temporalio / hello-world-project-template-go Goto Github PK

View Code? Open in Web Editor NEW

7.0 11.0 11.0 35 KB

License: MIT License

Go 100.00%

hello-world-project-template-go's Introduction

hello-world-project-template-go

This is the Hello World project which has all the basic files explained in our Hello World Tutorial.

Instructions

Ensure you have Go 1.16 or later installed locally, and that you have Docker installed to run the Temporal Cluster.

Clone this repository:

git clone https://github.com/temporalio/hello-world-project-template-go

Install and run the Temporal Server using docker compose.

git clone https://github.com/temporalio/docker-compose.git
cd docker-compose
docker compose up

You can now view Temporal Web at http://localhost:8080.

Run the worker and starter included in the project.

go run worker/main.go
go run start/main.go

If you have nodemon installed, you can automatically reload when you change any files: nodemon --watch './**/*.go' --signal SIGTERM --exec 'go' run worker/main.go

hello-world-project-template-go's People

Contributors

Stargazers

Watchers

Forkers

fastinetserver revolyssup thienohs pedronet4k chandurreddy91 isabella232 jeffhubcb comerc ohamzabenali qiuzhanghua yujunz

hello-world-project-template-go's Issues

Update documentation to reflect Temporal CLI rather than Docker

Once the CLI is officially our blessed option, we should update this + the other Hello World repos to reflect it

go.temporal.io/sdk-v1.17.0: 1 vulnerabilities (highest severity is: 7.5) - autoclosed

Vulnerable Library - go.temporal.io/sdk-v1.17.0

Found in HEAD commit: 77f4fdadcc5331a6e288513d4cd021f2e4d56dec

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (go.temporal.io/sdk-v1.17.0 version)	Remediation Available
CVE-2022-41721	High	7.5	golang.org/x/net-v0.0.0-20220906165146-f3363e06e74c	Transitive	N/A*	❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-41721

Vulnerable Library - golang.org/x/net-v0.0.0-20220906165146-f3363e06e74c

Library home page: https://proxy.golang.org/golang.org/x/net/@v/v0.0.0-20220906165146-f3363e06e74c.zip

Dependency Hierarchy:

go.temporal.io/sdk-v1.17.0 (Root Library)
- github.com/grpc-ecosystem/go-grpc-middleware-v1.3.0
  - ❌ golang.org/x/net-v0.0.0-20220906165146-f3363e06e74c (Vulnerable Library)

Found in HEAD commit: 77f4fdadcc5331a6e288513d4cd021f2e4d56dec

Found in base branch: main

Vulnerability Details

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.

Publish Date: 2023-01-13

URL: CVE-2022-41721

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2023-01-13

Fix Resolution: v0.2.0

github.com/temporalio/sdk-go-v1.1.0: 6 vulnerabilities (highest severity is: 8.6) - autoclosed

Vulnerable Library - github.com/temporalio/sdk-go-v1.1.0

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in	Remediation Available
CVE-2021-3121	High	8.6	github.com/gogo/protobuf-v1.3.1	Transitive	N/A	❌
CVE-2019-0205	High	7.5	github.com/uber-go/tally-v3.3.17	Transitive	N/A	❌
CVE-2020-28851	High	7.5	github.com/golang/text-v0.3.3	Transitive	N/A	❌
CVE-2020-28852	High	7.5	github.com/golang/text-v0.3.3	Transitive	N/A	❌
CVE-2021-38561	High	7.5	github.com/golang/text-v0.3.3	Transitive	N/A	❌
CVE-2019-0210	High	7.5	github.com/uber-go/tally-v3.3.17	Transitive	N/A	❌

Details

CVE-2021-3121

Vulnerable Library - github.com/gogo/protobuf-v1.3.1

Protocol Buffers for Go with Gadgets

Dependency Hierarchy:

github.com/temporalio/sdk-go-v1.1.0 (Root Library)
- ❌ github.com/gogo/protobuf-v1.3.1 (Vulnerable Library)

Found in base branch: main

Vulnerability Details

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.

Publish Date: 2021-01-11

URL: CVE-2021-3121

CVSS 3 Score Details (8.6)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121

Release Date: 2021-01-11

Fix Resolution: v1.3.2

CVE-2019-0205

Vulnerable Library - github.com/uber-go/tally-v3.3.17

A Go metrics interface with fast buffered metrics and third party reporters

Dependency Hierarchy:

github.com/temporalio/sdk-go-v1.1.0 (Root Library)
- ❌ github.com/uber-go/tally-v3.3.17 (Vulnerable Library)

Found in base branch: main

Vulnerability Details

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

Publish Date: 2019-10-29

URL: CVE-2019-0205

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0205

Release Date: 2019-10-29

Fix Resolution: org.apache.thrift:libthrift:0.13.0

CVE-2020-28851

Vulnerable Library - github.com/golang/text-v0.3.3

[mirror] Go text processing support

Dependency Hierarchy:

github.com/temporalio/sdk-go-v1.1.0 (Root Library)
- github.com/grpc/grpc-go-v1.32.0
  - github.com/golang/net-de3da57026dec695a705c07b5db51ef7a5252239
    - ❌ github.com/golang/text-v0.3.3 (Vulnerable Library)

Found in base branch: main

Vulnerability Details

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

Publish Date: 2021-01-02

URL: CVE-2020-28851

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-28851

Release Date: 2021-01-02

Fix Resolution: golang-golang-x-text-dev - 0.3.6-1,0.3.6-1

CVE-2020-28852

Vulnerable Library - github.com/golang/text-v0.3.3

[mirror] Go text processing support

Dependency Hierarchy:

github.com/temporalio/sdk-go-v1.1.0 (Root Library)
- github.com/grpc/grpc-go-v1.32.0
  - github.com/golang/net-de3da57026dec695a705c07b5db51ef7a5252239
    - ❌ github.com/golang/text-v0.3.3 (Vulnerable Library)

Found in base branch: main

Vulnerability Details

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

Publish Date: 2021-01-02

URL: CVE-2020-28852

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-28852

Release Date: 2021-01-02

Fix Resolution: golang-golang-x-text-dev - 0.3.5-1,0.3.5-1

CVE-2021-38561

Vulnerable Library - github.com/golang/text-v0.3.3

[mirror] Go text processing support

Dependency Hierarchy:

github.com/temporalio/sdk-go-v1.1.0 (Root Library)
- github.com/grpc/grpc-go-v1.32.0
  - github.com/golang/net-de3da57026dec695a705c07b5db51ef7a5252239
    - ❌ github.com/golang/text-v0.3.3 (Vulnerable Library)

Found in base branch: main

Vulnerability Details

Due to improper index calculation, an incorrectly formatted language tag can cause Parse
to panic, due to an out of bounds read. If Parse is used to process untrusted user inputs,
this may be used as a vector for a denial of service attack.

Publish Date: 2021-08-12

URL: CVE-2021-38561

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://osv.dev/vulnerability/GO-2021-0113

Release Date: 2021-08-12

Fix Resolution: v0.3.7

CVE-2019-0210

Vulnerable Library - github.com/uber-go/tally-v3.3.17

A Go metrics interface with fast buffered metrics and third party reporters

Dependency Hierarchy:

github.com/temporalio/sdk-go-v1.1.0 (Root Library)
- ❌ github.com/uber-go/tally-v3.3.17 (Vulnerable Library)

Found in base branch: main

Vulnerability Details

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

Publish Date: 2019-10-29

URL: CVE-2019-0210

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E

Release Date: 2019-10-29

Fix Resolution: 0.13.0

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.