CVE-2020-25614: Update xmlquery, jsonquery and xpath packages. (#58)

Updated xmlquery version from 1.2.1 to 1.3.1
Updated jsonquery version from 1.1.0 to 1.1.4
Updated xpath version from 1.1.2 to 1.1.10

Updated patch files as package version are updated.

Author: maheshwari-mayank

go.mod

@@ -2,11 +2,12 @@ module github.com/Azure/sonic-mgmt-common
 
 require (
 	github.com/Workiva/go-datastructures v1.0.50
-	github.com/antchfx/jsonquery v1.1.0
-	github.com/antchfx/xmlquery v1.2.1
-	github.com/antchfx/xpath v1.1.2
+	github.com/antchfx/jsonquery v1.1.4
+	github.com/antchfx/xmlquery v1.3.1
+	github.com/antchfx/xpath v1.1.10
 	github.com/go-redis/redis v6.15.6+incompatible
 	github.com/go-redis/redis/v7 v7.0.0-beta.3.0.20190824101152-d19aba07b476
+	github.com/godbus/dbus/v5 v5.1.0
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/openconfig/gnmi v0.0.0-20200617225440-d2b4e6a45802

go.sum

@@ -2,12 +2,13 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Workiva/go-datastructures v1.0.50 h1:slDmfW6KCHcC7U+LP3DDBbm4fqTwZGn1beOFPfGaLvo=
 github.com/Workiva/go-datastructures v1.0.50/go.mod h1:Z+F2Rca0qCsVYDS8z7bAGm8f3UkzuWYS/oBZz5a7VVA=
-github.com/antchfx/jsonquery v1.1.0 h1:ZeqeHheI8WsEN5blUqZXZ30w2jrbFvlQIq5B7X7Z86E=
-github.com/antchfx/jsonquery v1.1.0/go.mod h1:h7950pvPrUZzJIflNqsELgDQovTpPNa0rAHf8NwjegY=
-github.com/antchfx/xmlquery v1.2.1 h1:wE4xjHrqOScP440wdv23Xkg0Gr8JryW0ptqodPH+y2U=
-github.com/antchfx/xmlquery v1.2.1/go.mod h1:/+CnyD/DzHRnv2eRxrVbieRU/FIF6N0C+7oTtyUtCKk=
-github.com/antchfx/xpath v1.1.2 h1:YziPrtM0gEJBnhdUGxYcIVYXZ8FXbtbovxOi+UW/yWQ=
-github.com/antchfx/xpath v1.1.2/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk=
+github.com/antchfx/jsonquery v1.1.4 h1:+OlFO3QS9wjU0MKx9MgHm5f6o6hdd4e9mUTp0wTjxlM=
+github.com/antchfx/jsonquery v1.1.4/go.mod h1:cHs8r6Bymd8j6HI6Ej1IJbjahKvLBcIEh54dfmo+E9A=
+github.com/antchfx/xmlquery v1.3.1 h1:nIKWdtnhrXtj0/IRUAAw2I7TfpHUa3zMnHvNmPXFg+w=
+github.com/antchfx/xmlquery v1.3.1/go.mod h1:64w0Xesg2sTaawIdNqMB+7qaW/bSqkQm+ssPaCMWNnc=
+github.com/antchfx/xpath v1.1.7/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk=
+github.com/antchfx/xpath v1.1.10 h1:cJ0pOvEdN/WvYXxvRrzQH9x5QWKpzHacYO8qzCcDYAg=
+github.com/antchfx/xpath v1.1.10/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk=
 github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -21,6 +22,8 @@ github.com/go-redis/redis v6.15.6+incompatible h1:H9evprGPLI8+ci7fxQx6WNZHJSb7be
 github.com/go-redis/redis v6.15.6+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-redis/redis/v7 v7.0.0-beta.3.0.20190824101152-d19aba07b476 h1:WNSiFp8Ww4ZP7XUzW56zDYv5roKQ4VfsdHCLoh8oDj4=
 github.com/go-redis/redis/v7 v7.0.0-beta.3.0.20190824101152-d19aba07b476/go.mod h1:xhhSbUMTsleRPur+Vgx9sUHtyN33bdjxY+9/0n9Ig8s=
+github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
+github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
@@ -74,6 +77,7 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -87,6 +91,8 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc h1:zK/HqS5bZxDptfPJNq8v7vJfXtkU7r9TLIoSr1bXaP4=
+golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -97,6 +103,8 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

patches/jsonquery.patch

@@ -1,5 +1,5 @@
 diff --git a/node.go b/node.go
-index 76032bb..f6103d9 100644
+index 4b28b32..afeed80 100644
 --- a/node.go
 +++ b/node.go
 @@ -8,6 +8,7 @@ import (
@@ -10,7 +10,7 @@ index 76032bb..f6103d9 100644
  )
 
  // A NodeType is the type of a Node.
-@@ -110,6 +111,29 @@ func parseValue(x interface{}, top *Node, level int) {
+@@ -143,6 +144,29 @@ func parseValue(x interface{}, top *Node, level int) {
  			addNode(n)
  			parseValue(vv, n, level+1)
  		}
@@ -40,7 +40,7 @@ index 76032bb..f6103d9 100644
  	case map[string]interface{}:
  		// The Go’s map iteration order is random.
  		// (https://blog.golang.org/go-maps-in-action#Iteration-order)
-@@ -119,9 +143,21 @@ func parseValue(x interface{}, top *Node, level int) {
+@@ -152,9 +176,21 @@ func parseValue(x interface{}, top *Node, level int) {
  		}
  		sort.Strings(keys)
  		for _, key := range keys {
@@ -64,7 +64,7 @@ index 76032bb..f6103d9 100644
  		}
  	case string:
  		n := &Node{Data: v, Type: TextNode, level: level}
-@@ -155,3 +191,9 @@ func Parse(r io.Reader) (*Node, error) {
+@@ -188,3 +224,9 @@ func Parse(r io.Reader) (*Node, error) {
  	}
  	return parse(b)
  }
@@ -75,7 +75,7 @@ index 76032bb..f6103d9 100644
 +	return doc, nil
 +}
 diff --git a/query.go b/query.go
-index d105962..e8db1d6 100644
+index 6421801..e3df27a 100644
 --- a/query.go
 +++ b/query.go
 @@ -120,6 +120,14 @@ func (a *NodeNavigator) MoveToRoot() {

patches/xmlquery.patch

@@ -1,17 +1,17 @@
 diff --git a/node.go b/node.go
-index e86c0c3..028867c 100644
+index e053748..1c9a529 100644
 --- a/node.go
 +++ b/node.go
-@@ -48,7 +48,7 @@ type Node struct {
+@@ -45,7 +45,7 @@ type Node struct {
 
  // InnerText returns the text between the start and end tags of the object.
  func (n *Node) InnerText() string {
 -	var output func(*bytes.Buffer, *Node)
 +	/*var output func(*bytes.Buffer, *Node)
  	output = func(buf *bytes.Buffer, n *Node) {
  		switch n.Type {
- 		case TextNode:
-@@ -64,7 +64,18 @@ func (n *Node) InnerText() string {
+ 		case TextNode, CharDataNode:
+@@ -60,7 +60,18 @@ func (n *Node) InnerText() string {
 
  	var buf bytes.Buffer
  	output(&buf, n)
@@ -32,7 +32,7 @@ index e86c0c3..028867c 100644
 
  func (n *Node) sanitizedData(preserveSpaces bool) string {
 diff --git a/query.go b/query.go
-index 146c2a4..f21b61b 100644
+index c148e5f..4ac76af 100644
 --- a/query.go
 +++ b/query.go
 @@ -49,6 +49,29 @@ func CreateXPathNavigator(top *Node) *NodeNavigator {
@@ -65,7 +65,7 @@ index 146c2a4..f21b61b 100644
  func getCurrentNode(it *xpath.NodeIterator) *Node {
  	n := it.Current().(*NodeNavigator)
  	if n.NodeType() == xpath.AttributeNode {
-@@ -145,7 +168,7 @@ func FindEachWithBreak(top *Node, expr string, cb func(int, *Node) bool) {
+@@ -146,7 +169,7 @@ func FindEachWithBreak(top *Node, expr string, cb func(int, *Node) bool) {
  }
 
  type NodeNavigator struct {
@@ -74,7 +74,7 @@ index 146c2a4..f21b61b 100644
  	attr       int
  }
 
-@@ -212,6 +235,17 @@ func (x *NodeNavigator) MoveToRoot() {
+@@ -217,6 +240,17 @@ func (x *NodeNavigator) MoveToRoot() {
  	x.curr = x.root
  }