodes = document.querySelectorAll('[id^=node]'); nodes.forEach((x, i) => x.dispatchEvent(new MouseEvent('mouseover', {'bubbles': true})));" + + imagePath := viper.GetString("image_path") + + // listen network event + listenForNetworkEvent(caldera.Driver.Context) + + // handle payload that use alerts, prompts, etc. + chromedp.ListenTarget(caldera.Driver.Context, func(ev interface{}) { + if _, ok := ev.(*page.EventJavascriptDialogOpening); ok { + go func() { + err := chromedp.Run(caldera.Driver.Context, + page.HandleJavaScriptDialog(true)) + + // If we have gotten here, the exploit succeeded. + storedXSSTresSuccess = true + + if err != nil { + log.WithError(err).Errorf("failed to handle js: %v", err) + return + } + }() + } + }) + + // handle payload that use alerts, prompts, etc. + chromedp.ListenTarget(caldera.Driver.Context, func(ev interface{}) { + if _, ok := ev.(*page.EventJavascriptDialogOpening); ok { + go func() { + err := chromedp.Run(caldera.Driver.Context, + page.HandleJavaScriptDialog(true)) + + // If we have gotten here, the exploit succeeded. + storedXSSTresSuccess = true + + if err != nil { + log.WithError(err).Errorf("failed to handle js: %v", err) + return + } + }() + } + }) + + if err := chromedp.Run(caldera.Driver.Context, + network.Enable(), + // Click the configuration link + chromedp.Click(configLinkXPath), + chromedp.Sleep(Wait(2000)), + // Introduce the payload + chromedp.SendKeys(gistInputXPath, payload), + chromedp.Sleep(Wait(2000)), + // Update the gist configuration with the malicious payload + chromedp.Click(updateGistButtonXPath), + chromedp.Sleep(Wait(2000)), + // Click the debrief link + chromedp.Click(debriefLinkXPath), + // Click the operation with the payload that we introduced previously + chromedp.Click(firstOperationXPath), + chromedp.Sleep(Wait(2000)), + // Move mouse over C2 Server image to trigger the exploit + chromedp.Evaluate(triggerVulnJS, &res), + chromedp.Sleep(Wait(2000)), + chromedp.ActionFunc(func(ctx context.Context) error { + + _, _, contentSize, _, _, _, err := page.GetLayoutMetrics().Do(ctx) + if err != nil { + log.WithError(err).Error("failed to get layout metrics") + return err + } + + width, height := int64(math.Ceil(contentSize.Width)), + int64(math.Ceil(contentSize.Height)) + + // force viewport emulation + err = emulation.SetDeviceMetricsOverride(width, height, 1, false). + WithScreenOrientation(&emulation.ScreenOrientation{ + Type: emulation.OrientationTypePortraitPrimary, + Angle: 0, + }).Do(ctx) + if err != nil { + log.WithError(err).Error("failed to override device metrics") + return err + } + + // capture screenshot + buf, err = page.CaptureScreenshot(). + WithQuality(100). + WithClip(&page.Viewport{ + X: contentSize.X, + Y: contentSize.Y, + Width: contentSize.Width, + Height: contentSize.Height, + Scale: 2, + }).Do(ctx) + if err != nil { + log.WithError(err).Error("failed to take screenshot") + return err + } + return nil + })); err != nil { + log.WithError(err).WithFields(log.Fields{ + "Payload": payload, + }).Error("unexpected error while exploiting the vulnerability") + return err + } + + if err := os.WriteFile(imagePath+"3.png", buf, 0644); err != nil { + log.WithError(err).Error("failed to write screenshot to disk") + } + + if storedXSSTresSuccess { + errMsg := "failure: Stored XSS Tres ran successfully" + return errors.New(errMsg) + } + + log.WithFields(log.Fields{ + "Payload": payload, + }).Info(color.GreenString("Success: Stored XSS Tres failed to run")) + + return nil +} diff --git a/cmd/StoredXSSUno.go b/cmd/storedXSSUno.go similarity index 92% rename from cmd/StoredXSSUno.go rename to cmd/storedXSSUno.go index 7112fde..62b6c67 100644 --- a/cmd/StoredXSSUno.go +++ b/cmd/storedXSSUno.go @@ -40,17 +40,16 @@ import ( ) var ( - // StoredXSSUnoCmd runs the XSS vulnerability found before DEF CON 30. - StoredXSSUnoCmd = &cobra.Command{ - Use: "StoredXSSUno", - Short: "Stored XSS found during DEF CON 30.", + storedXSSUnoCmd = &cobra.Command{ + Use: "storedXSSUno", + Short: "First stored XSS found in MITRE Caldera by Jayson Grace from Meta's Purple Team", Run: func(cmd *cobra.Command, args []string) { fmt.Println(color.YellowString( "Introducing stored XSS vulnerability #1, please wait...")) caldera.URL = viper.GetString("login_url") caldera.RepoPath = viper.GetString("repo_path") - caldera.Creds, err = GetRedCreds(caldera.RepoPath) + caldera.Creds, err = getRedCreds(caldera.RepoPath) if err != nil { log.WithError(err).Fatalf( "failed to get Caldera credentials: %v", err) @@ -66,7 +65,7 @@ var ( caldera.Driver = driver - caldera, err = Login(caldera) + caldera, err = login(caldera) if err != nil { log.WithError(err).Fatal("failed to login to caldera") } @@ -84,7 +83,7 @@ var ( ) func init() { - rootCmd.AddCommand(StoredXSSUnoCmd) + rootCmd.AddCommand(storedXSSUnoCmd) storedXSSUnoSuccess = false } @@ -113,7 +112,8 @@ func storedXSSUnoVuln(payload string) error { storedXSSUnoSuccess = true if err != nil { - panic(err) + log.WithError(err).Errorf("failed to handle js: %v", err) + return } }() } @@ -166,7 +166,7 @@ func storedXSSUnoVuln(payload string) error { })); err != nil { log.WithError(err).WithFields(log.Fields{ "Payload": payload, - }).Error("unexpected error while introducing the exploit") + }).Error("unexpected error while exploiting the vulnerability") return err } diff --git a/cmd/TestEnv.go b/cmd/testEnv.go similarity index 80% rename from cmd/TestEnv.go rename to cmd/testEnv.go index e5a2755..de882ce 100644 --- a/cmd/TestEnv.go +++ b/cmd/testEnv.go @@ -24,7 +24,6 @@ package cmd import ( "fmt" - "os" "path/filepath" "github.com/bitfield/script" @@ -36,9 +35,9 @@ import ( ) var ( - // TestEnvCmd represents the TestEnv command - TestEnvCmd = &cobra.Command{ - Use: "TestEnv", + // testEnvCmd represents the testEnv command + testEnvCmd = &cobra.Command{ + Use: "testEnv", Short: "Create/Destroy test environment", Long: `Facilitate the creation or destruction of a test environment using docker compose.`, @@ -52,50 +51,45 @@ var ( if err := goutils.Cd(caldera.RepoPath); err != nil { log.WithError(err).WithFields(log.Fields{ "Repo Path": caldera.RepoPath, - }).Error("failed to navigate to the caldera repo") - os.Exit(1) + }).Fatal("failed to navigate to the caldera repo") } if vuln { - if err = CreateTestEnvVuln(); err != nil { - log.WithError(err).Error("failed to create vulnerable test environment") - os.Exit(1) + if err = createTestEnvVuln(); err != nil { + log.WithError(err).Fatal("failed to create vulnerable test environment") } } else if destroy { - if err = DestroyTestEnv(); err != nil { - log.WithError(err).Error("failed to destroy test environment") - os.Exit(1) + if err = destroyTestEnv(); err != nil { + log.WithError(err).Fatal("failed to destroy test environment") } } else if recent { - if err = CreateTestEnvRecent(); err != nil { - log.WithError(err).Error("failed to create recent test environment") - os.Exit(1) + if err = createTestEnvRecent(); err != nil { + log.WithError(err).Fatal("failed to create recent test environment") } } if err := goutils.Cd(cwd); err != nil { log.WithError(err).WithFields(log.Fields{ "Current Working Directory": cwd, - }).Error("failed to navigate back from the caldera repo") - os.Exit(1) + }).Fatal("failed to navigate back from the caldera repo") } }, } ) func init() { - rootCmd.AddCommand(TestEnvCmd) - TestEnvCmd.Flags().BoolP( + rootCmd.AddCommand(testEnvCmd) + testEnvCmd.Flags().BoolP( "vuln", "v", false, "Create vulnerable test environment.") - TestEnvCmd.Flags().BoolP( + testEnvCmd.Flags().BoolP( "recent", "r", false, "Create test environment with the most "+ "recent commit to the CALDERA's default branch.") - TestEnvCmd.Flags().BoolP( + testEnvCmd.Flags().BoolP( "destroy", "d", false, "Destroy the test environment.") } -// CreateTestEnvVuln deploys an insecure version of Caldera using docker compose. -func CreateTestEnvVuln() error { +// createTestEnvVuln deploys an insecure version of Caldera using docker compose. +func createTestEnvVuln() error { fmt.Println(color.YellowString( "Deploying Caldera container via docker compose, please wait...")) @@ -132,8 +126,8 @@ func CreateTestEnvVuln() error { return nil } -// CreateTestEnvRecent deploys the most recent version of Caldera using docker compose. -func CreateTestEnvRecent() error { +// createTestEnvRecent deploys the most recent version of Caldera using docker compose. +func createTestEnvRecent() error { fmt.Println(color.YellowString( "Deploying CALDERA container via docker compose, please wait...")) @@ -152,8 +146,8 @@ func CreateTestEnvRecent() error { return nil } -// DestroyTestEnv destroys a CALDERA deployment created using docker compose -func DestroyTestEnv() error { +// destroyTestEnv destroys a CALDERA deployment created using docker compose +func destroyTestEnv() error { fmt.Println(color.YellowString( "Destroying CALDERA container via docker compose, please wait...")) _, err := script.Exec("docker-compose down -v").Stdout() diff --git a/go.mod b/go.mod index 7b6c2d5..a3d1da3 100644 --- a/go.mod +++ b/go.mod @@ -6,8 +6,8 @@ require ( github.com/bitfield/script v0.21.4 github.com/chromedp/cdproto v0.0.0-20230220211738-2b1ec77315c9 github.com/chromedp/chromedp v0.9.1 - github.com/fatih/color v1.14.1 - github.com/l50/goutils v1.2.2 + github.com/fatih/color v1.15.0 + github.com/l50/goutils v1.2.5 github.com/magefile/mage v1.14.0 github.com/sirupsen/logrus v1.9.0 github.com/spf13/cobra v1.6.0 @@ -27,7 +27,7 @@ require ( github.com/glendc/go-external-ip v0.1.0 // indirect github.com/go-git/gcfg v1.5.0 // indirect github.com/go-git/go-billy/v5 v5.4.1 // indirect - github.com/go-git/go-git/v5 v5.6.0 // indirect + github.com/go-git/go-git/v5 v5.6.1 // indirect github.com/go-ole/go-ole v1.2.6 // indirect github.com/gobwas/httphead v0.1.0 // indirect github.com/gobwas/pool v0.2.1 // indirect @@ -71,7 +71,7 @@ require ( golang.org/x/net v0.8.0 // indirect golang.org/x/sys v0.6.0 // indirect golang.org/x/text v0.8.0 // indirect - golang.org/x/tools v0.6.0 // indirect + golang.org/x/tools v0.7.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 7a9695f..06574de 100644 --- a/go.sum +++ b/go.sum @@ -43,10 +43,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= -github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= -github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= @@ -88,8 +86,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= -github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= +github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= +github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= @@ -100,13 +98,12 @@ github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4x github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -github.com/go-git/go-billy/v5 v5.4.0/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ= github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo= -github.com/go-git/go-git/v5 v5.6.0 h1:JvBdYfcttd+0kdpuWO7KTu0FYgCf5W0t5VwkWGobaa4= -github.com/go-git/go-git/v5 v5.6.0/go.mod h1:6nmJ0tJ3N4noMV1Omv7rC5FG3/o8Cm51TB4CJp7mRmE= +github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk= +github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC2MDs4ee8= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -210,8 +207,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/l50/goutils v1.2.2 h1:NuawIYgN9XZyWrAMB2ufzxPK713+UdUQr5zT50FmnS4= -github.com/l50/goutils v1.2.2/go.mod h1:vu6oFBRNxpvcoBb00SO0ydIUMHfhYExW5gGyA2QJdhk= +github.com/l50/goutils v1.2.5 h1:99lJWJdKXts7QapLCHKqxbe7QOCwSodL4cSaYIk0T80= +github.com/l50/goutils v1.2.5/go.mod h1:qJpDeDwj4ydUCR5EgDNR+Tu6+PwS7BykDYECjwMLy58= github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80 h1:6Yzfa6GP0rIo/kULo2bwGEkFvCePZ3qHDDTC3/J9Swo= github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= @@ -337,7 +334,7 @@ golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -412,7 +409,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -497,7 +495,7 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -508,6 +506,7 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -562,8 +561,8 @@ golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= -golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= +golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=