internal/report, data/reports: require summary field in YAML

Adds a lint check to require a non-empty summary field in YAML reports,
and backfills summary field for all old reports with a TODO. (This TODO
is OK because the summary field is not yet published to OSV.)

For golang/go#56443

Change-Id: I368d48ceca35ed74a0461550d5386ae7ff85be1a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/493595
Reviewed-by: Tim King <taking@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

data/reports/GO-2020-0001.yaml

@@ -12,6 +12,7 @@ modules:
           - Logger
           - LoggerWithFormatter
           - LoggerWithWriter
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     The default Formatter for the Logger middleware (LoggerConfig.Formatter),
     which is included in the Default engine, allows attackers to inject arbitrary

data/reports/GO-2020-0003.yaml

@@ -5,6 +5,7 @@ modules:
     vulnerable_at: 0.21.0
     packages:
       - package: github.com/revel/revel
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     An attacker can cause an application that accepts slice parameters
     (https://revel.github.io/manual/parameters.html#slices) to allocate large

data/reports/GO-2020-0004.yaml

@@ -13,6 +13,7 @@ modules:
         derived_symbols:
           - ListenAndServe
           - ListenAndServeTLS
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     If any of the ListenAndServe functions are called with an empty token,
     token authentication is disabled globally for all listeners.

data/reports/GO-2020-0005.yaml

@@ -12,6 +12,7 @@ modules:
           - Create
           - Repair
           - Verify
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Malformed WALs can be constructed such that WAL.ReadAll can cause attempted
     out of bounds reads, or creation of arbitrarily sized slices, which may be used as

data/reports/GO-2020-0006.yaml

@@ -13,6 +13,7 @@ modules:
           - ListenAndServeTLS
           - Server.ActivateAndServe
           - Server.ListenAndServe
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     An attacker may prevent TCP connections to a Server by opening
     a connection and leaving it idle, until the connection is closed by

data/reports/GO-2020-0007.yaml

@@ -12,6 +12,7 @@ modules:
           - ScmpFilter.AddRuleConditional
           - ScmpFilter.AddRuleConditionalExact
           - ScmpFilter.AddRuleExact
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Filters containing rules with multiple syscall arguments are improperly
     constructed, such that all arguments are required to match rather than

data/reports/GO-2020-0008.yaml

@@ -13,6 +13,7 @@ modules:
           - Msg.SetNotify
           - Msg.SetQuestion
           - Msg.SetUpdate
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     DNS message transaction IDs are generated using math/rand which
     makes them relatively predictable. This reduces the complexity

data/reports/GO-2020-0009.yaml

@@ -42,6 +42,7 @@ modules:
         derived_symbols:
           - genericEncrypter.Encrypt
           - genericEncrypter.EncryptWithAuthData
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     On 32-bit platforms an attacker can manipulate a ciphertext encrypted with AES-CBC
     with HMAC such that they can control how large the input buffer is when computing

data/reports/GO-2020-0010.yaml

@@ -14,6 +14,7 @@ modules:
           - ecDecrypterSigner.decryptKey
         derived_symbols:
           - JsonWebKey.UnmarshalJSON
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     When using ECDH-ES an attacker can mount an invalid curve attack during
     decryption as the supplied public key is not checked to be on the same

data/reports/GO-2020-0012.yaml

@@ -28,6 +28,7 @@ modules:
           - ParsePublicKey
           - ParseRawPrivateKey
           - ParseRawPrivateKeyWithPassphrase
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
     key, such that the library will panic when trying to verify a signature

data/reports/GO-2020-0013.yaml

@@ -9,6 +9,7 @@ modules:
           - NewClientConn
         derived_symbols:
           - Dial
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     By default host key verification is disabled which allows for
     man-in-the-middle attacks against SSH clients if

data/reports/GO-2020-0014.yaml

@@ -11,6 +11,7 @@ modules:
         derived_symbols:
           - Parse
           - ParseFragment
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     html.Parse does not properly handle "select" tags, which can lead
     to an infinite loop. If parsing user supplied input, this may be used

data/reports/GO-2020-0015.yaml

@@ -12,6 +12,7 @@ modules:
       - package: golang.org/x/text/transform
         symbols:
           - String
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     An attacker could provide a single byte to a UTF16 decoder instantiated with
     UseBOM or ExpectBOM to trigger an infinite loop if the String function on

data/reports/GO-2020-0016.yaml

@@ -11,6 +11,7 @@ modules:
           - Reader.Read
           - blockHeader.UnmarshalBinary
           - streamReader.Read
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     An attacker can construct a series of bytes such that calling
     Reader.Read on the bytes could cause an infinite loop. If

data/reports/GO-2020-0017.yaml

@@ -15,6 +15,7 @@ modules:
       - package: github.com/dgrijalva/jwt-go/v4
         symbols:
           - MapClaims.VerifyAudience
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     If a JWT contains an audience claim with an array of strings, rather
     than a single string, and MapClaims.VerifyAudience is called with

data/reports/GO-2020-0019.yaml

@@ -40,6 +40,7 @@ modules:
           - proxy_envOnce.Get
           - proxy_socks5.Dial
           - truncWriter.Write
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     An attacker can craft malicious WebSocket frames that cause an integer
     overflow in a variable which tracks the number of bytes remaining. This

data/reports/GO-2020-0020.yaml

@@ -7,6 +7,7 @@ modules:
       - package: github.com/gorilla/handlers
         symbols:
           - cors.ServeHTTP
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Usage of the CORS handler may apply improper CORS headers, allowing
     the requester to explicitly control the value of the Access-Control-Allow-Origin

data/reports/GO-2020-0021.yaml

@@ -10,6 +10,7 @@ modules:
           - SearchRepositoryByName
           - SearchUserByName
         skip_fix: 'TODO: Revisit this reason (Some dependencies no longer exist)'
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper santization of user input, a number of methods are
     vulnerable to SQL injection if used with user input that has not

data/reports/GO-2020-0022.yaml

@@ -7,6 +7,7 @@ modules:
       - package: github.com/cloudflare/golz4
         symbols:
           - Uncompress
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     LZ4 bindings use a deprecated C API that is vulnerable to
     memory corruption, which could lead to arbitrary code execution

data/reports/GO-2020-0023.yaml

@@ -9,6 +9,7 @@ modules:
           - Algorithm.validateSignature
         derived_symbols:
           - Algorithm.Validate
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Token validation methods are susceptible to a timing side-channel
     during HMAC comparison. With a large enough number of requests

data/reports/GO-2020-0024.yaml

@@ -17,6 +17,7 @@ modules:
         symbols:
           - proxiedConn.LocalAddr
           - proxiedConn.RemoteAddr
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     The RemoteAddr and LocalAddr methods on the returned net.Conn may
     call themselves, leading to an infinite loop which will crash the

data/reports/GO-2020-0025.yaml

@@ -13,6 +13,7 @@ modules:
           - tarExtractor.Extract
           - tgzExtractor.Extract
           - zipExtractor.Extract
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper path santization, archives containing relative file
     paths can cause files to be written (or overwritten) outside of the

data/reports/GO-2020-0026.yaml

@@ -12,6 +12,7 @@ modules:
         derived_symbols:
           - stiTar.ExtractTarStream
           - stiTar.ExtractTarStreamWithLogging
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper path santization, archives containing relative file
     paths can cause files to be written (or overwritten) outside of the

data/reports/GO-2020-0027.yaml

@@ -20,6 +20,7 @@ modules:
           - InsertKey
           - RemoveKey
           - UserKeyringID
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     After dropping and then elevating process privileges euid, guid, and groups
     are not properly restored to their original values, allowing an unprivileged

data/reports/GO-2020-0028.yaml

@@ -11,6 +11,7 @@ modules:
           - NewRR
           - ParseZone
           - ReadRR
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to a nil pointer dereference, parsing a malformed zone file
     containing TA records may cause a panic. If parsing user supplied

data/reports/GO-2020-0032.yaml

@@ -32,6 +32,7 @@ modules:
           - Controller.FileHandler
         skip_fix: 'TODO: revisit this reason (goa.design/goa/v3 appears to not be
             a package, but I could not locate the fix for this issue in v3)'
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper santization of user input, Controller.FileHandler allows
     for directory traversal, allowing an attacker to read files outside of

data/reports/GO-2020-0033.yaml

@@ -11,6 +11,7 @@ modules:
           - Application.Run
           - Application.ServeHTTP
           - Application.Start
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper santization of user input, HTTPEngine.Handle allows
     for directory traversal, allowing an attacker to read files outside of

data/reports/GO-2020-0034.yaml

@@ -7,6 +7,7 @@ modules:
       - package: github.com/artdarek/go-unzip
         symbols:
           - Unzip.Extract
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper path santization, archives containing relative file
     paths can cause files to be written (or overwritten) outside of the

data/reports/GO-2020-0035.yaml

@@ -7,6 +7,7 @@ modules:
       - package: github.com/yi-ge/unzip
         symbols:
           - Unzip.Extract
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper path santization, archives containing relative file
     paths can cause files to be written (or overwritten) outside of the

data/reports/GO-2020-0036.yaml

@@ -31,6 +31,7 @@ modules:
           - Decoder.Decode
           - Unmarshal
           - UnmarshalStrict
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to unbounded aliasing, a crafted YAML file can cause consumption
     of significant system resources. If parsing user supplied input, this

data/reports/GO-2020-0037.yaml

@@ -10,6 +10,7 @@ modules:
         derived_symbols:
           - NewJSONRPCClient
           - NewURIClient
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to support of Gzip compression in request bodies, as well
     as a lack of limiting response body sizes, a malicious server

data/reports/GO-2020-0038.yaml

@@ -13,6 +13,7 @@ modules:
           - Listener.Accept
           - Resume
           - Server
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper verification of packets, unencrypted packets containing
     application data are accepted after the initial handshake. This allows

data/reports/GO-2020-0039.yaml

@@ -13,6 +13,7 @@ modules:
           - Macaron.Run
           - Macaron.ServeHTTP
           - Router.ServeHTTP
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper request santization, a specifically crafted URL
     can cause the static file handler to redirect to an attacker chosen

data/reports/GO-2020-0040.yaml

@@ -3,6 +3,7 @@ modules:
     vulnerable_at: 0.0.0-20201219151056-5a20f3199263
     packages:
       - package: github.com/shiyanhui/dht
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to unchecked type assertions, maliciously crafted messages can
     cause panics, which may be used as a denial of service vector.

data/reports/GO-2020-0041.yaml

@@ -30,6 +30,7 @@ modules:
           - ZipArchive.Close
           - ZipArchive.ExtractTo
           - ZipArchive.Flush
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper path santization, archives containing relative file
     paths can cause files to be written (or overwritten) outside of the

data/reports/GO-2020-0042.yaml

@@ -7,6 +7,7 @@ modules:
       - package: github.com/sassoftware/go-rpmutils/cpio
         symbols:
           - Extract
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper path santization, RPMs containing relative file
     paths can cause files to be written (or overwritten) outside of the

data/reports/GO-2020-0043.yaml

@@ -11,6 +11,7 @@ modules:
           - assertConfigsCompatible
         skip_fix: 'TODO: revisit this reason. (cannot find module providing package
             github.com/lucas-clemente/quic-go/h2quic)'
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper TLS verification when serving traffic for multiple
     SNIs, an attacker may bypass TLS client authentication by indicating

data/reports/GO-2020-0045.yaml

@@ -10,6 +10,7 @@ modules:
         derived_symbols:
           - Context.Render
           - Context.RenderFromString
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     CSRF tokens are generated using math/rand, which is not a cryptographically
     secure random number generator, allowing an attacker to predict values and

data/reports/GO-2020-0046.yaml

@@ -22,6 +22,7 @@ modules:
           - SAMLServiceProvider.ValidateEncodedLogoutRequestPOST
           - SAMLServiceProvider.ValidateEncodedLogoutResponsePOST
           - SAMLServiceProvider.ValidateEncodedResponse
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to a nil pointer dereference, a malformed XML Digital Signature
     can cause a panic during validation. If user supplied signatures are

data/reports/GO-2020-0047.yaml

@@ -9,6 +9,7 @@ modules:
           - NewSignedResponse
         derived_symbols:
           - ServiceProviderSettings.GetAuthnRequest
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     XML Digital Signatures generated and validated using this package use
     SHA-1, which may allow an attacker to craft inputs which cause hash

data/reports/GO-2020-0048.yaml

@@ -7,6 +7,7 @@ modules:
       - package: github.com/antchfx/xmlquery
         symbols:
           - LoadURL
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     LoadURL does not check the Content-Type of loaded resources,
     which can cause a panic due to nil pointer deference if the loaded

data/reports/GO-2020-0049.yaml

@@ -10,6 +10,7 @@ modules:
           - verifyToken
         derived_symbols:
           - CSRFHandler.ServeHTTP
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper validation of caller input, validation is silently disabled
     if the provided expected token is malformed, causing any user supplied token

data/reports/GO-2020-0050.yaml

@@ -9,6 +9,7 @@ modules:
           - ValidationContext.findSignature
         derived_symbols:
           - ValidationContext.Validate
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to the behavior of encoding/xml, a crafted XML document may cause
     XML Digital Signature validation to be entirely bypassed, causing an

data/reports/GO-2021-0051.yaml

@@ -12,6 +12,7 @@ modules:
         derived_symbols:
           - Echo.Static
           - Group.Static
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper sanitization of user input on Windows, the static file handler
     allows for directory traversal, allowing an attacker to read files outside of

data/reports/GO-2021-0052.yaml

@@ -17,6 +17,7 @@ modules:
           - Engine.RunTLS
           - Engine.RunUnix
           - Engine.ServeHTTP
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper HTTP header santization, a malicious user can spoof their
     source IP address by setting the X-Forwarded-For header. This may allow

data/reports/GO-2021-0053.yaml

@@ -8,6 +8,7 @@ modules:
         symbols:
           - unmarshal.field
           - unmarshal.Generate
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper bounds checking, maliciously crafted input to generated
     Unmarshal methods can cause an out-of-bounds panic. If parsing messages

data/reports/GO-2021-0054.yaml

@@ -9,6 +9,7 @@ modules:
           - unwrap
         derived_symbols:
           - Result.ForEach
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper bounds checking, maliciously crafted JSON objects
     can cause an out-of-bounds panic. If parsing user input, this may

data/reports/GO-2021-0057.yaml

@@ -28,6 +28,7 @@ modules:
           - GetUnsafeString
           - ObjectEach
           - Set
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper bounds checking, maliciously crafted JSON objects
     can cause an out-of-bounds panic. If parsing user input, this may

data/reports/GO-2021-0058.yaml

@@ -26,6 +26,7 @@ modules:
           - FetchMetadata
           - Middleware.ServeHTTP
           - New
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to the behavior of encoding/xml, a crafted XML document may cause
     XML Digital Signature validation to be entirely bypassed, causing an

data/reports/GO-2021-0059.yaml

@@ -16,6 +16,7 @@ modules:
           - Result.Get
           - Result.Map
           - Result.Value
+summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Due to improper bounds checking, maliciously crafted JSON objects
     can cause an out-of-bounds panic. If parsing user input, this may