Skip to content

RHODA-lab/sample-component-golang

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.tekton
.tekton
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Sample Golang Component for Testing Konflux

This is an example Golang component for testing Konflux.

What It Does

The component is a minimal HTTP server written in Go. It listens on port 8080 (configurable via the PORT environment variable) and responds with Hello World! on the root path. It uses the Accept-Language header to detect the client's preferred language via golang.org/x/text.

Dependency with a Known CVE

This component intentionally includes golang.org/x/text at version v0.3.6, which has the following known vulnerabilities:

CVE Severity Description
CVE-2021-38561 High (7.5) Out-of-bounds read in language.ParseAcceptLanguage
CVE-2022-32149 High (7.5) Denial of service via crafted Accept-Language header

This is useful for demonstrating that Konflux can detect CVEs in application dependencies.

Fixing the CVEs

To resolve the vulnerabilities, upgrade golang.org/x/text to version v0.3.8 or later:

go get golang.org/x/text@latest
go mod tidy

After upgrading, rebuild the component and push the changes. Konflux will verify that the CVEs are no longer present.

Running Locally

go run main.go

Then visit http://localhost:8080.

About

A simple golang application for trying out Konflux

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Dockerfile 63.9%
  • Go 36.1%