data/reports: update GO-2020-0001.yaml with correct vulnerable symbol

defaultLogFormatter is name of a variable holding an anonymous vulnerable function. We now claim vulnerable those functions that directly use defaultLogFormatter, which in this case is LoggerWithConfig. Fixes #55937 Change-Id: I38d398e7ef2f7a94cc625b669c26c5b8444adfa0 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/439377 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Damien Neil <dneil@google.com>
2022-10-05 14:50:39 -07:00 · 2022-10-05 14:50:39 -07:00 · 975704f232
--- a/data/osv/GO-2020-0001.json
+++ b/data/osv/GO-2020-0001.json
@ -33,7 +33,11 @@
          {
            "path": "github.com/gin-gonic/gin",
            "symbols": [
-              "defaultLogFormatter"
+              "Default",
+              "Logger",
+              "LoggerWithConfig",
+              "LoggerWithFormatter",
+              "LoggerWithWriter"
            ]
          }
        ]
--- a/data/reports/GO-2020-0001.yaml
+++ b/data/reports/GO-2020-0001.yaml
@ -2,10 +2,16 @@ modules:
  - module: github.com/gin-gonic/gin
    versions:
      - fixed: 1.6.0
+    vulnerable_at: 1.5.0
    packages:
      - package: github.com/gin-gonic/gin
        symbols:
-          - defaultLogFormatter
+          - LoggerWithConfig
+        derived_symbols:
+          - Default
+          - Logger
+          - LoggerWithFormatter
+          - LoggerWithWriter
 description: |
    The default Formatter for the Logger middleware (LoggerConfig.Formatter),
    which is included in the Default engine, allows attackers to inject arbitrary