From d7fb56a3ffc04766f87065f14352a764fe3fa151 Mon Sep 17 00:00:00 2001
From: Tatiana Bradley <tatianabradley@google.com>
Date: Mon, 6 Feb 2023 21:41:37 +0000
Subject: [PATCH] data/reports: add skip_fix to some reports

These already had vulnerable_at, but fixed failed.

Change-Id: I4f9b2e570b0642566123b6f2f6ed2b4625a9b9bc
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465817
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
---
 data/reports/GO-2022-0189.yaml | 2 ++
 data/reports/GO-2022-0190.yaml | 2 ++
 data/reports/GO-2022-0318.yaml | 1 +
 data/reports/GO-2022-0475.yaml | 2 ++
 data/reports/GO-2022-0755.yaml | 2 ++
 5 files changed, 9 insertions(+)

diff --git a/data/reports/GO-2022-0189.yaml b/data/reports/GO-2022-0189.yaml
index ebfcc5c8..a237f4fa 100644
--- a/data/reports/GO-2022-0189.yaml
+++ b/data/reports/GO-2022-0189.yaml
@@ -9,6 +9,8 @@ modules:
       - package: cmd/go/internal/get
         symbols:
           - downloadPackage
+        skip_fix: 'TODO: revisit this reason (cant request explicit version v1.11.2
+            of standard library package cmd/go/internal/get'
 description: |
     The "go get" command is vulnerable to remote code execution when executed
     with the -u flag and the import path of a malicious Go package, or a
diff --git a/data/reports/GO-2022-0190.yaml b/data/reports/GO-2022-0190.yaml
index ee42d013..eb1ddf64 100644
--- a/data/reports/GO-2022-0190.yaml
+++ b/data/reports/GO-2022-0190.yaml
@@ -9,6 +9,8 @@ modules:
       - package: cmd/go/internal/get
         symbols:
           - downloadPackage
+        skip_fix: 'TODO: revisit this reason (cant request explicit version v1.11.2
+            of standard library package cmd/go/internal/get'
 description: |
     The "go get" command is vulnerable to directory traversal when executed
     with the import path of a malicious Go package which contains curly brace
diff --git a/data/reports/GO-2022-0318.yaml b/data/reports/GO-2022-0318.yaml
index a217bd87..79724e7f 100644
--- a/data/reports/GO-2022-0318.yaml
+++ b/data/reports/GO-2022-0318.yaml
@@ -10,6 +10,7 @@ modules:
         symbols:
           - codeRepo.convert
           - codeRepo.validatePseudoVersion
+        skip_fix: "TODO: revisit this reason (cant request explicit version v1.17.6 of standard library package cmd/go/internal/modfetch)"
 description: |
     Incorrect access control is possible in the go command.
 
diff --git a/data/reports/GO-2022-0475.yaml b/data/reports/GO-2022-0475.yaml
index feef9d7e..302c603b 100644
--- a/data/reports/GO-2022-0475.yaml
+++ b/data/reports/GO-2022-0475.yaml
@@ -9,9 +9,11 @@ modules:
       - package: cmd/go
         symbols:
           - Builder.cgo
+        skip_fix: "TODO: revisit this reason (cant request explicit version v1.15.4 of standard library package cmd/go)"
       - package: cmd/cgo
         symbols:
           - dynimport
+        skip_fix: "TODO: revisit this reason (cant request explicit version v1.15.4 of standard library package cmd/go)"
 description: |
     The go command may execute arbitrary code at build time when cgo is in use.
     This may occur when running go get on a malicious package, or any other
diff --git a/data/reports/GO-2022-0755.yaml b/data/reports/GO-2022-0755.yaml
index 6c5e2678..09d48c56 100644
--- a/data/reports/GO-2022-0755.yaml
+++ b/data/reports/GO-2022-0755.yaml
@@ -7,9 +7,11 @@ modules:
       - package: github.com/rancher/rancher/server
         symbols:
           - Start
+        skip_fix: "TODO: revisit this reason (multiple cannot find module providing package errors)"
       - package: github.com/rancher/rancher/pkg/clusterrouter
         symbols:
           - Router.ServeHTTP
+        skip_fix: "TODO: revisit this reason (multiple cannot find module providing package errors)"
 description: |
     Rancher 2 is vulnerable to a Cross-Site Websocket Hijacking
     attack that allows an exploiter to gain access to clusters managed by