golang
diff --git a/‎cmd/govulncheck/main_test.go
Lines changed: 17 additions & 0 deletions b/‎cmd/govulncheck/main_test.go
Lines changed: 17 additions & 0 deletions
diff --git a/‎cmd/govulncheck/testdata/testfiles/convert/convert_text.ct
Lines changed: 2 additions & 2 deletions b/‎cmd/govulncheck/testdata/testfiles/convert/convert_text.ct
Lines changed: 2 additions & 2 deletions
diff --git a/‎cmd/govulncheck/testdata/testfiles/source-call/source_call_json.ct
Lines changed: 30 additions & 30 deletions b/‎cmd/govulncheck/testdata/testfiles/source-call/source_call_json.ct
Lines changed: 30 additions & 30 deletions
diff --git a/‎cmd/govulncheck/testdata/testfiles/source-call/source_call_text.ct
Lines changed: 16 additions & 16 deletions b/‎cmd/govulncheck/testdata/testfiles/source-call/source_call_text.ct
Lines changed: 16 additions & 16 deletions
diff --git a/‎cmd/govulncheck/testdata/testfiles/source-call/source_multientry_json.ct
Lines changed: 21 additions & 21 deletions b/‎cmd/govulncheck/testdata/testfiles/source-call/source_multientry_json.ct
Lines changed: 21 additions & 21 deletions
diff --git a/‎cmd/govulncheck/testdata/testfiles/source-call/source_multientry_text.ct
Lines changed: 9 additions & 9 deletions b/‎cmd/govulncheck/testdata/testfiles/source-call/source_multientry_text.ct
Lines changed: 9 additions & 9 deletions
diff --git a/‎cmd/govulncheck/testdata/testfiles/source-call/source_replace_text.ct
Lines changed: 1 addition & 1 deletion b/‎cmd/govulncheck/testdata/testfiles/source-call/source_replace_text.ct
Lines changed: 1 addition & 1 deletion
@@ -51,6 +51,23 @@ var fixups = []fixup{
 			s := string(b)
 			return []byte(fmt.Sprintf(`.../%s%c`, filepath.Base(s[:len(s)-1]), s[len(s)-1]))
 		},
+	}, {
+		// modifies position lines to mask actual line and column with <l> and
+		// <c> placeholders, resp.
+		pattern: `\.go:(\d+):(\d+):`,
+		replace: `.go:<l>:<c>:`,
+	}, {
+		// modify position lines in json
+		pattern: `\"line\":(\s)*(\d+)`,
+		replace: `"line": <l>`,
+	}, {
+		// modify position columns in json
+		pattern: `\"column\":(\s)*(\d+)`,
+		replace: `"column": <c>`,
+	}, {
+		// modify position offset in json
+		pattern: `\"offset\":(\s)*(\d+)`,
+		replace: `"offset": <o>`,
 	}, {
 		// There was a one-line change in container/heap/heap.go between 1.18
 		// and 1.19 that makes the stack traces different. Ignore it.
 
@@ -14,7 +14,7 @@ Vulnerability #1: GO-2021-0265
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.9.3
     Example traces found:
-      #1: .../vuln.go:14:20: vuln.main calls gjson.Result.Get
+      #1: .../vuln.go:<l>:<c>: vuln.main calls gjson.Result.Get
 
 Vulnerability #2: GO-2021-0113
     Due to improper index calculation, an incorrectly formatted language tag can
@@ -26,7 +26,7 @@ Vulnerability #2: GO-2021-0113
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
     Example traces found:
-      #1: .../vuln.go:13:16: vuln.main calls language.Parse
+      #1: .../vuln.go:<l>:<c>: vuln.main calls language.Parse
 
 Your code is affected by 2 vulnerabilities from 2 modules.
 This scan also found 1 vulnerability in packages you import and 0
 
@@ -252,9 +252,9 @@ $ govulncheck -C ${moddir}/vuln -json ./...
         "receiver": "Result",
         "position": {
           "filename": ".../gjson.go",
-          "offset": 5744,
-          "line": 296,
-          "column": 17
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       },
       {
@@ -263,9 +263,9 @@ $ govulncheck -C ${moddir}/vuln -json ./...
         "function": "main",
         "position": {
           "filename": ".../vuln.go",
-          "offset": 183,
-          "line": 14,
-          "column": 20
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       }
     ]
@@ -373,9 +373,9 @@ $ govulncheck -C ${moddir}/vuln -json ./...
         "function": "Parse",
         "position": {
           "filename": ".../parse.go",
-          "offset": 5808,
-          "line": 228,
-          "column": 6
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       },
       {
@@ -384,9 +384,9 @@ $ govulncheck -C ${moddir}/vuln -json ./...
         "function": "main",
         "position": {
           "filename": ".../vuln.go",
-          "offset": 159,
-          "line": 13,
-          "column": 16
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       }
     ]
@@ -493,9 +493,9 @@ $ govulncheck -C ${moddir}/vuln -json ./...
         "receiver": "Result",
         "position": {
           "filename": ".../gjson.go",
-          "offset": 4415,
-          "line": 220,
-          "column": 17
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       },
       {
@@ -505,9 +505,9 @@ $ govulncheck -C ${moddir}/vuln -json ./...
         "function": "modPretty",
         "position": {
           "filename": ".../gjson.go",
-          "offset": 53718,
-          "line": 2631,
-          "column": 21
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       },
       {
@@ -517,9 +517,9 @@ $ govulncheck -C ${moddir}/vuln -json ./...
         "function": "execModifier",
         "position": {
           "filename": ".../gjson.go",
-          "offset": 52543,
-          "line": 2587,
-          "column": 21
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       },
       {
@@ -529,9 +529,9 @@ $ govulncheck -C ${moddir}/vuln -json ./...
         "function": "Get",
         "position": {
           "filename": ".../gjson.go",
-          "offset": 38077,
-          "line": 1881,
-          "column": 36
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       },
       {
@@ -542,9 +542,9 @@ $ govulncheck -C ${moddir}/vuln -json ./...
         "receiver": "Result",
         "position": {
           "filename": ".../gjson.go",
-          "offset": 5781,
-          "line": 297,
-          "column": 12
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       },
       {
@@ -553,9 +553,9 @@ $ govulncheck -C ${moddir}/vuln -json ./...
         "function": "main",
         "position": {
           "filename": ".../vuln.go",
-          "offset": 183,
-          "line": 14,
-          "column": 20
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       }
     ]
 
@@ -13,7 +13,7 @@ Vulnerability #1: GO-2021-0265
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.9.3
     Example traces found:
-      #1: .../vuln.go:14:20: vuln.main calls gjson.Result.Get
+      #1: .../vuln.go:<l>:<c>: vuln.main calls gjson.Result.Get
 
 Vulnerability #2: GO-2021-0113
     Due to improper index calculation, an incorrectly formatted language tag can
@@ -25,7 +25,7 @@ Vulnerability #2: GO-2021-0113
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
     Example traces found:
-      #1: .../vuln.go:13:16: vuln.main calls language.Parse
+      #1: .../vuln.go:<l>:<c>: vuln.main calls language.Parse
 
 Vulnerability #3: GO-2021-0054
     Due to improper bounds checking, maliciously crafted JSON objects can cause
@@ -36,7 +36,7 @@ Vulnerability #3: GO-2021-0054
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.6.6
     Example traces found:
-      #1: .../vuln.go:14:20: vuln.main calls gjson.Result.Get, which eventually calls gjson.Result.ForEach
+      #1: .../vuln.go:<l>:<c>: vuln.main calls gjson.Result.Get, which eventually calls gjson.Result.ForEach
 
 Your code is affected by 3 vulnerabilities from 2 modules.
 This scan also found 0 vulnerabilities in packages you import and 2
@@ -60,8 +60,8 @@ Vulnerability #1: GO-2021-0265
     Fixed in: github.com/tidwall/gjson@v1.9.3
     Example traces found:
       #1: for function github.com/tidwall/gjson.Result.Get
-        .../vuln.go:14:20: golang.org/vuln.main
-        .../gjson.go:296:17: github.com/tidwall/gjson.Result.Get
+        .../vuln.go:<l>:<c>: golang.org/vuln.main
+        .../gjson.go:<l>:<c>: github.com/tidwall/gjson.Result.Get
 
 Vulnerability #2: GO-2021-0113
     Due to improper index calculation, an incorrectly formatted language tag can
@@ -74,8 +74,8 @@ Vulnerability #2: GO-2021-0113
     Fixed in: golang.org/x/text@v0.3.7
     Example traces found:
       #1: for function golang.org/x/text/language.Parse
-        .../vuln.go:13:16: golang.org/vuln.main
-        .../parse.go:228:6: golang.org/x/text/language.Parse
+        .../vuln.go:<l>:<c>: golang.org/vuln.main
+        .../parse.go:<l>:<c>: golang.org/x/text/language.Parse
 
 Vulnerability #3: GO-2021-0054
     Due to improper bounds checking, maliciously crafted JSON objects can cause
@@ -87,12 +87,12 @@ Vulnerability #3: GO-2021-0054
     Fixed in: github.com/tidwall/gjson@v1.6.6
     Example traces found:
       #1: for function github.com/tidwall/gjson.Result.ForEach
-        .../vuln.go:14:20: golang.org/vuln.main
-        .../gjson.go:297:12: github.com/tidwall/gjson.Result.Get
-        .../gjson.go:1881:36: github.com/tidwall/gjson.Get
-        .../gjson.go:2587:21: github.com/tidwall/gjson.execModifier
-        .../gjson.go:2631:21: github.com/tidwall/gjson.modPretty
-        .../gjson.go:220:17: github.com/tidwall/gjson.Result.ForEach
+        .../vuln.go:<l>:<c>: golang.org/vuln.main
+        .../gjson.go:<l>:<c>: github.com/tidwall/gjson.Result.Get
+        .../gjson.go:<l>:<c>: github.com/tidwall/gjson.Get
+        .../gjson.go:<l>:<c>: github.com/tidwall/gjson.execModifier
+        .../gjson.go:<l>:<c>: github.com/tidwall/gjson.modPretty
+        .../gjson.go:<l>:<c>: github.com/tidwall/gjson.Result.ForEach
 
 Your code is affected by 3 vulnerabilities from 2 modules.
 This scan also found 0 vulnerabilities in packages you import and 2
@@ -115,7 +115,7 @@ Vulnerability #1: GO-2021-0265
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.9.3
     Example traces found:
-      #1: .../vuln.go:14:20: vuln.main calls gjson.Result.Get
+      #1: .../vuln.go:<l>:<c>: vuln.main calls gjson.Result.Get
 
 Vulnerability #2: GO-2021-0113
     Due to improper index calculation, an incorrectly formatted language tag can
@@ -127,7 +127,7 @@ Vulnerability #2: GO-2021-0113
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
     Example traces found:
-      #1: .../vuln.go:13:16: vuln.main calls language.Parse
+      #1: .../vuln.go:<l>:<c>: vuln.main calls language.Parse
 
 Vulnerability #3: GO-2021-0054
     Due to improper bounds checking, maliciously crafted JSON objects can cause
@@ -138,7 +138,7 @@ Vulnerability #3: GO-2021-0054
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.6.6
     Example traces found:
-      #1: .../vuln.go:14:20: vuln.main calls gjson.Result.Get, which eventually calls gjson.Result.ForEach
+      #1: .../vuln.go:<l>:<c>: vuln.main calls gjson.Result.Get, which eventually calls gjson.Result.ForEach
 
 === Package Results ===
 
 
@@ -243,9 +243,9 @@ $ govulncheck -json -C ${moddir}/multientry .
         "function": "MustParse",
         "position": {
           "filename": ".../tags.go",
-          "offset": 427,
-          "line": 13,
-          "column": 6
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       },
       {
@@ -254,9 +254,9 @@ $ govulncheck -json -C ${moddir}/multientry .
         "function": "foobar",
         "position": {
           "filename": ".../main.go",
-          "offset": 1694,
-          "line": 99,
-          "column": 20
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       },
       {
@@ -265,9 +265,9 @@ $ govulncheck -json -C ${moddir}/multientry .
         "function": "D",
         "position": {
           "filename": ".../main.go",
-          "offset": 705,
-          "line": 48,
-          "column": 8
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       },
       {
@@ -276,9 +276,9 @@ $ govulncheck -json -C ${moddir}/multientry .
         "function": "main",
         "position": {
           "filename": ".../main.go",
-          "offset": 441,
-          "line": 26,
-          "column": 3
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       }
     ]
@@ -296,9 +296,9 @@ $ govulncheck -json -C ${moddir}/multientry .
         "function": "Parse",
         "position": {
           "filename": ".../parse.go",
-          "offset": 1121,
-          "line": 33,
-          "column": 6
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       },
       {
@@ -307,9 +307,9 @@ $ govulncheck -json -C ${moddir}/multientry .
         "function": "C",
         "position": {
           "filename": ".../main.go",
-          "offset": 679,
-          "line": 44,
-          "column": 23
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       },
       {
@@ -318,9 +318,9 @@ $ govulncheck -json -C ${moddir}/multientry .
         "function": "main",
         "position": {
           "filename": ".../main.go",
-          "offset": 340,
-          "line": 22,
-          "column": 3
+          "offset": <o>,
+          "line": <l>,
+          "column": <c>
         }
       }
     ]
 
@@ -15,8 +15,8 @@ Vulnerability #1: GO-2021-0113
     Found in: golang.org/x/text@v0.3.5
     Fixed in: golang.org/x/text@v0.3.7
     Example traces found:
-      #1: .../main.go:99:20: multientry.foobar calls language.MustParse
-      #2: .../main.go:44:23: multientry.C calls language.Parse
+      #1: .../main.go:<l>:<c>: multientry.foobar calls language.MustParse
+      #2: .../main.go:<l>:<c>: multientry.C calls language.Parse
 
 Your code is affected by 1 vulnerability from 1 module.
 This scan also found 0 vulnerabilities in packages you import and 1
@@ -42,14 +42,14 @@ Vulnerability #1: GO-2021-0113
     Fixed in: golang.org/x/text@v0.3.7
     Example traces found:
       #1: for function golang.org/x/text/language.MustParse
-        .../main.go:26:3: golang.org/multientry.main
-        .../main.go:48:8: golang.org/multientry.D
-        .../main.go:99:20: golang.org/multientry.foobar
-        .../tags.go:13:6: golang.org/x/text/language.MustParse
+        .../main.go:<l>:<c>: golang.org/multientry.main
+        .../main.go:<l>:<c>: golang.org/multientry.D
+        .../main.go:<l>:<c>: golang.org/multientry.foobar
+        .../tags.go:<l>:<c>: golang.org/x/text/language.MustParse
       #2: for function golang.org/x/text/language.Parse
-        .../main.go:22:3: golang.org/multientry.main
-        .../main.go:44:23: golang.org/multientry.C
-        .../parse.go:33:6: golang.org/x/text/language.Parse
+        .../main.go:<l>:<c>: golang.org/multientry.main
+        .../main.go:<l>:<c>: golang.org/multientry.C
+        .../parse.go:<l>:<c>: golang.org/x/text/language.Parse
 
 === Package Results ===
 
 
@@ -16,7 +16,7 @@ Vulnerability #1: GO-2021-0113
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
     Example traces found:
-      #1: .../main.go:11:16: replace.main calls language.Parse
+      #1: .../main.go:<l>:<c>: replace.main calls language.Parse
 
 Your code is affected by 1 vulnerability from 1 module.
 This scan also found 0 vulnerabilities in packages you import and 2