internal/report: sort references in Fix

tatianab · tatianab · commit 4191954a9df2 · 2024-05-20T16:06:51.000Z
Sort references by type, then alphabetically. Change-Id: Ia09085488f62829f5216c5cb90db680821afc1ea Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/585418 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/internal/cve4/testdata/cve/TestToReport/CVE-2020-9283.txtar b/internal/cve4/testdata/cve/TestToReport/CVE-2020-9283.txtar
@@ -20,13 +20,13 @@ description: |-
 cves:
     - CVE-2020-9283
 references:
-    - web: https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-9283
     - web: http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
+    - web: https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
     - web: https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
     - web: https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
     - web: https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
     - web: https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-9283
 source:
     id: CVE-2020-9283
     created: 1999-01-01T00:00:00Z
diff --git a/internal/cve4/testdata/cve/TestToReport/CVE-2021-27919.txtar b/internal/cve4/testdata/cve/TestToReport/CVE-2021-27919.txtar
@@ -18,11 +18,11 @@ description: |-
 cves:
     - CVE-2021-27919
 references:
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-27919
     - web: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
     - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/
     - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/
     - web: https://security.gentoo.org/glsa/202208-02
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-27919
 notes:
     - fix: 'std: could not add vulnerable_at: not implemented for std/cmd'
 source:
diff --git a/internal/cve4/testdata/cve/TestToReport/CVE-2021-3115.txtar b/internal/cve4/testdata/cve/TestToReport/CVE-2021-3115.txtar
@@ -19,12 +19,12 @@ description: |-
 cves:
     - CVE-2021-3115
 references:
-    - web: https://groups.google.com/g/golang-announce/c/mperVMGa98w
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-3115
     - web: https://blog.go.dev/path-security
+    - web: https://groups.google.com/g/golang-announce/c/mperVMGa98w
     - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/
-    - web: https://security.netapp.com/advisory/ntap-20210219-0001/
     - web: https://security.gentoo.org/glsa/202208-02
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-3115
+    - web: https://security.netapp.com/advisory/ntap-20210219-0001/
 notes:
     - fix: 'std: could not add vulnerable_at: not implemented for std/cmd'
 source:
diff --git a/internal/cve4/testdata/cve/TestToReport/CVE-2022-39213.txtar b/internal/cve4/testdata/cve/TestToReport/CVE-2022-39213.txtar
@@ -29,10 +29,10 @@ description: |-
 cves:
     - CVE-2022-39213
 references:
-    - web: https://github.com/pandatix/go-cvss/security/advisories/GHSA-xhmf-mmv2-4hhx
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-39213
     - fix: https://github.com/pandatix/go-cvss/commit/d9d478ff0c13b8b09ace030db9262f3c2fe031f4
     - web: https://github.com/pandatix/go-cvss/blob/master/SECURITY.md
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-39213
+    - web: https://github.com/pandatix/go-cvss/security/advisories/GHSA-xhmf-mmv2-4hhx
 source:
     id: CVE-2022-39213
     created: 1999-01-01T00:00:00Z
diff --git a/internal/cve4/testdata/cve/TestToReport/CVE-2023-29407.txtar b/internal/cve4/testdata/cve/TestToReport/CVE-2023-29407.txtar
@@ -17,13 +17,13 @@ description: |-
     tiled image with a height of 0 and a very large width can cause excessive CPU
     consumption, despite the image size (width * height) appearing to be zero.
 references:
-    - report: https://go.dev/issue/61581
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-29407
     - fix: https://go.dev/cl/514897
-    - web: https://security.netapp.com/advisory/ntap-20230831-0009/
+    - report: https://go.dev/issue/61581
     - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
     - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
     - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-29407
+    - web: https://security.netapp.com/advisory/ntap-20230831-0009/
 cve_metadata:
     id: CVE-2023-29407
     cwe: 'CWE-834: Excessive Iteration'
diff --git a/internal/cve4/testdata/cve/TestToReport/CVE-2023-44378.txtar b/internal/cve4/testdata/cve/TestToReport/CVE-2023-44378.txtar
@@ -24,10 +24,10 @@ description: |-
 cves:
     - CVE-2023-44378
 references:
-    - web: https://github.com/Consensys/gnark/security/advisories/GHSA-498w-5j49-vqjg
-    - report: https://github.com/zkopru-network/zkopru/issues/116
-    - fix: https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-44378
+    - fix: https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f
+    - report: https://github.com/zkopru-network/zkopru/issues/116
+    - web: https://github.com/Consensys/gnark/security/advisories/GHSA-498w-5j49-vqjg
 source:
     id: CVE-2023-44378
     created: 1999-01-01T00:00:00Z
diff --git a/internal/cve4/testdata/cve/TestToReport/CVE-2023-45141.txtar b/internal/cve4/testdata/cve/TestToReport/CVE-2023-45141.txtar
@@ -26,8 +26,8 @@ description: |-
 cves:
     - CVE-2023-45141
 references:
-    - web: https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45141
+    - web: https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p
 source:
     id: CVE-2023-45141
     created: 1999-01-01T00:00:00Z
diff --git a/internal/cve4/testdata/cve/TestToReport/CVE-2023-45283.txtar b/internal/cve4/testdata/cve/TestToReport/CVE-2023-45283.txtar
@@ -27,14 +27,14 @@ description: |-
     in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other
     effects). The previous behavior has been restored.
 references:
-    - report: https://go.dev/issue/63713
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45283
     - fix: https://go.dev/cl/540277
-    - web: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
-    - report: https://go.dev/issue/64028
     - fix: https://go.dev/cl/541175
-    - web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
+    - report: https://go.dev/issue/63713
+    - report: https://go.dev/issue/64028
     - web: http://www.openwall.com/lists/oss-security/2023/12/05/2
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45283
+    - web: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
+    - web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
 cve_metadata:
     id: CVE-2023-45283
     cwe: 'CWE-41: Improper Resolution of Path Equivalence'
diff --git a/internal/cve4/testdata/cve/TestToReport/CVE-2023-45285.txtar b/internal/cve4/testdata/cve/TestToReport/CVE-2023-45285.txtar
@@ -18,10 +18,10 @@ description: |-
     module. This only affects users who are not using the module proxy and are
     fetching modules directly (i.e. GOPROXY=off).
 references:
-    - web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
-    - report: https://go.dev/issue/63845
-    - fix: https://go.dev/cl/540257
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45285
+    - fix: https://go.dev/cl/540257
+    - report: https://go.dev/issue/63845
+    - web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
 cve_metadata:
     id: CVE-2023-45285
     cwe: 'CWE-636: Not Failing Securely (''Failing Open'')'
diff --git a/internal/cve4/testdata/cve/TestToReport/CVE-2023-45286.txtar b/internal/cve4/testdata/cve/TestToReport/CVE-2023-45286.txtar
@@ -23,10 +23,10 @@ description: |-
     question is defined at package level scope, so a completely unrelated server
     could receive the request body.
 references:
-    - report: https://github.com/go-resty/resty/issues/743
-    - report: https://github.com/go-resty/resty/issues/739
-    - fix: https://github.com/go-resty/resty/pull/745
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45286
+    - fix: https://github.com/go-resty/resty/pull/745
+    - report: https://github.com/go-resty/resty/issues/739
+    - report: https://github.com/go-resty/resty/issues/743
 cve_metadata:
     id: CVE-2023-45286
     cwe: 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor'
diff --git a/internal/cve5/testdata/cve/TestToReport/CVE-2020-9283.txtar b/internal/cve5/testdata/cve/TestToReport/CVE-2020-9283.txtar
@@ -18,13 +18,13 @@ description: |-
 cves:
     - CVE-2020-9283
 references:
-    - web: https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-9283
     - web: http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
+    - web: https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
     - web: https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
     - web: https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
     - web: https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
     - web: https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-9283
 source:
     id: CVE-2020-9283
     created: 1999-01-01T00:00:00Z
diff --git a/internal/cve5/testdata/cve/TestToReport/CVE-2021-27919.txtar b/internal/cve5/testdata/cve/TestToReport/CVE-2021-27919.txtar
@@ -18,11 +18,11 @@ description: |-
 cves:
     - CVE-2021-27919
 references:
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-27919
     - web: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
     - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/
     - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/
     - web: https://security.gentoo.org/glsa/202208-02
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-27919
 notes:
     - fix: 'std: could not add vulnerable_at: not implemented for std/cmd'
 source:
diff --git a/internal/cve5/testdata/cve/TestToReport/CVE-2021-3115.txtar b/internal/cve5/testdata/cve/TestToReport/CVE-2021-3115.txtar
@@ -19,12 +19,12 @@ description: |-
 cves:
     - CVE-2021-3115
 references:
-    - web: https://groups.google.com/g/golang-announce/c/mperVMGa98w
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-3115
     - web: https://blog.go.dev/path-security
+    - web: https://groups.google.com/g/golang-announce/c/mperVMGa98w
     - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/
-    - web: https://security.netapp.com/advisory/ntap-20210219-0001/
     - web: https://security.gentoo.org/glsa/202208-02
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-3115
+    - web: https://security.netapp.com/advisory/ntap-20210219-0001/
 notes:
     - fix: 'cmd: could not add vulnerable_at: not implemented for std/cmd'
 source:
diff --git a/internal/cve5/testdata/cve/TestToReport/CVE-2022-39213.txtar b/internal/cve5/testdata/cve/TestToReport/CVE-2022-39213.txtar
@@ -30,10 +30,10 @@ description: |-
 cves:
     - CVE-2022-39213
 references:
-    - web: https://github.com/pandatix/go-cvss/security/advisories/GHSA-xhmf-mmv2-4hhx
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-39213
     - fix: https://github.com/pandatix/go-cvss/commit/d9d478ff0c13b8b09ace030db9262f3c2fe031f4
     - web: https://github.com/pandatix/go-cvss/blob/master/SECURITY.md
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-39213
+    - web: https://github.com/pandatix/go-cvss/security/advisories/GHSA-xhmf-mmv2-4hhx
 source:
     id: CVE-2022-39213
     created: 1999-01-01T00:00:00Z
diff --git a/internal/cve5/testdata/cve/TestToReport/CVE-2023-29407.txtar b/internal/cve5/testdata/cve/TestToReport/CVE-2023-29407.txtar
@@ -27,13 +27,13 @@ description: |-
 credits:
     - Philippe Antoine (Catena cyber)
 references:
-    - report: https://go.dev/issue/61581
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-29407
     - fix: https://go.dev/cl/514897
-    - web: https://security.netapp.com/advisory/ntap-20230831-0009/
+    - report: https://go.dev/issue/61581
     - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
     - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
     - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-29407
+    - web: https://security.netapp.com/advisory/ntap-20230831-0009/
 cve_metadata:
     id: CVE-2023-29407
     cwe: 'CWE-834: Excessive Iteration'
diff --git a/internal/cve5/testdata/cve/TestToReport/CVE-2023-44378.txtar b/internal/cve5/testdata/cve/TestToReport/CVE-2023-44378.txtar
@@ -26,10 +26,10 @@ description: |-
 cves:
     - CVE-2023-44378
 references:
-    - web: https://github.com/Consensys/gnark/security/advisories/GHSA-498w-5j49-vqjg
-    - report: https://github.com/zkopru-network/zkopru/issues/116
-    - fix: https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-44378
+    - fix: https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f
+    - report: https://github.com/zkopru-network/zkopru/issues/116
+    - web: https://github.com/Consensys/gnark/security/advisories/GHSA-498w-5j49-vqjg
 source:
     id: CVE-2023-44378
     created: 1999-01-01T00:00:00Z
diff --git a/internal/cve5/testdata/cve/TestToReport/CVE-2023-45141.txtar b/internal/cve5/testdata/cve/TestToReport/CVE-2023-45141.txtar
@@ -26,8 +26,8 @@ description: |-
 cves:
     - CVE-2023-45141
 references:
-    - web: https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45141
+    - web: https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p
 source:
     id: CVE-2023-45141
     created: 1999-01-01T00:00:00Z
diff --git a/internal/cve5/testdata/cve/TestToReport/CVE-2023-45283.txtar b/internal/cve5/testdata/cve/TestToReport/CVE-2023-45283.txtar
@@ -86,14 +86,14 @@ description: |-
     in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other
     effects). The previous behavior has been restored.
 references:
-    - report: https://go.dev/issue/63713
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45283
     - fix: https://go.dev/cl/540277
-    - web: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
-    - report: https://go.dev/issue/64028
     - fix: https://go.dev/cl/541175
-    - web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
+    - report: https://go.dev/issue/63713
+    - report: https://go.dev/issue/64028
     - web: http://www.openwall.com/lists/oss-security/2023/12/05/2
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45283
+    - web: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
+    - web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
 cve_metadata:
     id: CVE-2023-45283
     cwe: 'CWE-41: Improper Resolution of Path Equivalence'
diff --git a/internal/cve5/testdata/cve/TestToReport/CVE-2023-45285.txtar b/internal/cve5/testdata/cve/TestToReport/CVE-2023-45285.txtar
@@ -24,10 +24,10 @@ description: |-
 credits:
     - David Leadbeater
 references:
-    - web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
-    - report: https://go.dev/issue/63845
-    - fix: https://go.dev/cl/540257
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45285
+    - fix: https://go.dev/cl/540257
+    - report: https://go.dev/issue/63845
+    - web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
 cve_metadata:
     id: CVE-2023-45285
     cwe: 'CWE-636: Not Failing Securely (''Failing Open'')'
diff --git a/internal/cve5/testdata/cve/TestToReport/CVE-2023-45286.txtar b/internal/cve5/testdata/cve/TestToReport/CVE-2023-45286.txtar
@@ -40,10 +40,10 @@ description: |-
 credits:
     - Logan Attwood (@lattwood)
 references:
-    - report: https://github.com/go-resty/resty/issues/743
-    - report: https://github.com/go-resty/resty/issues/739
-    - fix: https://github.com/go-resty/resty/pull/745
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45286
+    - fix: https://github.com/go-resty/resty/pull/745
+    - report: https://github.com/go-resty/resty/issues/739
+    - report: https://github.com/go-resty/resty/issues/743
 cve_metadata:
     id: CVE-2023-45286
     cwe: 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor'
diff --git a/internal/genericosv/testdata/yaml/GHSA-28r2-q6m8-9hpx.yaml b/internal/genericosv/testdata/yaml/GHSA-28r2-q6m8-9hpx.yaml
@@ -29,16 +29,16 @@ cves:
 ghsas:
     - GHSA-28r2-q6m8-9hpx
 references:
+    - advisory: https://github.com/advisories/GHSA-28r2-q6m8-9hpx
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-30323
-    - fix: https://github.com/hashicorp/go-getter/pull/359
-    - fix: https://github.com/hashicorp/go-getter/pull/361
     - fix: https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48
     - fix: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45
+    - fix: https://github.com/hashicorp/go-getter/pull/359
+    - fix: https://github.com/hashicorp/go-getter/pull/361
     - web: https://discuss.hashicorp.com
     - web: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/
     - web: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
     - web: https://github.com/hashicorp/go-getter/releases
-    - advisory: https://github.com/advisories/GHSA-28r2-q6m8-9hpx
 source:
     id: GHSA-28r2-q6m8-9hpx
     created: 1999-01-01T00:00:00Z
diff --git a/internal/genericosv/testdata/yaml/GHSA-33m6-q9v5-62r7.yaml b/internal/genericosv/testdata/yaml/GHSA-33m6-q9v5-62r7.yaml
@@ -49,9 +49,9 @@ ghsas:
 references:
     - advisory: https://github.com/hpcng/sif/security/advisories/GHSA-33m6-q9v5-62r7
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-3538
-    - report: https://github.com/satori/go.uuid/issues/73
-    - fix: https://github.com/satori/go.uuid/pull/75
     - fix: https://github.com/satori/go.uuid/commit/75cca531ea763666bc46e531da3b4c3b95f64557
+    - fix: https://github.com/satori/go.uuid/pull/75
+    - report: https://github.com/satori/go.uuid/issues/73
     - web: https://bugzilla.redhat.com/show_bug.cgi?id=1954376
     - web: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
 notes:
diff --git a/internal/genericosv/testdata/yaml/GHSA-3hwm-922r-47hw.yaml b/internal/genericosv/testdata/yaml/GHSA-3hwm-922r-47hw.yaml
@@ -19,8 +19,8 @@ ghsas:
     - GHSA-3hwm-922r-47hw
 references:
     - advisory: https://github.com/42Atomys/stud42/security/advisories/GHSA-3hwm-922r-47hw
-    - web: https://github.com/42Atomys/stud42/issues/412
     - web: https://github.com/42Atomys/stud42/commit/a70bfc72fba721917bf681d72a58093fb9deee17
+    - web: https://github.com/42Atomys/stud42/issues/412
 source:
     id: GHSA-3hwm-922r-47hw
     created: 1999-01-01T00:00:00Z
diff --git a/internal/genericosv/testdata/yaml/GHSA-3wq5-3f56-v5xc.yaml b/internal/genericosv/testdata/yaml/GHSA-3wq5-3f56-v5xc.yaml
@@ -23,9 +23,9 @@ cves:
 ghsas:
     - GHSA-3wq5-3f56-v5xc
 references:
+    - advisory: https://github.com/advisories/GHSA-3wq5-3f56-v5xc
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1777
     - web: https://mattermost.com/security-updates/
-    - advisory: https://github.com/advisories/GHSA-3wq5-3f56-v5xc
 notes:
     - fix: 'github.com/mattermost/mattermost-server/v6: could not add vulnerable_at: version 7.1.6 does not exist'
     - lint: 'modules[1] "github.com/mattermost/mattermost-server/v6": version 7.1.6 does not exist'
diff --git a/internal/genericosv/testdata/yaml/GHSA-54q4-74p3-mgcw.yaml b/internal/genericosv/testdata/yaml/GHSA-54q4-74p3-mgcw.yaml
@@ -16,9 +16,9 @@ cves:
 ghsas:
     - GHSA-54q4-74p3-mgcw
 references:
+    - advisory: https://github.com/advisories/GHSA-54q4-74p3-mgcw
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-38867
     - report: https://github.com/zhaojh329/rttys/issues/117
-    - advisory: https://github.com/advisories/GHSA-54q4-74p3-mgcw
 source:
     id: GHSA-54q4-74p3-mgcw
     created: 1999-01-01T00:00:00Z
diff --git a/internal/genericosv/testdata/yaml/GHSA-66p8-j459-rq63.yaml b/internal/genericosv/testdata/yaml/GHSA-66p8-j459-rq63.yaml
@@ -39,9 +39,9 @@ ghsas:
     - GHSA-66p8-j459-rq63
 references:
     - advisory: https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63
-    - web: https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-25168
     - fix: https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d
+    - web: https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5
 notes:
     - lint: 'description: possible markdown formatting (found ### )'
     - lint: 'description: possible markdown formatting (found [`GHSA-p8r3-83r8-jwj5`](https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5))'
diff --git a/internal/genericosv/testdata/yaml/GHSA-6qfg-8799-r575.yaml b/internal/genericosv/testdata/yaml/GHSA-6qfg-8799-r575.yaml
@@ -29,11 +29,11 @@ cves:
 ghsas:
     - GHSA-6qfg-8799-r575
 references:
+    - advisory: https://github.com/advisories/GHSA-6qfg-8799-r575
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-11251
-    - report: https://github.com/kubernetes/kubernetes/issues/87773
     - fix: https://github.com/kubernetes/kubernetes/pull/82143
+    - report: https://github.com/kubernetes/kubernetes/issues/87773
     - web: https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ
-    - advisory: https://github.com/advisories/GHSA-6qfg-8799-r575
 source:
     id: GHSA-6qfg-8799-r575
     created: 1999-01-01T00:00:00Z
diff --git a/internal/genericosv/testdata/yaml/GHSA-7fxj-fr3v-r9gj.yaml b/internal/genericosv/testdata/yaml/GHSA-7fxj-fr3v-r9gj.yaml
@@ -20,11 +20,11 @@ cves:
 ghsas:
     - GHSA-7fxj-fr3v-r9gj
 references:
+    - advisory: https://github.com/advisories/GHSA-7fxj-fr3v-r9gj
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-3023
     - fix: https://github.com/pingcap/tidb/commit/d0376379d615cc8f263a0b17c031ce403c8dcbfb
     - web: https://advisory.dw1.io/45
     - web: https://huntr.dev/bounties/120f1346-e958-49d0-b66c-0f889a469540
-    - advisory: https://github.com/advisories/GHSA-7fxj-fr3v-r9gj
 source:
     id: GHSA-7fxj-fr3v-r9gj
     created: 1999-01-01T00:00:00Z
diff --git a/internal/genericosv/testdata/yaml/GHSA-9689-rx4v-cqgc.yaml b/internal/genericosv/testdata/yaml/GHSA-9689-rx4v-cqgc.yaml
diff --git a/internal/genericosv/testdata/yaml/GHSA-hjv9-hm2f-rpcj.yaml b/internal/genericosv/testdata/yaml/GHSA-hjv9-hm2f-rpcj.yaml
diff --git a/internal/genericosv/testdata/yaml/GHSA-hmfx-3pcx-653p.yaml b/internal/genericosv/testdata/yaml/GHSA-hmfx-3pcx-653p.yaml
diff --git a/internal/genericosv/testdata/yaml/GHSA-jh36-q97c-9928.yaml b/internal/genericosv/testdata/yaml/GHSA-jh36-q97c-9928.yaml
diff --git a/internal/genericosv/testdata/yaml/GHSA-pmfr-63c2-jr5c.yaml b/internal/genericosv/testdata/yaml/GHSA-pmfr-63c2-jr5c.yaml
diff --git a/internal/genericosv/testdata/yaml/GHSA-w4xh-w33p-4v29.yaml b/internal/genericosv/testdata/yaml/GHSA-w4xh-w33p-4v29.yaml
diff --git a/internal/report/fix.go b/internal/report/fix.go
diff --git a/internal/report/fix_test.go b/internal/report/fix_test.go
