data/reports: add skip_fix / fix formatting for some reports

Change-Id: If4cb3f9637dbd4676bfd56e68c55ce44703fe696 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466077 Auto-Submit: Tatiana Bradley <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Tim King <[email protected]> Run-TryBot: Tatiana Bradley <[email protected]>
golang · Feb 7, 2023 · 5de5ceb · 5de5ceb
1 parent f090099
commit 5de5ceb
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 5 deletions.
diff --git a/data/reports/GO-2022-0318.yaml b/data/reports/GO-2022-0318.yaml
@@ -10,7 +10,8 @@ modules:
         symbols:
           - codeRepo.convert
           - codeRepo.validatePseudoVersion
-        skip_fix: "TODO: revisit this reason (cant request explicit version v1.17.6 of standard library package cmd/go/internal/modfetch)"
+        skip_fix: 'TODO: revisit this reason (cant request explicit version v1.17.6
+            of standard library package cmd/go/internal/modfetch)'
 description: |
     Incorrect access control is possible in the go command.
 

diff --git a/data/reports/GO-2022-0475.yaml b/data/reports/GO-2022-0475.yaml
@@ -9,11 +9,13 @@ modules:
       - package: cmd/go
         symbols:
           - Builder.cgo
-        skip_fix: "TODO: revisit this reason (cant request explicit version v1.15.4 of standard library package cmd/go)"
+        skip_fix: 'TODO: revisit this reason (cant request explicit version v1.15.4
+            of standard library package cmd/go)'
       - package: cmd/cgo
         symbols:
           - dynimport
-        skip_fix: "TODO: revisit this reason (cant request explicit version v1.15.4 of standard library package cmd/go)"
+        skip_fix: 'TODO: revisit this reason (cant request explicit version v1.15.4
+            of standard library package cmd/go)'
 description: |
     The go command may execute arbitrary code at build time when cgo is in use.
     This may occur when running go get on a malicious package, or any other

diff --git a/data/reports/GO-2022-0476.yaml b/data/reports/GO-2022-0476.yaml
@@ -9,6 +9,8 @@ modules:
       - package: cmd/go
         symbols:
           - validCompilerFlags
+        skip_fix: 'TODO: revisit this reason (cant request explicit version v1.15.4
+            of standard library package cmd/go)'
 description: |
     The go command may execute arbitrary code at build time when cgo is in use.
     This may occur when running go get on a malicious package, or any other

diff --git a/data/reports/GO-2022-0755.yaml b/data/reports/GO-2022-0755.yaml
@@ -7,11 +7,13 @@ modules:
       - package: github.com/rancher/rancher/server
         symbols:
           - Start
-        skip_fix: "TODO: revisit this reason (multiple cannot find module providing package errors)"
+        skip_fix: 'TODO: revisit this reason (multiple cannot find module providing
+            package errors)'
       - package: github.com/rancher/rancher/pkg/clusterrouter
         symbols:
           - Router.ServeHTTP
-        skip_fix: "TODO: revisit this reason (multiple cannot find module providing package errors)"
+        skip_fix: 'TODO: revisit this reason (multiple cannot find module providing
+            package errors)'
 description: |
     Rancher 2 is vulnerable to a Cross-Site Websocket Hijacking
     attack that allows an exploiter to gain access to clusters managed by