golang
diff --git a/‎cmd/gendb/main.go
Lines changed: 3 additions & 3 deletions b/‎cmd/gendb/main.go
Lines changed: 3 additions & 3 deletions
diff --git a/‎cmd/genhtml/main.go
Lines changed: 2 additions & 2 deletions b/‎cmd/genhtml/main.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎cmd/linter/main.go
Lines changed: 2 additions & 3 deletions b/‎cmd/linter/main.go
Lines changed: 2 additions & 3 deletions
diff --git a/‎cmd/report2cve/main.go
Lines changed: 2 additions & 2 deletions b/‎cmd/report2cve/main.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎go.mod
Lines changed: 1 addition & 0 deletions b/‎go.mod
Lines changed: 1 addition & 0 deletions
diff --git a/‎go.sum
Lines changed: 4 additions & 0 deletions b/‎go.sum
Lines changed: 4 additions & 0 deletions
diff --git a/‎report/report.go
Lines changed: 29 additions & 29 deletions b/‎report/report.go
Lines changed: 29 additions & 29 deletions
diff --git a/‎reports/GO-2020-0001.toml
Lines changed: 0 additions & 31 deletions b/‎reports/GO-2020-0001.toml
Lines changed: 0 additions & 31 deletions
diff --git a/‎reports/GO-2020-0001.yaml
Lines changed: 20 additions & 0 deletions b/‎reports/GO-2020-0001.yaml
Lines changed: 20 additions & 0 deletions
diff --git a/‎reports/GO-2020-0002.toml
Lines changed: 0 additions & 20 deletions b/‎reports/GO-2020-0002.toml
Lines changed: 0 additions & 20 deletions
@@ -14,9 +14,9 @@ import (
 	"reflect"
 	"strings"
 
-	"github.com/BurntSushi/toml"
 	"golang.org/x/vulndb/osv"
 	"golang.org/x/vulndb/report"
+	"gopkg.in/yaml.v2"
 )
 
 func fail(why string) {
@@ -52,15 +52,15 @@ func main() {
 
 	jsonVulns := map[string][]osv.Entry{}
 	for _, f := range tomlFiles {
-		if !strings.HasSuffix(f.Name(), ".toml") {
+		if !strings.HasSuffix(f.Name(), ".yaml") {
 			continue
 		}
 		content, err := ioutil.ReadFile(filepath.Join(*tomlDir, f.Name()))
 		if err != nil {
 			fail(fmt.Sprintf("can't read %q: %s", f.Name(), err))
 		}
 		var vuln report.Report
-		err = toml.Unmarshal(content, &vuln)
+		err = yaml.Unmarshal(content, &vuln)
 		if err != nil {
 			fail(fmt.Sprintf("unable to unmarshal %q: %s", f.Name(), err))
 		}
 
@@ -14,8 +14,8 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/BurntSushi/toml"
 	"golang.org/x/vulndb/report"
+	"gopkg.in/yaml.v2"
 )
 
 var indexTemplate = template.Must(template.New("index").Parse(`<html>
@@ -194,7 +194,7 @@ func main() {
 			fail(fmt.Sprintf("can't read %q: %s", f.Name(), err))
 		}
 		var vuln report.Report
-		err = toml.Unmarshal(content, &vuln)
+		err = yaml.Unmarshal(content, &vuln)
 		if err != nil {
 			fail(fmt.Sprintf("unable to unmarshal %q: %s", f.Name(), err))
 		}
 
@@ -10,8 +10,7 @@ import (
 	"os"
 
 	"golang.org/x/vulndb/report"
-
-	"github.com/BurntSushi/toml"
+	"gopkg.in/yaml.v2"
 )
 
 func main() {
@@ -27,7 +26,7 @@ func main() {
 	}
 
 	var vuln report.Report
-	err = toml.Unmarshal(content, &vuln)
+	err = yaml.Unmarshal(content, &vuln)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "unable to parse %q: %s\n", os.Args[1], err)
 		os.Exit(1)
 
@@ -11,8 +11,8 @@ import (
 	"os"
 	"strings"
 
-	"github.com/BurntSushi/toml"
 	"golang.org/x/vulndb/report"
+	"gopkg.in/yaml.v2"
 )
 
 // Affects
@@ -224,7 +224,7 @@ func main() {
 	}
 
 	var r report.Report
-	if err = toml.Unmarshal(b, &r); err != nil {
+	if err = yaml.Unmarshal(b, &r); err != nil {
 		fmt.Fprintf(os.Stderr, "failed to parse %q: %s\n", reportPath, err)
 		os.Exit(1)
 	}
 
@@ -6,4 +6,5 @@ require (
 	github.com/BurntSushi/toml v0.3.1
 	github.com/google/go-cmp v0.5.4
 	golang.org/x/mod v0.4.1
+	gopkg.in/yaml.v2 v2.4.0
 )
@@ -17,3 +17,7 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
@@ -7,49 +7,49 @@ package report
 import "time"
 
 type VersionRange struct {
-	Introduced string
-	Fixed      string
+	Introduced string `yaml:",omitempty"`
+	Fixed      string `yaml:",omitempty"`
 }
 
 type Report struct {
-	Module  string
-	Package string
+	Module  string `yaml:",omitempty"`
+	Package string `yaml:",omitempty"`
 	// TODO: could also be GoToolchain, but we might want
 	// this for other things?
 	//
 	// could we also automate this by just looking for
 	// things prefixed with cmd/go?
-	DoNotExport bool `json:"do_not_export"`
+	DoNotExport bool `yaml:"do_not_export,omitempty"`
 	// TODO: how does this interact with Versions etc?
-	Stdlib bool `json:"stdlib"`
+	Stdlib bool `yaml:",omitempty"`
 	// TODO: the most common usage of additional package should
 	// really be replaced with 'aliases', we'll still need
 	// additional packages for some cases, but it's too heavy
 	// for most
 	AdditionalPackages []struct {
-		Module   string
-		Package  string
-		Symbols  []string
-		Versions []VersionRange
-	} `toml:"additional_packages"`
-	Versions     []VersionRange
-	Description  string
-	Published    time.Time
-	LastModified *time.Time `toml:"last_modified"`
-	Withdrawn    *time.Time
-	CVE          string
-	Credit       string
-	Symbols      []string
-	OS           []string
-	Arch         []string
+		Module   string         `yaml:",omitempty"`
+		Package  string         `yaml:",omitempty"`
+		Symbols  []string       `yaml:",omitempty"`
+		Versions []VersionRange `yaml:",omitempty"`
+	} `yaml:"additional_packages,omitempty"`
+	Versions     []VersionRange `yaml:",omitempty"`
+	Description  string         `yaml:",omitempty"`
+	Published    time.Time      `yaml:",omitempty"`
+	LastModified *time.Time     `yaml:"last_modified,omitempty"`
+	Withdrawn    *time.Time     `yaml:",omitempty"`
+	CVE          string         `yaml:",omitempty"`
+	Credit       string         `yaml:",omitempty"`
+	Symbols      []string       `yaml:",omitempty"`
+	OS           []string       `yaml:",omitempty"`
+	Arch         []string       `yaml:",omitempty"`
 	Links        struct {
-		PR      string
-		Commit  string
-		Context []string
-	}
+		PR      string   `yaml:",omitempty"`
+		Commit  string   `yaml:",omitempty"`
+		Context []string `yaml:",omitempty"`
+	} `yaml:",omitempty"`
 	CVEMetadata *struct {
-		ID          string
-		CWE         string
-		Description string
-	} `toml:"cve_metadata"`
+		ID          string `yaml:",omitempty"`
+		CWE         string `yaml:",omitempty"`
+		Description string `yaml:",omitempty"`
+	} `yaml:"cve_metadata,omitempty"`
 }
@@ -0,0 +1,20 @@
+module: github.com/gin-gonic/gin
+versions:
+- fixed: v1.6.0
+description: |
+  The default [`Formatter`][LoggerConfig.Formatter] for the [`Logger`][] middleware
+  (included in the [`Default`][] engine) allows attackers to inject arbitrary log
+  entries by manipulating the request path.
+published: 2021-04-14T12:00:00Z
+credit: '@thinkerou <thinkerou@gmail.com>'
+symbols:
+- defaultLogFormatter
+links:
+  pr: https://github.com/gin-gonic/gin/pull/2237
+  commit: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
+cve_metadata:
+  id: CVE-9999-0001
+  cwe: 'CWE-20: Improper Input Validation'
+  description: |
+    Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
+    allows remote attackers to inject arbitary log lines.
Original file line number	Diff line number	Diff line change
`@@ -14,8 +14,8 @@ import (`
`14`	`14`	`"sort"`
`15`	`15`	`"strings"`
`16`	`16`
`17`		`- "github.com/BurntSushi/toml"`
`18`	`17`	`"golang.org/x/vulndb/report"`
	`18`	`+ "gopkg.in/yaml.v2"`
`19`	`19`	`)`
`20`	`20`
`21`	`21`	var indexTemplate = template.Must(template.New("index").Parse(`<html>
`@@ -194,7 +194,7 @@ func main() {`
`194`	`194`	`fail(fmt.Sprintf("can't read %q: %s", f.Name(), err))`
`195`	`195`	`}`
`196`	`196`	`var vuln report.Report`
`197`		`- err = toml.Unmarshal(content, &vuln)`
	`197`	`+ err = yaml.Unmarshal(content, &vuln)`
`198`	`198`	`if err != nil {`
`199`	`199`	`fail(fmt.Sprintf("unable to unmarshal %q: %s", f.Name(), err))`
`200`	`200`	`}`
Original file line number	Diff line number	Diff line change
`@@ -11,8 +11,8 @@ import (`
`11`	`11`	`"os"`
`12`	`12`	`"strings"`
`13`	`13`
`14`		`- "github.com/BurntSushi/toml"`
`15`	`14`	`"golang.org/x/vulndb/report"`
	`15`	`+ "gopkg.in/yaml.v2"`
`16`	`16`	`)`
`17`	`17`
`18`	`18`	`// Affects`
`@@ -224,7 +224,7 @@ func main() {`
`224`	`224`	`}`
`225`	`225`
`226`	`226`	`var r report.Report`
`227`		`- if err = toml.Unmarshal(b, &r); err != nil {`
	`227`	`+ if err = yaml.Unmarshal(b, &r); err != nil {`
`228`	`228`	`fmt.Fprintf(os.Stderr, "failed to parse %q: %s\n", reportPath, err)`
`229`	`229`	`os.Exit(1)`
`230`	`230`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,4 +6,5 @@ require (`
`6`	`6`	`github.com/BurntSushi/toml v0.3.1`
`7`	`7`	`github.com/google/go-cmp v0.5.4`
`8`	`8`	`golang.org/x/mod v0.4.1`
	`9`	`+ gopkg.in/yaml.v2 v2.4.0`
`9`	`10`	`)`