GithubHelp home page GithubHelp logo

matverseny-backend's People

Contributors

twodcube avatar smrtrfszm avatar dependabot[bot] avatar mend-bolt-for-github[bot] avatar

Stargazers

avatar avatar

Watchers

James Cloos avatar avatar

Forkers

smrtrfszm

matverseny-backend's Issues

CVE-2021-33196 (High) detected in github.com/klauspost/compress-v1.9.5

CVE-2021-33196 - High Severity Vulnerability

Vulnerable Library - github.com/klauspost/compress-v1.9.5

Optimized compression packages

Dependency Hierarchy:

  • github.com/mongodb/mongo-go-driver-v1.5.3 (Root Library)
    • github.com/klauspost/compress-v1.9.5 (Vulnerable Library)

Found in HEAD commit: b560a34b38fb757b01ca792c43af36829c0ffd50

Found in base branch: master

Vulnerability Details

In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

Publish Date: 2021-08-02

URL: CVE-2021-33196

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: golang/go@74242ba

Release Date: 2021-05-25

Fix Resolution: Replace or update the following files: reader.go, reader_test.go

Step up your Open Source Security Game with WhiteSource here

CVE-2021-27919 (Medium) detected in github.com/klauspost/compress-v1.9.5

CVE-2021-27919 - Medium Severity Vulnerability

Vulnerable Library - github.com/klauspost/compress-v1.9.5

Optimized compression packages

Dependency Hierarchy:

  • github.com/mongodb/mongo-go-driver-v1.5.3 (Root Library)
    • github.com/klauspost/compress-v1.9.5 (Vulnerable Library)

Found in HEAD commit: b560a34b38fb757b01ca792c43af36829c0ffd50

Found in base branch: master

Vulnerability Details

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

Publish Date: 2021-03-11

URL: CVE-2021-27919

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw?pli=1

Release Date: 2021-03-11

Fix Resolution: 1.16.1

Step up your Open Source Security Game with WhiteSource here

Send every team's statistics in superadmin GetResults

The map in the GetResults response should contain all the teams even if they have 0 answers. Or there should be a way to query all team names.

Because the backend doesn't provide enough information to make good charts.

CVE-2020-29652 (High) detected in github.com/golang/crypto-ab33eee955e00ff7c973405b2780aca48d293014

CVE-2020-29652 - High Severity Vulnerability

Vulnerable Library - github.com/golang/crypto-ab33eee955e00ff7c973405b2780aca48d293014

[mirror] Go supplementary cryptography libraries

Dependency Hierarchy:

  • github.com/golang/crypto-ab33eee955e00ff7c973405b2780aca48d293014 (Vulnerable Library)

Found in HEAD commit: b560a34b38fb757b01ca792c43af36829c0ffd50

Found in base branch: master

Vulnerability Details

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

Publish Date: 2020-12-17

URL: CVE-2020-29652

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1

Release Date: 2020-12-17

Fix Resolution: v0.0.0-20201216223049-8b5274cf687f

Step up your Open Source Security Game with WhiteSource here

lock table during scaleup CrashLoopBackoff 

2023-03-14T11:05:34.604566Z ERROR matverseny_backend::utils::panic: 23: PANIC! /builder/app/src/utils/problems.rs:48: failed to lock tables: Exec(SqlxError(Database(PgDatabaseError { severity: Error, code: "25006", message: "cannot execute LOCK TABLE during recovery", detail: None, hint: None, position: None, where: None, schema: None, table: None, column: None, data_type: None, constraint: None, file: Some("utility.c"), line: Some(455), routine: Some("PreventCommandDuringRecovery") })))

order api is fucked

admin order get and the one streamed over ws for the competitors is different. The ws one looks correct.

Crash when databases and proxy are restarted

Only happened on the competition page

Logs:

{"level":"info","message":"Trying to connect to rabbitmq..."}
{"level":"info","message":"Connected to rabbitmq"}
{"level":"info","message":"Listening on port: 6969"}
{"level":"info","message":"finished unary call with code OK","grpc.start_time":"2021-08-07T21:34:26+02:00","system":"grpc","span.kind":"server","grpc.service":"auth.Auth","grpc.method":"RefreshToken","grpc.code":"OK","grpc.time_ms":2089.929931640625}
{"level":"info","message":"finished unary call with code OK","grpc.start_time":"2021-08-07T21:34:26+02:00","system":"grpc","span.kind":"server","grpc.service":"auth.Auth","grpc.method":"RefreshToken","grpc.code":"OK","grpc.time_ms":2097.85107421875}
{"level":"info","message":"finished unary call with code OK","grpc.start_time":"2021-08-07T21:34:26+02:00","system":"grpc","span.kind":"server","grpc.service":"auth.Auth","grpc.method":"RefreshToken","grpc.code":"OK","grpc.time_ms":2114.37109375}
{"level":"info","message":"finished unary call with code OK","grpc.start_time":"2021-08-07T21:34:26+02:00","system":"grpc","span.kind":"server","grpc.service":"auth.Auth","grpc.method":"RefreshToken","grpc.code":"OK","grpc.time_ms":2099.908935546875}
{"level":"info","message":"finished unary call with code OK","grpc.start_time":"2021-08-07T21:34:26+02:00","system":"grpc","span.kind":"server","grpc.service":"auth.Auth","grpc.method":"RefreshToken","grpc.code":"OK","grpc.time_ms":2090.735107421875}
{"level":"info","message":"finished unary call with code OK","grpc.start_time":"2021-08-07T21:34:26+02:00","system":"grpc","span.kind":"server","grpc.service":"auth.Auth","grpc.method":"RefreshToken","grpc.code":"OK","grpc.time_ms":2115.375}
{"level":"info","message":"finished unary call with code OK","grpc.start_time":"2021-08-07T21:34:28+02:00","system":"grpc","span.kind":"server","grpc.service":"auth.Auth","grpc.method":"RefreshToken","grpc.code":"OK","grpc.time_ms":0.5979999899864197}
panic: Exception (504) Reason: "channel/connection is not open"

goroutine 276 [running]:
matverseny-backend/events.ConsumeProblem(0x10bd800, 0xc000126b70, 0xc000126b70, 0x1, 0xc0000a8500)
	/home/smrtrfszm/dev/matverseny-backend/events/problems.go:43 +0x277
matverseny-backend/handler.(*competitionHandler).GetProblems(0xc000496360, 0xc000126ba0, 0x10c4468, 0xc000032520, 0x0, 0x0)
	/home/smrtrfszm/dev/matverseny-backend/handler/competition.go:67 +0x20c
matverseny-backend/proto._Competition_GetProblems_Handler(0xdebcc0, 0xc000496360, 0x10c1c58, 0xc00012a260, 0x24, 0x10bd800)
	/home/smrtrfszm/dev/matverseny-backend/proto/competition_grpc.pb.go:185 +0x113
github.com/grpc-ecosystem/go-grpc-middleware/auth.StreamServerInterceptor.func1(0xdebcc0, 0xc000496360, 0x10c1c58, 0xc00012a260, 0xc0001142e8, 0xed53b0, 0x1, 0xc00012a260)
	/home/smrtrfszm/dev/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/auth/auth.go:66 +0x136
github.com/grpc-ecosystem/go-grpc-middleware.ChainStreamServer.func1.1.1(0xdebcc0, 0xc000496360, 0x10c1c58, 0xc00012a260, 0x24, 0xc03bd5f109c349a8)
	/home/smrtrfszm/dev/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/chain.go:49 +0x5f
github.com/grpc-ecosystem/go-grpc-middleware/logging/zap.StreamServerInterceptor.func1(0xdebcc0, 0xc000496360, 0x10c1ee0, 0xc0001e2300, 0xc0001142e8, 0xc00012a1c0, 0xc00012a1e0, 0xc0001142e8)
	/home/smrtrfszm/dev/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/logging/zap/server_interceptors.go:53 +0x19d
github.com/grpc-ecosystem/go-grpc-middleware.ChainStreamServer.func1.1.1(0xdebcc0, 0xc000496360, 0x10c1ee0, 0xc0001e2300, 0xc000610c70, 0x40fc38)
	/home/smrtrfszm/dev/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/chain.go:49 +0x5f
github.com/grpc-ecosystem/go-grpc-middleware.ChainStreamServer.func1(0xdebcc0, 0xc000496360, 0x10c1ee0, 0xc0001e2300, 0xc0001142e8, 0xed53b0, 0x10bd800, 0xc000126900)
	/home/smrtrfszm/dev/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/chain.go:58 +0xd1
google.golang.org/grpc.(*Server).processStreamingRPC(0xc0001f2fc0, 0x10c59d8, 0xc0001bea80, 0xc0004846c0, 0xc000496bd0, 0x159c220, 0x0, 0x0, 0x0)
	/home/smrtrfszm/dev/go/pkg/mod/google.golang.org/[email protected]/server.go:1540 +0x535
google.golang.org/grpc.(*Server).handleStream(0xc0001f2fc0, 0x10c59d8, 0xc0001bea80, 0xc0004846c0, 0x0)
	/home/smrtrfszm/dev/go/pkg/mod/google.golang.org/[email protected]/server.go:1613 +0xca5
google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc000512960, 0xc0001f2fc0, 0x10c59d8, 0xc0001bea80, 0xc0004846c0)
	/home/smrtrfszm/dev/go/pkg/mod/google.golang.org/[email protected]/server.go:934 +0xab
created by google.golang.org/grpc.(*Server).serveStreams.func1
	/home/smrtrfszm/dev/go/pkg/mod/google.golang.org/[email protected]/server.go:932 +0x1fd
exit status 2

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.