data/reports: run fix on all reports to canonicalize whitespace

Change-Id: If2cd9b334b842e63eab13bc6c433d5100269d2fe
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/505296
TryBot-Result: Gopher Robot <[email protected]>
Run-TryBot: Tatiana Bradley <[email protected]>
Reviewed-by: Damien Neil <[email protected]>

data/reports/GO-2020-0006.yaml

@@ -15,10 +15,10 @@ modules:
             - Server.ActivateAndServe
             - Server.ListenAndServe
 summary: Denial of service in github.com/miekg/dns
-description: |
-    An attacker may prevent TCP connections to a Server by opening
-    a connection and leaving it idle, until the connection is closed by
-    the server no other connections will be accepted.
+description: |-
+    An attacker may prevent TCP connections to a Server by opening a connection and
+    leaving it idle, until the connection is closed by the server no other
+    connections will be accepted.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2017-15133

data/reports/GO-2020-0007.yaml

@@ -14,12 +14,11 @@ modules:
             - ScmpFilter.AddRuleConditionalExact
             - ScmpFilter.AddRuleExact
 summary: Improper input validation in github.com/seccomp/libseccomp-golang
-description: |
+description: |-
     Filters containing rules with multiple syscall arguments are improperly
-    constructed, such that all arguments are required to match rather than
-    any of the arguments (AND is used rather than OR). These filters can be
-    bypassed by only specifying a subset of the arguments due to this
-    behavior.
+    constructed, such that all arguments are required to match rather than any of
+    the arguments (AND is used rather than OR). These filters can be bypassed by
+    only specifying a subset of the arguments due to this behavior.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2017-18367

data/reports/GO-2020-0008.yaml

@@ -15,10 +15,10 @@ modules:
             - Msg.SetQuestion
             - Msg.SetUpdate
 summary: Insecure generation of random numbers in github.com/miekg/dns
-description: |
-    DNS message transaction IDs are generated using math/rand which
-    makes them relatively predictable. This reduces the complexity
-    of response spoofing attacks against DNS clients.
+description: |-
+    DNS message transaction IDs are generated using math/rand which makes them
+    relatively predictable. This reduces the complexity of response spoofing attacks
+    against DNS clients.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2019-19794

data/reports/GO-2020-0010.yaml

@@ -16,10 +16,10 @@ modules:
           derived_symbols:
             - JsonWebKey.UnmarshalJSON
 summary: Elliptic curve key disclosure in github.com/square/go-jose
-description: |
+description: |-
     When using ECDH-ES an attacker can mount an invalid curve attack during
-    decryption as the supplied public key is not checked to be on the same
-    curve as the receivers private key.
+    decryption as the supplied public key is not checked to be on the same curve as
+    the receivers private key.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2016-9121

data/reports/GO-2020-0012.yaml

@@ -29,13 +29,14 @@ modules:
             - ParsePublicKey
             - ParseRawPrivateKey
             - ParseRawPrivateKeyWithPassphrase
-summary: |
-    Panic due to improper verification of cryptographic signatures in golang.org/x/crypto/ssh
-description: |
-    An attacker can craft an ssh-ed25519 or [email protected] public
-    key, such that the library will panic when trying to verify a signature
-    with it. If verifying signatures using user supplied public keys, this
-    may be used as a denial of service vector.
+summary: |-
+    Panic due to improper verification of cryptographic signatures in
+    golang.org/x/crypto/ssh
+description: |-
+    An attacker can craft an ssh-ed25519 or [email protected] public key,
+    such that the library will panic when trying to verify a signature with it. If
+    verifying signatures using user supplied public keys, this may be used as a
+    denial of service vector.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2020-9283

data/reports/GO-2020-0013.yaml

@@ -11,10 +11,9 @@ modules:
           derived_symbols:
             - Dial
 summary: Man-in-the-middle attack in golang.org/x/crypto/ssh
-description: |
-    By default host key verification is disabled which allows for
-    man-in-the-middle attacks against SSH clients if
-    ClientConfig.HostKeyCallback is not set.
+description: |-
+    By default host key verification is disabled which allows for man-in-the-middle
+    attacks against SSH clients if ClientConfig.HostKeyCallback is not set.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2017-3204

data/reports/GO-2020-0014.yaml

@@ -12,12 +12,11 @@ modules:
           derived_symbols:
             - Parse
             - ParseFragment
-summary: |
-    Infinite loop due to improper handling of "select" tags in golang.org/x/net/html
-description: |
-    html.Parse does not properly handle "select" tags, which can lead
-    to an infinite loop. If parsing user supplied input, this may be used
-    as a denial of service vector.
+summary: Infinite loop due to improper handling of "select" tags in golang.org/x/net/html
+description: |-
+    html.Parse does not properly handle "select" tags, which can lead to an infinite
+    loop. If parsing user supplied input, this may be used as a denial of service
+    vector.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2018-17846

data/reports/GO-2020-0015.yaml

@@ -14,12 +14,11 @@ modules:
           symbols:
             - String
 summary: Infinite loop when decoding some inputs in golang.org/x/text
-description: |
+description: |-
     An attacker could provide a single byte to a UTF16 decoder instantiated with
-    UseBOM or ExpectBOM to trigger an infinite loop if the String function on
-    the Decoder is called, or the Decoder is passed to transform.String.
-    If used to parse user supplied input, this may be used as a denial of service
-    vector.
+    UseBOM or ExpectBOM to trigger an infinite loop if the String function on the
+    Decoder is called, or the Decoder is passed to transform.String. If used to
+    parse user supplied input, this may be used as a denial of service vector.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2020-14040

data/reports/GO-2020-0016.yaml

@@ -13,11 +13,10 @@ modules:
             - blockHeader.UnmarshalBinary
             - streamReader.Read
 summary: Infinite loop in github.com/ulikunitz/xz
-description: |
-    An attacker can construct a series of bytes such that calling
-    Reader.Read on the bytes could cause an infinite loop. If
-    parsing user supplied input, this may be used as a denial of
-    service vector.
+description: |-
+    An attacker can construct a series of bytes such that calling Reader.Read on the
+    bytes could cause an infinite loop. If parsing user supplied input, this may be
+    used as a denial of service vector.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2021-29482

data/reports/GO-2020-0017.yaml

@@ -17,11 +17,11 @@ modules:
           symbols:
             - MapClaims.VerifyAudience
 summary: Authorization bypass in github.com/dgrijalva/jwt-go
-description: |
-    If a JWT contains an audience claim with an array of strings, rather
-    than a single string, and MapClaims.VerifyAudience is called with
-    req set to false, then audience verification will be bypassed,
-    allowing an invalid set of audiences to be provided.
+description: |-
+    If a JWT contains an audience claim with an array of strings, rather than a
+    single string, and MapClaims.VerifyAudience is called with req set to false,
+    then audience verification will be bypassed, allowing an invalid set of
+    audiences to be provided.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2020-26160

data/reports/GO-2020-0019.yaml

@@ -42,11 +42,11 @@ modules:
             - proxy_socks5.Dial
             - truncWriter.Write
 summary: Integer overflow in github.com/gorilla/websocket
-description: |
-    An attacker can craft malicious WebSocket frames that cause an integer
-    overflow in a variable which tracks the number of bytes remaining. This
-    may cause the server or client to get stuck attempting to read frames
-    in a loop, which can be used as a denial of service vector.
+description: |-
+    An attacker can craft malicious WebSocket frames that cause an integer overflow
+    in a variable which tracks the number of bytes remaining. This may cause the
+    server or client to get stuck attempting to read frames in a loop, which can be
+    used as a denial of service vector.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2020-27813

data/reports/GO-2020-0020.yaml

@@ -9,9 +9,9 @@ modules:
           symbols:
             - cors.ServeHTTP
 summary: Improper access control in github.com/gorilla/handlers
-description: |
-    Usage of the CORS handler may apply improper CORS headers, allowing
-    the requester to explicitly control the value of the Access-Control-Allow-Origin
+description: |-
+    Usage of the CORS handler may apply improper CORS headers, allowing the
+    requester to explicitly control the value of the Access-Control-Allow-Origin
     header, which bypasses the expected behavior of the Same Origin Policy.
 published: 2021-04-14T20:04:52Z
 ghsas:

data/reports/GO-2020-0021.yaml

@@ -12,10 +12,10 @@ modules:
             - SearchUserByName
           skip_fix: 'TODO: Revisit this reason (Some dependencies no longer exist)'
 summary: SQL Injection in github.com/gogits/gogs
-description: |
-    Due to improper sanitization of user input, a number of methods are
-    vulnerable to SQL injection if used with user input that has not
-    been sanitized by the caller.
+description: |-
+    Due to improper sanitization of user input, a number of methods are vulnerable
+    to SQL injection if used with user input that has not been sanitized by the
+    caller.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2014-8681

data/reports/GO-2020-0022.yaml

@@ -9,10 +9,10 @@ modules:
           symbols:
             - Uncompress
 summary: Out-of-bounds write in github.com/cloudflare/golz4
-description: |
-    LZ4 bindings use a deprecated C API that is vulnerable to
-    memory corruption, which could lead to arbitrary code execution
-    if called with untrusted user input.
+description: |-
+    LZ4 bindings use a deprecated C API that is vulnerable to memory corruption,
+    which could lead to arbitrary code execution if called with untrusted user
+    input.
 published: 2021-04-14T20:04:52Z
 ghsas:
     - GHSA-4wp2-8rm2-jgmh

data/reports/GO-2020-0023.yaml

@@ -11,11 +11,10 @@ modules:
           derived_symbols:
             - Algorithm.Validate
 summary: Timing side-channel in github.com/robbert229/jwt
-description: |
-    Token validation methods are susceptible to a timing side-channel
-    during HMAC comparison. With a large enough number of requests
-    over a low latency connection, an attacker may use this to determine
-    the expected HMAC.
+description: |-
+    Token validation methods are susceptible to a timing side-channel during HMAC
+    comparison. With a large enough number of requests over a low latency
+    connection, an attacker may use this to determine the expected HMAC.
 published: 2021-04-14T20:04:52Z
 ghsas:
     - GHSA-5vw4-v588-pgv8

data/reports/GO-2020-0024.yaml

@@ -19,10 +19,10 @@ modules:
             - proxiedConn.LocalAddr
             - proxiedConn.RemoteAddr
 summary: Infinite loop in github.com/btcsuite/go-socks
-description: |
-    The RemoteAddr and LocalAddr methods on the returned net.Conn may
-    call themselves, leading to an infinite loop which will crash the
-    program due to a stack overflow.
+description: |-
+    The RemoteAddr and LocalAddr methods on the returned net.Conn may call
+    themselves, leading to an infinite loop which will crash the program due to a
+    stack overflow.
 published: 2021-04-14T20:04:52Z
 ghsas:
     - GHSA-gxgj-xjcw-fv9p

data/reports/GO-2020-0025.yaml

@@ -15,10 +15,9 @@ modules:
             - tgzExtractor.Extract
             - zipExtractor.Extract
 summary: Path traversal in code.cloudfoundry.org/archiver
-description: |
-    Due to improper path sanitization, archives containing relative file
-    paths can cause files to be written (or overwritten) outside of the
-    target directory.
+description: |-
+    Due to improper path sanitization, archives containing relative file paths can
+    cause files to be written (or overwritten) outside of the target directory.
 published: 2021-04-14T20:04:52Z
 ghsas:
     - GHSA-32qh-8vg6-9g43

data/reports/GO-2020-0026.yaml

@@ -13,11 +13,12 @@ modules:
           derived_symbols:
             - stiTar.ExtractTarStream
             - stiTar.ExtractTarStreamWithLogging
-summary: Arbitrary file write via archive extraction in github.com/openshift/source-to-image
-description: |
-    Due to improper path sanitization, archives containing relative file
-    paths can cause files to be written (or overwritten) outside of the
-    target directory.
+summary: |-
+    Arbitrary file write via archive extraction in
+    github.com/openshift/source-to-image
+description: |-
+    Due to improper path sanitization, archives containing relative file paths can
+    cause files to be written (or overwritten) outside of the target directory.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2018-1103

data/reports/GO-2020-0027.yaml

@@ -22,10 +22,10 @@ modules:
             - RemoveKey
             - UserKeyringID
 summary: Privilege escalation in github.com/google/fscrypt
-description: |
-    After dropping and then elevating process privileges euid, guid, and groups
-    are not properly restored to their original values, allowing an unprivileged
-    user to gain membership in the root group.
+description: |-
+    After dropping and then elevating process privileges euid, guid, and groups are
+    not properly restored to their original values, allowing an unprivileged user to
+    gain membership in the root group.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2018-6558

data/reports/GO-2020-0028.yaml

@@ -13,10 +13,10 @@ modules:
             - ParseZone
             - ReadRR
 summary: Denial of service in github.com/miekg/dns
-description: |
-    Due to a nil pointer dereference, parsing a malformed zone file
-    containing TA records may cause a panic. If parsing user supplied
-    input, this may be used as a denial of service vector.
+description: |-
+    Due to a nil pointer dereference, parsing a malformed zone file containing TA
+    records may cause a panic. If parsing user supplied input, this may be used as a
+    denial of service vector.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2018-17419

data/reports/GO-2020-0033.yaml

@@ -13,10 +13,10 @@ modules:
             - Application.ServeHTTP
             - Application.Start
 summary: Path Traversal in aahframe.work
-description: |
-    Due to improper sanitization of user input, HTTPEngine.Handle allows
-    for directory traversal, allowing an attacker to read files outside of
-    the target directory that the server has permission to read.
+description: |-
+    Due to improper sanitization of user input, HTTPEngine.Handle allows for
+    directory traversal, allowing an attacker to read files outside of the target
+    directory that the server has permission to read.
 published: 2021-04-14T20:04:52Z
 ghsas:
     - GHSA-vp56-r7qv-783v

data/reports/GO-2020-0034.yaml

@@ -9,10 +9,9 @@ modules:
           symbols:
             - Unzip.Extract
 summary: Path traversal in github.com/artdarek/go-unzip
-description: |
-    Due to improper path sanitization, archives containing relative file
-    paths can cause files to be written (or overwritten) outside of the
-    target directory.
+description: |-
+    Due to improper path sanitization, archives containing relative file paths can
+    cause files to be written (or overwritten) outside of the target directory.
 published: 2021-04-14T20:04:52Z
 ghsas:
     - GHSA-rmj9-q58g-9qgg

data/reports/GO-2020-0035.yaml

@@ -9,10 +9,9 @@ modules:
           symbols:
             - Unzip.Extract
 summary: Path traversal in github.com/yi-ge/unzip
-description: |
-    Due to improper path sanitization, archives containing relative file
-    paths can cause files to be written (or overwritten) outside of the
-    target directory.
+description: |-
+    Due to improper path sanitization, archives containing relative file paths can
+    cause files to be written (or overwritten) outside of the target directory.
 published: 2021-04-14T20:04:52Z
 ghsas:
     - GHSA-f5c5-hmw9-v8hx

data/reports/GO-2020-0036.yaml

@@ -33,10 +33,10 @@ modules:
             - Unmarshal
             - UnmarshalStrict
 summary: Excessive resource consumption in YAML parsing in gopkg.in/yaml.v2
-description: |
-    Due to unbounded aliasing, a crafted YAML file can cause consumption
-    of significant system resources. If parsing user supplied input, this
-    may be used as a denial of service vector.
+description: |-
+    Due to unbounded aliasing, a crafted YAML file can cause consumption of
+    significant system resources. If parsing user supplied input, this may be used
+    as a denial of service vector.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2019-11254

data/reports/GO-2020-0037.yaml

@@ -12,11 +12,11 @@ modules:
             - NewJSONRPCClient
             - NewURIClient
 summary: Uncontrolled resource consumption in github.com/tendermint/tendermint
-description: |
-    Due to support of Gzip compression in request bodies, as well
-    as a lack of limiting response body sizes, a malicious server
-    can cause a client to consume a significant amount of system
-    resources, which may be used as a denial of service vector.
+description: |-
+    Due to support of Gzip compression in request bodies, as well as a lack of
+    limiting response body sizes, a malicious server can cause a client to consume a
+    significant amount of system resources, which may be used as a denial of service
+    vector.
 published: 2021-04-14T20:04:52Z
 ghsas:
     - GHSA-3fm3-m23v-5r46