Make all legacy security reports to use raw format
- This introduces and uses `:raw` format for all legacy reports, the ones that do not have yet proper parsers on Backend - Raw format is needed to make Frontend be able to parse reports, without the need of decompressing, - This also extends fixtures to seed security reports with database, even though parser code is part of EE
This commit is contained in:
parent
63cd88c668
commit
15cd91c71a
24 changed files with 2720 additions and 74 deletions
|
@ -27,11 +27,15 @@ module Ci
|
|||
metadata: :gzip,
|
||||
trace: :raw,
|
||||
junit: :gzip,
|
||||
codequality: :gzip,
|
||||
sast: :gzip,
|
||||
dependency_scanning: :gzip,
|
||||
container_scanning: :gzip,
|
||||
dast: :gzip
|
||||
|
||||
# All these file formats use `raw` as we need to store them uncompressed
|
||||
# for Frontend to fetch the files and do analysis
|
||||
# When they will be only used by backend, they can be `gzipped`.
|
||||
codequality: :raw,
|
||||
sast: :raw,
|
||||
dependency_scanning: :raw,
|
||||
container_scanning: :raw,
|
||||
dast: :raw
|
||||
}.freeze
|
||||
|
||||
belongs_to :project
|
||||
|
@ -100,7 +104,8 @@ module Ci
|
|||
}
|
||||
|
||||
FILE_FORMAT_ADAPTERS = {
|
||||
gzip: Gitlab::Ci::Build::Artifacts::GzipFileAdapter
|
||||
gzip: Gitlab::Ci::Build::Artifacts::Adapters::GzipStream,
|
||||
raw: Gitlab::Ci::Build::Artifacts::Adapters::RawStream
|
||||
}.freeze
|
||||
|
||||
def valid_file_format?
|
||||
|
|
|
@ -30,12 +30,12 @@ module Ci
|
|||
def create_reports(reports, expire_in:)
|
||||
return unless reports&.any?
|
||||
|
||||
reports.map do |k, v|
|
||||
reports.map do |report_type, report_paths|
|
||||
{
|
||||
artifact_type: k.to_sym,
|
||||
artifact_format: :gzip,
|
||||
name: ::Ci::JobArtifact::DEFAULT_FILE_NAMES[k.to_sym],
|
||||
paths: v,
|
||||
artifact_type: report_type.to_sym,
|
||||
artifact_format: ::Ci::JobArtifact::TYPE_AND_FORMAT_PAIRS.fetch(report_type.to_sym),
|
||||
name: ::Ci::JobArtifact::DEFAULT_FILE_NAMES.fetch(report_type.to_sym),
|
||||
paths: report_paths,
|
||||
when: 'always',
|
||||
expire_in: expire_in
|
||||
}
|
||||
|
|
5
changelogs/unreleased/use-raw-file-format.yml
Normal file
5
changelogs/unreleased/use-raw-file-format.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Make all legacy security reports to use raw format
|
||||
merge_request:
|
||||
author:
|
||||
type: changed
|
|
@ -1,7 +1,7 @@
|
|||
require './spec/support/sidekiq'
|
||||
|
||||
class Gitlab::Seeder::Pipelines
|
||||
STAGES = %w[build test deploy notify]
|
||||
STAGES = %w[build test security deploy notify]
|
||||
BUILDS = [
|
||||
# build stage
|
||||
{ name: 'build:linux', stage: 'build', status: :success,
|
||||
|
@ -31,6 +31,16 @@ class Gitlab::Seeder::Pipelines
|
|||
{ name: 'spinach:osx', stage: 'test', status: :failed, allow_failure: true,
|
||||
queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago },
|
||||
|
||||
# security stage
|
||||
{ name: 'dast', stage: 'security', status: :success,
|
||||
queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago },
|
||||
{ name: 'sast', stage: 'security', status: :success,
|
||||
queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago },
|
||||
{ name: 'dependency_scanning', stage: 'security', status: :success,
|
||||
queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago },
|
||||
{ name: 'container_scanning', stage: 'security', status: :success,
|
||||
queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago },
|
||||
|
||||
# deploy stage
|
||||
{ name: 'staging', stage: 'deploy', environment: 'staging', status_event: :success,
|
||||
options: { environment: { action: 'start', on_stop: 'stop staging' } },
|
||||
|
@ -108,6 +118,11 @@ class Gitlab::Seeder::Pipelines
|
|||
|
||||
setup_artifacts(build)
|
||||
setup_test_reports(build)
|
||||
if build.ref == build.project.default_branch
|
||||
setup_security_reports_file(build)
|
||||
else
|
||||
setup_security_reports_legacy_archive(build)
|
||||
end
|
||||
setup_build_log(build)
|
||||
|
||||
build.project.environments.
|
||||
|
@ -143,6 +158,55 @@ class Gitlab::Seeder::Pipelines
|
|||
end
|
||||
end
|
||||
|
||||
def setup_security_reports_file(build)
|
||||
return unless build.stage == "security"
|
||||
|
||||
# we have two sources: master and feature-branch
|
||||
branch_name = build.ref == build.project.default_branch ?
|
||||
'master' : 'feature-branch'
|
||||
|
||||
artifacts_cache_file(security_reports_path(branch_name, build.name)) do |file|
|
||||
build.job_artifacts.build(
|
||||
project: build.project,
|
||||
file_type: build.name,
|
||||
file_format: :raw,
|
||||
file: file)
|
||||
end
|
||||
end
|
||||
|
||||
def setup_security_reports_legacy_archive(build)
|
||||
return unless build.stage == "security"
|
||||
|
||||
# we have two sources: master and feature-branch
|
||||
branch_name = build.ref == build.project.default_branch ?
|
||||
'master' : 'feature-branch'
|
||||
|
||||
artifacts_cache_file(security_reports_archive_path(branch_name)) do |file|
|
||||
build.job_artifacts.build(
|
||||
project: build.project,
|
||||
file_type: :archive,
|
||||
file_format: :zip,
|
||||
file: file)
|
||||
end
|
||||
|
||||
# assign dummy metadata
|
||||
artifacts_cache_file(artifacts_metadata_path) do |file|
|
||||
build.job_artifacts.build(
|
||||
project: build.project,
|
||||
file_type: :metadata,
|
||||
file_format: :gzip,
|
||||
file: file)
|
||||
end
|
||||
|
||||
build.options = {
|
||||
artifacts: {
|
||||
paths: [
|
||||
Ci::JobArtifact::DEFAULT_FILE_NAMES.fetch(build.name.to_sym)
|
||||
]
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def setup_build_log(build)
|
||||
if %w(running success failed).include?(build.status)
|
||||
build.trace.set(FFaker::Lorem.paragraphs(6).join("\n\n"))
|
||||
|
@ -190,6 +254,15 @@ class Gitlab::Seeder::Pipelines
|
|||
Rails.root + 'spec/fixtures/junit/junit.xml.gz'
|
||||
end
|
||||
|
||||
def security_reports_archive_path(branch)
|
||||
Rails.root.join('spec', 'fixtures', 'security-reports', branch + '.zip')
|
||||
end
|
||||
|
||||
def security_reports_path(branch, name)
|
||||
file_name = Ci::JobArtifact::DEFAULT_FILE_NAMES.fetch(name.to_sym)
|
||||
Rails.root.join('spec', 'fixtures', 'security-reports', branch, file_name)
|
||||
end
|
||||
|
||||
def artifacts_cache_file(file_path)
|
||||
file = Tempfile.new("artifacts")
|
||||
file.close
|
||||
|
|
48
lib/gitlab/ci/build/artifacts/adapters/gzip_stream.rb
Normal file
48
lib/gitlab/ci/build/artifacts/adapters/gzip_stream.rb
Normal file
|
@ -0,0 +1,48 @@
|
|||
module Gitlab
|
||||
module Ci
|
||||
module Build
|
||||
module Artifacts
|
||||
module Adapters
|
||||
class GzipStream
|
||||
attr_reader :stream
|
||||
|
||||
InvalidStreamError = Class.new(StandardError)
|
||||
|
||||
def initialize(stream)
|
||||
raise InvalidStreamError, "Stream is required" unless stream
|
||||
|
||||
@stream = stream
|
||||
end
|
||||
|
||||
def each_blob
|
||||
stream.seek(0)
|
||||
|
||||
until stream.eof?
|
||||
gzip(stream) do |gz|
|
||||
yield gz.read, gz.orig_name
|
||||
unused = gz.unused&.length.to_i
|
||||
# pos has already reached to EOF at the moment
|
||||
# We rewind the pos to the top of unused files
|
||||
# to read next gzip stream, to support multistream archives
|
||||
# https://golang.org/src/compress/gzip/gunzip.go#L117
|
||||
stream.seek(-unused, IO::SEEK_CUR)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def gzip(stream, &block)
|
||||
gz = Zlib::GzipReader.new(stream)
|
||||
yield(gz)
|
||||
rescue Zlib::Error => e
|
||||
raise InvalidStreamError, e.message
|
||||
ensure
|
||||
gz&.finish
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
27
lib/gitlab/ci/build/artifacts/adapters/raw_stream.rb
Normal file
27
lib/gitlab/ci/build/artifacts/adapters/raw_stream.rb
Normal file
|
@ -0,0 +1,27 @@
|
|||
module Gitlab
|
||||
module Ci
|
||||
module Build
|
||||
module Artifacts
|
||||
module Adapters
|
||||
class RawStream
|
||||
attr_reader :stream
|
||||
|
||||
InvalidStreamError = Class.new(StandardError)
|
||||
|
||||
def initialize(stream)
|
||||
raise InvalidStreamError, "Stream is required" unless stream
|
||||
|
||||
@stream = stream
|
||||
end
|
||||
|
||||
def each_blob
|
||||
stream.seek(0)
|
||||
|
||||
yield(stream.read, 'raw') unless stream.eof?
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,46 +0,0 @@
|
|||
module Gitlab
|
||||
module Ci
|
||||
module Build
|
||||
module Artifacts
|
||||
class GzipFileAdapter
|
||||
attr_reader :stream
|
||||
|
||||
InvalidStreamError = Class.new(StandardError)
|
||||
|
||||
def initialize(stream)
|
||||
raise InvalidStreamError, "Stream is required" unless stream
|
||||
|
||||
@stream = stream
|
||||
end
|
||||
|
||||
def each_blob
|
||||
stream.seek(0)
|
||||
|
||||
until stream.eof?
|
||||
gzip(stream) do |gz|
|
||||
yield gz.read, gz.orig_name
|
||||
unused = gz.unused&.length.to_i
|
||||
# pos has already reached to EOF at the moment
|
||||
# We rewind the pos to the top of unused files
|
||||
# to read next gzip stream, to support multistream archives
|
||||
# https://golang.org/src/compress/gzip/gunzip.go#L117
|
||||
stream.seek(-unused, IO::SEEK_CUR)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def gzip(stream, &block)
|
||||
gz = Zlib::GzipReader.new(stream)
|
||||
yield(gz)
|
||||
rescue Zlib::Error => e
|
||||
raise InvalidStreamError, e.message
|
||||
ensure
|
||||
gz&.finish
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -119,11 +119,11 @@ FactoryBot.define do
|
|||
|
||||
trait :codequality do
|
||||
file_type :codequality
|
||||
file_format :gzip
|
||||
file_format :raw
|
||||
|
||||
after(:build) do |artifact, evaluator|
|
||||
artifact.file = fixture_file_upload(
|
||||
Rails.root.join('spec/fixtures/codequality/codequality.json.gz'), 'application/x-gzip')
|
||||
Rails.root.join('spec/fixtures/codequality/codequality.json'), 'application/json')
|
||||
end
|
||||
end
|
||||
|
||||
|
|
BIN
spec/fixtures/security-reports/feature-branch.zip
vendored
Normal file
BIN
spec/fixtures/security-reports/feature-branch.zip
vendored
Normal file
Binary file not shown.
18
spec/fixtures/security-reports/feature-branch/gl-container-scanning-report.json
vendored
Normal file
18
spec/fixtures/security-reports/feature-branch/gl-container-scanning-report.json
vendored
Normal file
|
@ -0,0 +1,18 @@
|
|||
{
|
||||
"image": "registry.gitlab.com/bikebilly/auto-devops-10-6/feature-branch:e7315ba964febb11bac8f5cd6ec433db8a3a1583",
|
||||
"unapproved": [
|
||||
"CVE-2017-15650"
|
||||
],
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"featurename": "musl",
|
||||
"featureversion": "1.1.14-r15",
|
||||
"vulnerability": "CVE-2017-15650",
|
||||
"namespace": "alpine:v3.4",
|
||||
"description": "",
|
||||
"link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650",
|
||||
"severity": "Medium",
|
||||
"fixedby": "1.1.14-r16"
|
||||
}
|
||||
]
|
||||
}
|
40
spec/fixtures/security-reports/feature-branch/gl-dast-report.json
vendored
Normal file
40
spec/fixtures/security-reports/feature-branch/gl-dast-report.json
vendored
Normal file
|
@ -0,0 +1,40 @@
|
|||
{
|
||||
"site": {
|
||||
"alerts": [
|
||||
{
|
||||
"sourceid": "3",
|
||||
"wascid": "15",
|
||||
"cweid": "16",
|
||||
"reference": "<p>http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx</p><p>https://www.owasp.org/index.php/List_of_useful_HTTP_headers</p>",
|
||||
"otherinfo": "<p>This issue still applies to error type pages (401, 403, 500, etc) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.</p><p>At \"High\" threshold this scanner will not alert on client or server error responses.</p>",
|
||||
"solution": "<p>Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.</p><p>If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.</p>",
|
||||
"count": "2",
|
||||
"pluginid": "10021",
|
||||
"alert": "X-Content-Type-Options Header Missing",
|
||||
"name": "X-Content-Type-Options Header Missing",
|
||||
"riskcode": "1",
|
||||
"confidence": "2",
|
||||
"riskdesc": "Low (Medium)",
|
||||
"desc": "<p>The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.</p>",
|
||||
"instances": [
|
||||
{
|
||||
"param": "X-Content-Type-Options",
|
||||
"method": "GET",
|
||||
"uri": "http://bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io"
|
||||
},
|
||||
{
|
||||
"param": "X-Content-Type-Options",
|
||||
"method": "GET",
|
||||
"uri": "http://bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io/"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"@ssl": "false",
|
||||
"@port": "80",
|
||||
"@host": "bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io",
|
||||
"@name": "http://bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io"
|
||||
},
|
||||
"@generated": "Fri, 13 Apr 2018 09:22:01",
|
||||
"@version": "2.7.0"
|
||||
}
|
46
spec/fixtures/security-reports/feature-branch/gl-dependency-scanning-report.json
vendored
Normal file
46
spec/fixtures/security-reports/feature-branch/gl-dependency-scanning-report.json
vendored
Normal file
|
@ -0,0 +1,46 @@
|
|||
[
|
||||
{
|
||||
"priority": "Unknown",
|
||||
"file": "pom.xml",
|
||||
"cve": "CVE-2012-4387",
|
||||
"url": "http://struts.apache.org/docs/s2-011.html",
|
||||
"message": "Long parameter name DoS for org.apache.struts/struts2-core",
|
||||
"tools": [
|
||||
"gemnasium"
|
||||
],
|
||||
"tool": "gemnasium"
|
||||
},
|
||||
{
|
||||
"priority": "Unknown",
|
||||
"file": "pom.xml",
|
||||
"cve": "CVE-2013-1966",
|
||||
"url": "http://struts.apache.org/docs/s2-014.html",
|
||||
"message": "Remote command execution due to flaw in the includeParams attribute of URL and Anchor tags for org.apache.struts/struts2-core",
|
||||
"tools": [
|
||||
"gemnasium"
|
||||
],
|
||||
"tool": "gemnasium"
|
||||
},
|
||||
{
|
||||
"priority": "Unknown",
|
||||
"file": "pom.xml",
|
||||
"cve": "CVE-2013-2115",
|
||||
"url": "http://struts.apache.org/docs/s2-014.html",
|
||||
"message": "Remote command execution due to flaw in the includeParams attribute of URL and Anchor tags for org.apache.struts/struts2-core",
|
||||
"tools": [
|
||||
"gemnasium"
|
||||
],
|
||||
"tool": "gemnasium"
|
||||
},
|
||||
{
|
||||
"priority": "Unknown",
|
||||
"file": "pom.xml",
|
||||
"cve": "CVE-2013-2134",
|
||||
"url": "http://struts.apache.org/docs/s2-015.html",
|
||||
"message": "Arbitrary OGNL code execution via unsanitized wildcard matching for org.apache.struts/struts2-core",
|
||||
"tools": [
|
||||
"gemnasium"
|
||||
],
|
||||
"tool": "gemnasium"
|
||||
}
|
||||
]
|
242
spec/fixtures/security-reports/feature-branch/gl-license-management-report.json
vendored
Normal file
242
spec/fixtures/security-reports/feature-branch/gl-license-management-report.json
vendored
Normal file
|
@ -0,0 +1,242 @@
|
|||
{
|
||||
"licenses": [
|
||||
{
|
||||
"count": 13,
|
||||
"name": "MIT"
|
||||
},
|
||||
{
|
||||
"count": 2,
|
||||
"name": "New BSD"
|
||||
},
|
||||
{
|
||||
"count": 1,
|
||||
"name": "LGPL"
|
||||
}
|
||||
],
|
||||
"dependencies": [
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "bundler",
|
||||
"url": "http://bundler.io",
|
||||
"description": "The best way to manage your application's dependencies",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "concurrent-ruby",
|
||||
"url": "http://www.concurrent-ruby.com",
|
||||
"description": "Modern concurrency tools for Ruby. Inspired by Erlang, Clojure, Scala, Haskell, F#, C#, Java, and classic concurrency patterns.",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "connection_pool",
|
||||
"url": "https://github.com/mperham/connection_pool",
|
||||
"description": "Generic connection pool for Ruby",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "mini_portile2",
|
||||
"url": "http://github.com/flavorjones/mini_portile",
|
||||
"description": "Simplistic port-like solution for developers",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "mustermann",
|
||||
"url": "https://github.com/sinatra/mustermann",
|
||||
"description": "Your personal string matching expert.",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "nokogiri",
|
||||
"url": "http://nokogiri.org",
|
||||
"description": "Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "New BSD",
|
||||
"url": "http://opensource.org/licenses/BSD-3-Clause"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "pg",
|
||||
"url": "https://bitbucket.org/ged/ruby-pg",
|
||||
"description": "Pg is the Ruby interface to the {PostgreSQL RDBMS}[http://www.postgresql.org/]",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "New BSD",
|
||||
"url": "http://opensource.org/licenses/BSD-3-Clause"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "puma",
|
||||
"url": "http://puma.io",
|
||||
"description": "Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "rack",
|
||||
"url": "https://rack.github.io/",
|
||||
"description": "a modular Ruby webserver interface",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "rack-protection",
|
||||
"url": "http://github.com/sinatra/sinatra/tree/master/rack-protection",
|
||||
"description": "Protect against typical web attacks, works with all Rack apps, including Rails.",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "redis",
|
||||
"url": "https://github.com/redis/redis-rb",
|
||||
"description": "A Ruby client library for Redis",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "LGPL",
|
||||
"url": "http://www.gnu.org/licenses/lgpl.txt"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "sidekiq",
|
||||
"url": "http://sidekiq.org",
|
||||
"description": "Simple, efficient background processing for Ruby",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "sinatra",
|
||||
"url": "http://www.sinatrarb.com/",
|
||||
"description": "Classy web-development dressed in a DSL",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "slim",
|
||||
"url": "http://slim-lang.com/",
|
||||
"description": "Slim is a template language.",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "temple",
|
||||
"url": "https://github.com/judofyr/temple",
|
||||
"description": "Template compilation framework in Ruby",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "tilt",
|
||||
"url": "http://github.com/rtomayko/tilt/",
|
||||
"description": "Generic interface to multiple Ruby template engines",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
944
spec/fixtures/security-reports/feature-branch/gl-sast-report.json
vendored
Normal file
944
spec/fixtures/security-reports/feature-branch/gl-sast-report.json
vendored
Normal file
|
@ -0,0 +1,944 @@
|
|||
[
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Probable insecure usage of temp file/directory.",
|
||||
"cve": "python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108",
|
||||
"severity": "Medium",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-tmp.py",
|
||||
"start_line": 1,
|
||||
"end_line": 1
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B108",
|
||||
"value": "B108",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/hardcoded/hardcoded-tmp.py",
|
||||
"line": 1,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"name": "Predictable pseudorandom number generator",
|
||||
"message": "Predictable pseudorandom number generator",
|
||||
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM",
|
||||
"severity": "Medium",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "find_sec_bugs",
|
||||
"name": "Find Security Bugs"
|
||||
},
|
||||
"location": {
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"start_line": 47,
|
||||
"end_line": 47,
|
||||
"class": "com.gitlab.security_products.tests.App",
|
||||
"method": "generateSecretToken2"
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "find_sec_bugs_type",
|
||||
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
|
||||
"value": "PREDICTABLE_RANDOM",
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"line": 47,
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
|
||||
"tool": "find_sec_bugs"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"name": "Predictable pseudorandom number generator",
|
||||
"message": "Predictable pseudorandom number generator",
|
||||
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
|
||||
"severity": "Medium",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "find_sec_bugs",
|
||||
"name": "Find Security Bugs"
|
||||
},
|
||||
"location": {
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"start_line": 41,
|
||||
"end_line": 41,
|
||||
"class": "com.gitlab.security_products.tests.App",
|
||||
"method": "generateSecretToken1"
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "find_sec_bugs_type",
|
||||
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
|
||||
"value": "PREDICTABLE_RANDOM",
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"line": 41,
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
|
||||
"tool": "find_sec_bugs"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Use of insecure MD2, MD4, or MD5 hash function.",
|
||||
"cve": "python/imports/imports-aliases.py:cb203b465dffb0cb3a8e8bd8910b84b93b0a5995a938e4b903dbb0cd6ffa1254:B303",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 11,
|
||||
"end_line": 11
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B303",
|
||||
"value": "B303"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 11,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Use of insecure MD2, MD4, or MD5 hash function.",
|
||||
"cve": "python/imports/imports-aliases.py:a7173c43ae66bd07466632d819d450e0071e02dbf782763640d1092981f9631b:B303",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 12,
|
||||
"end_line": 12
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B303",
|
||||
"value": "B303"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 12,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Use of insecure MD2, MD4, or MD5 hash function.",
|
||||
"cve": "python/imports/imports-aliases.py:017017b77deb0b8369b6065947833eeea752a92ec8a700db590fece3e934cf0d:B303",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 13,
|
||||
"end_line": 13
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B303",
|
||||
"value": "B303"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 13,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Use of insecure MD2, MD4, or MD5 hash function.",
|
||||
"cve": "python/imports/imports-aliases.py:45fc8c53aea7b84f06bc4e590cc667678d6073c4c8a1d471177ca2146fb22db2:B303",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 14,
|
||||
"end_line": 14
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B303",
|
||||
"value": "B303"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 14,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Pickle library appears to be in use, possible security issue.",
|
||||
"cve": "python/imports/imports-aliases.py:5f200d47291e7bbd8352db23019b85453ca048dd98ea0c291260fa7d009963a4:B301",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 15,
|
||||
"end_line": 15
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B301",
|
||||
"value": "B301"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 15,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"name": "ECB mode is insecure",
|
||||
"message": "ECB mode is insecure",
|
||||
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:ECB_MODE",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "find_sec_bugs",
|
||||
"name": "Find Security Bugs"
|
||||
},
|
||||
"location": {
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"start_line": 29,
|
||||
"end_line": 29,
|
||||
"class": "com.gitlab.security_products.tests.App",
|
||||
"method": "insecureCypher"
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "find_sec_bugs_type",
|
||||
"name": "Find Security Bugs-ECB_MODE",
|
||||
"value": "ECB_MODE",
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"line": 29,
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE",
|
||||
"tool": "find_sec_bugs"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"name": "Cipher with no integrity",
|
||||
"message": "Cipher with no integrity",
|
||||
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "find_sec_bugs",
|
||||
"name": "Find Security Bugs"
|
||||
},
|
||||
"location": {
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"start_line": 29,
|
||||
"end_line": 29,
|
||||
"class": "com.gitlab.security_products.tests.App",
|
||||
"method": "insecureCypher"
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "find_sec_bugs_type",
|
||||
"name": "Find Security Bugs-CIPHER_INTEGRITY",
|
||||
"value": "CIPHER_INTEGRITY",
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"line": 29,
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY",
|
||||
"tool": "find_sec_bugs"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Probable insecure usage of temp file/directory.",
|
||||
"cve": "python/hardcoded/hardcoded-tmp.py:63dd4d626855555b816985d82c4614a790462a0a3ada89dc58eb97f9c50f3077:B108",
|
||||
"severity": "Medium",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-tmp.py",
|
||||
"start_line": 14,
|
||||
"end_line": 14
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B108",
|
||||
"value": "B108",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/hardcoded/hardcoded-tmp.py",
|
||||
"line": 14,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Probable insecure usage of temp file/directory.",
|
||||
"cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108",
|
||||
"severity": "Medium",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-tmp.py",
|
||||
"start_line": 10,
|
||||
"end_line": 10
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B108",
|
||||
"value": "B108",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/hardcoded/hardcoded-tmp.py",
|
||||
"line": 10,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with Popen module.",
|
||||
"cve": "python/imports/imports-aliases.py:2c3e1fa1e54c3c6646e8bcfaee2518153c6799b77587ff8d9a7b0631f6d34785:B404",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 1,
|
||||
"end_line": 1
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B404",
|
||||
"value": "B404"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 1,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with pickle module.",
|
||||
"cve": "python/imports/imports.py:af58d07f6ad519ef5287fcae65bf1a6999448a1a3a8bc1ac2a11daa80d0b96bf:B403",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports.py",
|
||||
"start_line": 2,
|
||||
"end_line": 2
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B403",
|
||||
"value": "B403"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports.py",
|
||||
"line": 2,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with subprocess module.",
|
||||
"cve": "python/imports/imports.py:8de9bc98029d212db530785a5f6780cfa663548746ff228ab8fa96c5bb82f089:B404",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports.py",
|
||||
"start_line": 4,
|
||||
"end_line": 4
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B404",
|
||||
"value": "B404"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports.py",
|
||||
"line": 4,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Possible hardcoded password: 'blerg'",
|
||||
"cve": "python/hardcoded/hardcoded-passwords.py:97c30f1d76d2a88913e3ce9ae74087874d740f87de8af697a9c455f01119f633:B106",
|
||||
"severity": "Low",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"start_line": 22,
|
||||
"end_line": 22
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B106",
|
||||
"value": "B106",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"line": 22,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Possible hardcoded password: 'root'",
|
||||
"cve": "python/hardcoded/hardcoded-passwords.py:7431c73a0bc16d94ece2a2e75ef38f302574d42c37ac0c3c38ad0b3bf8a59f10:B105",
|
||||
"severity": "Low",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"start_line": 5,
|
||||
"end_line": 5
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B105",
|
||||
"value": "B105",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"line": 5,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Possible hardcoded password: ''",
|
||||
"cve": "python/hardcoded/hardcoded-passwords.py:d2d1857c27caedd49c57bfbcdc23afcc92bd66a22701fcdc632869aab4ca73ee:B105",
|
||||
"severity": "Low",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"start_line": 9,
|
||||
"end_line": 9
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B105",
|
||||
"value": "B105",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"line": 9,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Possible hardcoded password: 'ajklawejrkl42348swfgkg'",
|
||||
"cve": "python/hardcoded/hardcoded-passwords.py:fb3866215a61393a5c9c32a3b60e2058171a23219c353f722cbd3567acab21d2:B105",
|
||||
"severity": "Low",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"start_line": 13,
|
||||
"end_line": 13
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B105",
|
||||
"value": "B105",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"line": 13,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Possible hardcoded password: 'blerg'",
|
||||
"cve": "python/hardcoded/hardcoded-passwords.py:63c62a8b7e1e5224439bd26b28030585ac48741e28ca64561a6071080c560a5f:B105",
|
||||
"severity": "Low",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"start_line": 23,
|
||||
"end_line": 23
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B105",
|
||||
"value": "B105",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"line": 23,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Possible hardcoded password: 'blerg'",
|
||||
"cve": "python/hardcoded/hardcoded-passwords.py:4311b06d08df8fa58229b341c531da8e1a31ec4520597bdff920cd5c098d86f9:B105",
|
||||
"severity": "Low",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"start_line": 24,
|
||||
"end_line": 24
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B105",
|
||||
"value": "B105",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"line": 24,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with subprocess module.",
|
||||
"cve": "python/imports/imports-function.py:5858400c2f39047787702de44d03361ef8d954c9d14bd54ee1c2bef9e6a7df93:B404",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-function.py",
|
||||
"start_line": 4,
|
||||
"end_line": 4
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B404",
|
||||
"value": "B404"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-function.py",
|
||||
"line": 4,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with pickle module.",
|
||||
"cve": "python/imports/imports-function.py:dbda3cf4190279d30e0aad7dd137eca11272b0b225e8af4e8bf39682da67d956:B403",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-function.py",
|
||||
"start_line": 2,
|
||||
"end_line": 2
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B403",
|
||||
"value": "B403"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-function.py",
|
||||
"line": 2,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with Popen module.",
|
||||
"cve": "python/imports/imports-from.py:eb8a0db9cd1a8c1ab39a77e6025021b1261cc2a0b026b2f4a11fca4e0636d8dd:B404",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-from.py",
|
||||
"start_line": 7,
|
||||
"end_line": 7
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B404",
|
||||
"value": "B404"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-from.py",
|
||||
"line": 7,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell",
|
||||
"cve": "python/imports/imports-aliases.py:f99f9721e27537fbcb6699a4cf39c6740d6234d2c6f06cfc2d9ea977313c483d:B602",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 9,
|
||||
"end_line": 9
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B602",
|
||||
"value": "B602",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 9,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with subprocess module.",
|
||||
"cve": "python/imports/imports-from.py:332a12ab1146698f614a905ce6a6a5401497a12281aef200e80522711c69dcf4:B404",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-from.py",
|
||||
"start_line": 6,
|
||||
"end_line": 6
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B404",
|
||||
"value": "B404"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-from.py",
|
||||
"line": 6,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with Popen module.",
|
||||
"cve": "python/imports/imports-from.py:0a48de4a3d5348853a03666cb574697e3982998355e7a095a798bd02a5947276:B404",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-from.py",
|
||||
"start_line": 1,
|
||||
"end_line": 2
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B404",
|
||||
"value": "B404"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-from.py",
|
||||
"line": 1,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with pickle module.",
|
||||
"cve": "python/imports/imports-aliases.py:51b71661dff994bde3529639a727a678c8f5c4c96f00d300913f6d5be1bbdf26:B403",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 7,
|
||||
"end_line": 8
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B403",
|
||||
"value": "B403"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 7,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with loads module.",
|
||||
"cve": "python/imports/imports-aliases.py:6ff02aeb3149c01ab68484d794a94f58d5d3e3bb0d58557ef4153644ea68ea54:B403",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 6,
|
||||
"end_line": 6
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B403",
|
||||
"value": "B403"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 6,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
|
||||
"cve": "c/subdir/utils.c:b466873101951fe96e1332f6728eb7010acbbd5dfc3b65d7d53571d091a06d9e:CWE-119!/CWE-120",
|
||||
"confidence": "Low",
|
||||
"solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
|
||||
"scanner": {
|
||||
"id": "flawfinder",
|
||||
"name": "Flawfinder"
|
||||
},
|
||||
"location": {
|
||||
"file": "c/subdir/utils.c",
|
||||
"start_line": 4
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "cwe",
|
||||
"name": "CWE-119",
|
||||
"value": "119",
|
||||
"url": "https://cwe.mitre.org/data/definitions/119.html"
|
||||
},
|
||||
{
|
||||
"type": "cwe",
|
||||
"name": "CWE-120",
|
||||
"value": "120",
|
||||
"url": "https://cwe.mitre.org/data/definitions/120.html"
|
||||
}
|
||||
],
|
||||
"file": "c/subdir/utils.c",
|
||||
"line": 4,
|
||||
"url": "https://cwe.mitre.org/data/definitions/119.html",
|
||||
"tool": "flawfinder"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)",
|
||||
"cve": "c/subdir/utils.c:bab681140fcc8fc3085b6bba74081b44ea145c1c98b5e70cf19ace2417d30770:CWE-362",
|
||||
"confidence": "Low",
|
||||
"scanner": {
|
||||
"id": "flawfinder",
|
||||
"name": "Flawfinder"
|
||||
},
|
||||
"location": {
|
||||
"file": "c/subdir/utils.c",
|
||||
"start_line": 8
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "cwe",
|
||||
"name": "CWE-362",
|
||||
"value": "362",
|
||||
"url": "https://cwe.mitre.org/data/definitions/362.html"
|
||||
}
|
||||
],
|
||||
"file": "c/subdir/utils.c",
|
||||
"line": 8,
|
||||
"url": "https://cwe.mitre.org/data/definitions/362.html",
|
||||
"tool": "flawfinder"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
|
||||
"cve": "cplusplus/src/hello.cpp:c8c6dd0afdae6814194cf0930b719f757ab7b379cf8f261e7f4f9f2f323a818a:CWE-119!/CWE-120",
|
||||
"confidence": "Low",
|
||||
"solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
|
||||
"scanner": {
|
||||
"id": "flawfinder",
|
||||
"name": "Flawfinder"
|
||||
},
|
||||
"location": {
|
||||
"file": "cplusplus/src/hello.cpp",
|
||||
"start_line": 6
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "cwe",
|
||||
"name": "CWE-119",
|
||||
"value": "119",
|
||||
"url": "https://cwe.mitre.org/data/definitions/119.html"
|
||||
},
|
||||
{
|
||||
"type": "cwe",
|
||||
"name": "CWE-120",
|
||||
"value": "120",
|
||||
"url": "https://cwe.mitre.org/data/definitions/120.html"
|
||||
}
|
||||
],
|
||||
"file": "cplusplus/src/hello.cpp",
|
||||
"line": 6,
|
||||
"url": "https://cwe.mitre.org/data/definitions/119.html",
|
||||
"tool": "flawfinder"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120)",
|
||||
"cve": "cplusplus/src/hello.cpp:331c04062c4fe0c7c486f66f59e82ad146ab33cdd76ae757ca41f392d568cbd0:CWE-120",
|
||||
"confidence": "Low",
|
||||
"solution": "Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",
|
||||
"scanner": {
|
||||
"id": "flawfinder",
|
||||
"name": "Flawfinder"
|
||||
},
|
||||
"location": {
|
||||
"file": "cplusplus/src/hello.cpp",
|
||||
"start_line": 7
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "cwe",
|
||||
"name": "CWE-120",
|
||||
"value": "120",
|
||||
"url": "https://cwe.mitre.org/data/definitions/120.html"
|
||||
}
|
||||
],
|
||||
"file": "cplusplus/src/hello.cpp",
|
||||
"line": 7,
|
||||
"url": "https://cwe.mitre.org/data/definitions/120.html",
|
||||
"tool": "flawfinder"
|
||||
}
|
||||
]
|
BIN
spec/fixtures/security-reports/master.zip
vendored
Normal file
BIN
spec/fixtures/security-reports/master.zip
vendored
Normal file
Binary file not shown.
18
spec/fixtures/security-reports/master/gl-container-scanning-report.json
vendored
Normal file
18
spec/fixtures/security-reports/master/gl-container-scanning-report.json
vendored
Normal file
|
@ -0,0 +1,18 @@
|
|||
{
|
||||
"image": "registry.gitlab.com/bikebilly/auto-devops-10-6/feature-branch:e7315ba964febb11bac8f5cd6ec433db8a3a1583",
|
||||
"unapproved": [
|
||||
"CVE-2017-15651"
|
||||
],
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"featurename": "musl",
|
||||
"featureversion": "1.1.14-r15",
|
||||
"vulnerability": "CVE-2017-15651",
|
||||
"namespace": "alpine:v3.4",
|
||||
"description": "",
|
||||
"link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15651",
|
||||
"severity": "Medium",
|
||||
"fixedby": "1.1.14-r16"
|
||||
}
|
||||
]
|
||||
}
|
40
spec/fixtures/security-reports/master/gl-dast-report.json
vendored
Normal file
40
spec/fixtures/security-reports/master/gl-dast-report.json
vendored
Normal file
|
@ -0,0 +1,40 @@
|
|||
{
|
||||
"site": {
|
||||
"alerts": [
|
||||
{
|
||||
"sourceid": "3",
|
||||
"wascid": "15",
|
||||
"cweid": "16",
|
||||
"reference": "<p>http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx</p><p>https://www.owasp.org/index.php/List_of_useful_HTTP_headers</p>",
|
||||
"otherinfo": "<p>This issue still applies to error type pages (401, 403, 500, etc) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.</p><p>At \"High\" threshold this scanner will not alert on client or server error responses.</p>",
|
||||
"solution": "<p>Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.</p><p>If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.</p>",
|
||||
"count": "2",
|
||||
"pluginid": "10021",
|
||||
"alert": "X-Content-Type-Options Header Missing",
|
||||
"name": "X-Content-Type-Options Header Missing",
|
||||
"riskcode": "1",
|
||||
"confidence": "2",
|
||||
"riskdesc": "Low (Medium)",
|
||||
"desc": "<p>The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.</p>",
|
||||
"instances": [
|
||||
{
|
||||
"param": "X-Content-Type-Options",
|
||||
"method": "GET",
|
||||
"uri": "http://bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io"
|
||||
},
|
||||
{
|
||||
"param": "X-Content-Type-Options",
|
||||
"method": "GET",
|
||||
"uri": "http://bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io/"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"@ssl": "false",
|
||||
"@port": "80",
|
||||
"@host": "bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io",
|
||||
"@name": "http://bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io"
|
||||
},
|
||||
"@generated": "Fri, 13 Apr 2018 09:22:01",
|
||||
"@version": "2.7.0"
|
||||
}
|
35
spec/fixtures/security-reports/master/gl-dependency-scanning-report.json
vendored
Normal file
35
spec/fixtures/security-reports/master/gl-dependency-scanning-report.json
vendored
Normal file
|
@ -0,0 +1,35 @@
|
|||
[
|
||||
{
|
||||
"priority": "Unknown",
|
||||
"file": "pom.xml",
|
||||
"cve": "CVE-2012-4386",
|
||||
"url": "http://struts.apache.org/docs/s2-010.html",
|
||||
"message": "CSRF protection bypass for org.apache.struts/struts2-core",
|
||||
"tools": [
|
||||
"gemnasium"
|
||||
],
|
||||
"tool": "gemnasium"
|
||||
},
|
||||
{
|
||||
"priority": "Unknown",
|
||||
"file": "pom.xml",
|
||||
"cve": "CVE-2012-4387",
|
||||
"url": "http://struts.apache.org/docs/s2-011.html",
|
||||
"message": "Long parameter name DoS for org.apache.struts/struts2-core",
|
||||
"tools": [
|
||||
"gemnasium"
|
||||
],
|
||||
"tool": "gemnasium"
|
||||
},
|
||||
{
|
||||
"priority": "Unknown",
|
||||
"file": "pom.xml",
|
||||
"cve": "CVE-2013-1966",
|
||||
"url": "http://struts.apache.org/docs/s2-014.html",
|
||||
"message": "Remote command execution due to flaw in the includeParams attribute of URL and Anchor tags for org.apache.struts/struts2-core",
|
||||
"tools": [
|
||||
"gemnasium"
|
||||
],
|
||||
"tool": "gemnasium"
|
||||
}
|
||||
]
|
150
spec/fixtures/security-reports/master/gl-license-management-report.json
vendored
Normal file
150
spec/fixtures/security-reports/master/gl-license-management-report.json
vendored
Normal file
|
@ -0,0 +1,150 @@
|
|||
{
|
||||
"licenses": [
|
||||
{
|
||||
"count": 10,
|
||||
"name": "MIT"
|
||||
}
|
||||
],
|
||||
"dependencies": [
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "mini_portile2",
|
||||
"url": "http://github.com/flavorjones/mini_portile",
|
||||
"description": "Simplistic port-like solution for developers",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "mustermann",
|
||||
"url": "https://github.com/sinatra/mustermann",
|
||||
"description": "Your personal string matching expert.",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "nokogiri",
|
||||
"url": "http://nokogiri.org",
|
||||
"description": "Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "rack",
|
||||
"url": "https://rack.github.io/",
|
||||
"description": "a modular Ruby webserver interface",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "rack-protection",
|
||||
"url": "http://github.com/sinatra/sinatra/tree/master/rack-protection",
|
||||
"description": "Protect against typical web attacks, works with all Rack apps, including Rails.",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "redis",
|
||||
"url": "https://github.com/redis/redis-rb",
|
||||
"description": "A Ruby client library for Redis",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "sinatra",
|
||||
"url": "http://www.sinatrarb.com/",
|
||||
"description": "Classy web-development dressed in a DSL",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "slim",
|
||||
"url": "http://slim-lang.com/",
|
||||
"description": "Slim is a template language.",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "temple",
|
||||
"url": "https://github.com/judofyr/temple",
|
||||
"description": "Template compilation framework in Ruby",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"license": {
|
||||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/mit-license"
|
||||
},
|
||||
"dependency": {
|
||||
"name": "tilt",
|
||||
"url": "http://github.com/rtomayko/tilt/",
|
||||
"description": "Generic interface to multiple Ruby template engines",
|
||||
"pathes": [
|
||||
"."
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
944
spec/fixtures/security-reports/master/gl-sast-report.json
vendored
Normal file
944
spec/fixtures/security-reports/master/gl-sast-report.json
vendored
Normal file
|
@ -0,0 +1,944 @@
|
|||
[
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Probable insecure usage of temp file/directory.",
|
||||
"cve": "python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108",
|
||||
"severity": "Medium",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-tmp.py",
|
||||
"start_line": 1,
|
||||
"end_line": 1
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B108",
|
||||
"value": "B108",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/hardcoded/hardcoded-tmp.py",
|
||||
"line": 1,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"name": "Predictable pseudorandom number generator",
|
||||
"message": "Predictable pseudorandom number generator",
|
||||
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM",
|
||||
"severity": "Medium",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "find_sec_bugs",
|
||||
"name": "Find Security Bugs"
|
||||
},
|
||||
"location": {
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"start_line": 47,
|
||||
"end_line": 47,
|
||||
"class": "com.gitlab.security_products.tests.App",
|
||||
"method": "generateSecretToken2"
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "find_sec_bugs_type",
|
||||
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
|
||||
"value": "PREDICTABLE_RANDOM",
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"line": 47,
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
|
||||
"tool": "find_sec_bugs"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"name": "Predictable pseudorandom number generator",
|
||||
"message": "Predictable pseudorandom number generator",
|
||||
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
|
||||
"severity": "Medium",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "find_sec_bugs",
|
||||
"name": "Find Security Bugs"
|
||||
},
|
||||
"location": {
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"start_line": 41,
|
||||
"end_line": 41,
|
||||
"class": "com.gitlab.security_products.tests.App",
|
||||
"method": "generateSecretToken1"
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "find_sec_bugs_type",
|
||||
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
|
||||
"value": "PREDICTABLE_RANDOM",
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"line": 41,
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
|
||||
"tool": "find_sec_bugs"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Use of insecure MD2, MD4, or MD5 hash function.",
|
||||
"cve": "python/imports/imports-aliases.py:cb203b465dffb0cb3a8e8bd8910b84b93b0a5995a938e4b903dbb0cd6ffa1254:B303",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 11,
|
||||
"end_line": 11
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B303",
|
||||
"value": "B303"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 11,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Use of insecure MD2, MD4, or MD5 hash function.",
|
||||
"cve": "python/imports/imports-aliases.py:a7173c43ae66bd07466632d819d450e0071e02dbf782763640d1092981f9631b:B303",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 12,
|
||||
"end_line": 12
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B303",
|
||||
"value": "B303"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 12,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Use of insecure MD2, MD4, or MD5 hash function.",
|
||||
"cve": "python/imports/imports-aliases.py:017017b77deb0b8369b6065947833eeea752a92ec8a700db590fece3e934cf0d:B303",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 13,
|
||||
"end_line": 13
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B303",
|
||||
"value": "B303"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 13,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Use of insecure MD2, MD4, or MD5 hash function.",
|
||||
"cve": "python/imports/imports-aliases.py:45fc8c53aea7b84f06bc4e590cc667678d6073c4c8a1d471177ca2146fb22db2:B303",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 14,
|
||||
"end_line": 14
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B303",
|
||||
"value": "B303"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 14,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Pickle library appears to be in use, possible security issue.",
|
||||
"cve": "python/imports/imports-aliases.py:5f200d47291e7bbd8352db23019b85453ca048dd98ea0c291260fa7d009963a4:B301",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 15,
|
||||
"end_line": 15
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B301",
|
||||
"value": "B301"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 15,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"name": "ECB mode is insecure",
|
||||
"message": "ECB mode is insecure",
|
||||
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:ECB_MODE",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "find_sec_bugs",
|
||||
"name": "Find Security Bugs"
|
||||
},
|
||||
"location": {
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"start_line": 29,
|
||||
"end_line": 29,
|
||||
"class": "com.gitlab.security_products.tests.App",
|
||||
"method": "insecureCypher"
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "find_sec_bugs_type",
|
||||
"name": "Find Security Bugs-ECB_MODE",
|
||||
"value": "ECB_MODE",
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"line": 29,
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE",
|
||||
"tool": "find_sec_bugs"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"name": "Cipher with no integrity",
|
||||
"message": "Cipher with no integrity",
|
||||
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY",
|
||||
"severity": "Medium",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "find_sec_bugs",
|
||||
"name": "Find Security Bugs"
|
||||
},
|
||||
"location": {
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"start_line": 29,
|
||||
"end_line": 29,
|
||||
"class": "com.gitlab.security_products.tests.App",
|
||||
"method": "insecureCypher"
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "find_sec_bugs_type",
|
||||
"name": "Find Security Bugs-CIPHER_INTEGRITY",
|
||||
"value": "CIPHER_INTEGRITY",
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
||||
"line": 29,
|
||||
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY",
|
||||
"tool": "find_sec_bugs"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Probable insecure usage of temp file/directory.",
|
||||
"cve": "python/hardcoded/hardcoded-tmp.py:63dd4d626855555b816985d82c4614a790462a0a3ada89dc58eb97f9c50f3077:B108",
|
||||
"severity": "Medium",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-tmp.py",
|
||||
"start_line": 14,
|
||||
"end_line": 14
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B108",
|
||||
"value": "B108",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/hardcoded/hardcoded-tmp.py",
|
||||
"line": 14,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Probable insecure usage of temp file/directory.",
|
||||
"cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108",
|
||||
"severity": "Medium",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-tmp.py",
|
||||
"start_line": 10,
|
||||
"end_line": 10
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B108",
|
||||
"value": "B108",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
|
||||
}
|
||||
],
|
||||
"priority": "Medium",
|
||||
"file": "python/hardcoded/hardcoded-tmp.py",
|
||||
"line": 10,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with Popen module.",
|
||||
"cve": "python/imports/imports-aliases.py:2c3e1fa1e54c3c6646e8bcfaee2518153c6799b77587ff8d9a7b0631f6d34785:B404",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 1,
|
||||
"end_line": 1
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B404",
|
||||
"value": "B404"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 1,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with pickle module.",
|
||||
"cve": "python/imports/imports.py:af58d07f6ad519ef5287fcae65bf1a6999448a1a3a8bc1ac2a11daa80d0b96bf:B403",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports.py",
|
||||
"start_line": 2,
|
||||
"end_line": 2
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B403",
|
||||
"value": "B403"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports.py",
|
||||
"line": 2,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with subprocess module.",
|
||||
"cve": "python/imports/imports.py:8de9bc98029d212db530785a5f6780cfa663548746ff228ab8fa96c5bb82f089:B404",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports.py",
|
||||
"start_line": 4,
|
||||
"end_line": 4
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B404",
|
||||
"value": "B404"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports.py",
|
||||
"line": 4,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Possible hardcoded password: 'blerg'",
|
||||
"cve": "python/hardcoded/hardcoded-passwords.py:97c30f1d76d2a88913e3ce9ae74087874d740f87de8af697a9c455f01119f633:B106",
|
||||
"severity": "Low",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"start_line": 22,
|
||||
"end_line": 22
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B106",
|
||||
"value": "B106",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"line": 22,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Possible hardcoded password: 'root'",
|
||||
"cve": "python/hardcoded/hardcoded-passwords.py:7431c73a0bc16d94ece2a2e75ef38f302574d42c37ac0c3c38ad0b3bf8a59f10:B105",
|
||||
"severity": "Low",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"start_line": 5,
|
||||
"end_line": 5
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B105",
|
||||
"value": "B105",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"line": 5,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Possible hardcoded password: ''",
|
||||
"cve": "python/hardcoded/hardcoded-passwords.py:d2d1857c27caedd49c57bfbcdc23afcc92bd66a22701fcdc632869aab4ca73ee:B105",
|
||||
"severity": "Low",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"start_line": 9,
|
||||
"end_line": 9
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B105",
|
||||
"value": "B105",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"line": 9,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Possible hardcoded password: 'ajklawejrkl42348swfgkg'",
|
||||
"cve": "python/hardcoded/hardcoded-passwords.py:fb3866215a61393a5c9c32a3b60e2058171a23219c353f722cbd3567acab21d2:B105",
|
||||
"severity": "Low",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"start_line": 13,
|
||||
"end_line": 13
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B105",
|
||||
"value": "B105",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"line": 13,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Possible hardcoded password: 'blerg'",
|
||||
"cve": "python/hardcoded/hardcoded-passwords.py:63c62a8b7e1e5224439bd26b28030585ac48741e28ca64561a6071080c560a5f:B105",
|
||||
"severity": "Low",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"start_line": 23,
|
||||
"end_line": 23
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B105",
|
||||
"value": "B105",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"line": 23,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Possible hardcoded password: 'blerg'",
|
||||
"cve": "python/hardcoded/hardcoded-passwords.py:4311b06d08df8fa58229b341c531da8e1a31ec4520597bdff920cd5c098d86f9:B105",
|
||||
"severity": "Low",
|
||||
"confidence": "Medium",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"start_line": 24,
|
||||
"end_line": 24
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B105",
|
||||
"value": "B105",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/hardcoded/hardcoded-passwords.py",
|
||||
"line": 24,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with subprocess module.",
|
||||
"cve": "python/imports/imports-function.py:5858400c2f39047787702de44d03361ef8d954c9d14bd54ee1c2bef9e6a7df93:B404",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-function.py",
|
||||
"start_line": 4,
|
||||
"end_line": 4
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B404",
|
||||
"value": "B404"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-function.py",
|
||||
"line": 4,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with pickle module.",
|
||||
"cve": "python/imports/imports-function.py:dbda3cf4190279d30e0aad7dd137eca11272b0b225e8af4e8bf39682da67d956:B403",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-function.py",
|
||||
"start_line": 2,
|
||||
"end_line": 2
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B403",
|
||||
"value": "B403"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-function.py",
|
||||
"line": 2,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with Popen module.",
|
||||
"cve": "python/imports/imports-from.py:eb8a0db9cd1a8c1ab39a77e6025021b1261cc2a0b026b2f4a11fca4e0636d8dd:B404",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-from.py",
|
||||
"start_line": 7,
|
||||
"end_line": 7
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B404",
|
||||
"value": "B404"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-from.py",
|
||||
"line": 7,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell",
|
||||
"cve": "python/imports/imports-aliases.py:f99f9721e27537fbcb6699a4cf39c6740d6234d2c6f06cfc2d9ea977313c483d:B602",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 9,
|
||||
"end_line": 9
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B602",
|
||||
"value": "B602",
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 9,
|
||||
"url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html",
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with subprocess module.",
|
||||
"cve": "python/imports/imports-from.py:332a12ab1146698f614a905ce6a6a5401497a12281aef200e80522711c69dcf4:B404",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-from.py",
|
||||
"start_line": 6,
|
||||
"end_line": 6
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B404",
|
||||
"value": "B404"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-from.py",
|
||||
"line": 6,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with Popen module.",
|
||||
"cve": "python/imports/imports-from.py:0a48de4a3d5348853a03666cb574697e3982998355e7a095a798bd02a5947276:B404",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-from.py",
|
||||
"start_line": 1,
|
||||
"end_line": 2
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B404",
|
||||
"value": "B404"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-from.py",
|
||||
"line": 1,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with pickle module.",
|
||||
"cve": "python/imports/imports-aliases.py:51b71661dff994bde3529639a727a678c8f5c4c96f00d300913f6d5be1bbdf26:B403",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 7,
|
||||
"end_line": 8
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B403",
|
||||
"value": "B403"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 7,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Consider possible security implications associated with loads module.",
|
||||
"cve": "python/imports/imports-aliases.py:6ff02aeb3149c01ab68484d794a94f58d5d3e3bb0d58557ef4153644ea68ea54:B403",
|
||||
"severity": "Low",
|
||||
"confidence": "High",
|
||||
"scanner": {
|
||||
"id": "bandit",
|
||||
"name": "Bandit"
|
||||
},
|
||||
"location": {
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"start_line": 6,
|
||||
"end_line": 6
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "bandit_test_id",
|
||||
"name": "Bandit Test ID B403",
|
||||
"value": "B403"
|
||||
}
|
||||
],
|
||||
"priority": "Low",
|
||||
"file": "python/imports/imports-aliases.py",
|
||||
"line": 6,
|
||||
"tool": "bandit"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
|
||||
"cve": "c/subdir/utils.c:b466873101951fe96e1332f6728eb7010acbbd5dfc3b65d7d53571d091a06d9e:CWE-119!/CWE-120",
|
||||
"confidence": "Low",
|
||||
"solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
|
||||
"scanner": {
|
||||
"id": "flawfinder",
|
||||
"name": "Flawfinder"
|
||||
},
|
||||
"location": {
|
||||
"file": "c/subdir/utils.c",
|
||||
"start_line": 4
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "cwe",
|
||||
"name": "CWE-119",
|
||||
"value": "119",
|
||||
"url": "https://cwe.mitre.org/data/definitions/119.html"
|
||||
},
|
||||
{
|
||||
"type": "cwe",
|
||||
"name": "CWE-120",
|
||||
"value": "120",
|
||||
"url": "https://cwe.mitre.org/data/definitions/120.html"
|
||||
}
|
||||
],
|
||||
"file": "c/subdir/utils.c",
|
||||
"line": 4,
|
||||
"url": "https://cwe.mitre.org/data/definitions/119.html",
|
||||
"tool": "flawfinder"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)",
|
||||
"cve": "c/subdir/utils.c:bab681140fcc8fc3085b6bba74081b44ea145c1c98b5e70cf19ace2417d30770:CWE-362",
|
||||
"confidence": "Low",
|
||||
"scanner": {
|
||||
"id": "flawfinder",
|
||||
"name": "Flawfinder"
|
||||
},
|
||||
"location": {
|
||||
"file": "c/subdir/utils.c",
|
||||
"start_line": 8
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "cwe",
|
||||
"name": "CWE-362",
|
||||
"value": "362",
|
||||
"url": "https://cwe.mitre.org/data/definitions/362.html"
|
||||
}
|
||||
],
|
||||
"file": "c/subdir/utils.c",
|
||||
"line": 8,
|
||||
"url": "https://cwe.mitre.org/data/definitions/362.html",
|
||||
"tool": "flawfinder"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
|
||||
"cve": "cplusplus/src/hello.cpp:c8c6dd0afdae6814194cf0930b719f757ab7b379cf8f261e7f4f9f2f323a818a:CWE-119!/CWE-120",
|
||||
"confidence": "Low",
|
||||
"solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
|
||||
"scanner": {
|
||||
"id": "flawfinder",
|
||||
"name": "Flawfinder"
|
||||
},
|
||||
"location": {
|
||||
"file": "cplusplus/src/hello.cpp",
|
||||
"start_line": 6
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "cwe",
|
||||
"name": "CWE-119",
|
||||
"value": "119",
|
||||
"url": "https://cwe.mitre.org/data/definitions/119.html"
|
||||
},
|
||||
{
|
||||
"type": "cwe",
|
||||
"name": "CWE-120",
|
||||
"value": "120",
|
||||
"url": "https://cwe.mitre.org/data/definitions/120.html"
|
||||
}
|
||||
],
|
||||
"file": "cplusplus/src/hello.cpp",
|
||||
"line": 6,
|
||||
"url": "https://cwe.mitre.org/data/definitions/119.html",
|
||||
"tool": "flawfinder"
|
||||
},
|
||||
{
|
||||
"category": "sast",
|
||||
"message": "Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120)",
|
||||
"cve": "cplusplus/src/hello.cpp:331c04062c4fe0c7c486f66f59e82ad146ab33cdd76ae757ca41f392d568cbd0:CWE-120",
|
||||
"confidence": "Low",
|
||||
"solution": "Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",
|
||||
"scanner": {
|
||||
"id": "flawfinder",
|
||||
"name": "Flawfinder"
|
||||
},
|
||||
"location": {
|
||||
"file": "cplusplus/src/hello.cpp",
|
||||
"start_line": 7
|
||||
},
|
||||
"identifiers": [
|
||||
{
|
||||
"type": "cwe",
|
||||
"name": "CWE-120",
|
||||
"value": "120",
|
||||
"url": "https://cwe.mitre.org/data/definitions/120.html"
|
||||
}
|
||||
],
|
||||
"file": "cplusplus/src/hello.cpp",
|
||||
"line": 7,
|
||||
"url": "https://cwe.mitre.org/data/definitions/120.html",
|
||||
"tool": "flawfinder"
|
||||
}
|
||||
]
|
|
@ -1,6 +1,6 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe Gitlab::Ci::Build::Artifacts::GzipFileAdapter do
|
||||
describe Gitlab::Ci::Build::Artifacts::Adapters::GzipStream do
|
||||
describe '#initialize' do
|
||||
context 'when stream is passed' do
|
||||
let(:stream) { File.open(expand_fixture_path('junit/junit.xml.gz'), 'rb') }
|
|
@ -0,0 +1,47 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe Gitlab::Ci::Build::Artifacts::Adapters::RawStream do
|
||||
describe '#initialize' do
|
||||
context 'when stream is passed' do
|
||||
let(:stream) { File.open(expand_fixture_path('junit/junit.xml'), 'rb') }
|
||||
|
||||
it 'initialized' do
|
||||
expect { described_class.new(stream) }.not_to raise_error
|
||||
end
|
||||
end
|
||||
|
||||
context 'when stream is not passed' do
|
||||
let(:stream) { nil }
|
||||
|
||||
it 'raises an error' do
|
||||
expect { described_class.new(stream) }.to raise_error(described_class::InvalidStreamError)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#each_blob' do
|
||||
let(:adapter) { described_class.new(stream) }
|
||||
|
||||
context 'when file is not empty' do
|
||||
let(:stream) { File.open(expand_fixture_path('junit/junit.xml'), 'rb') }
|
||||
|
||||
it 'iterates content' do
|
||||
expect { |b| adapter.each_blob(&b) }
|
||||
.to yield_with_args(fixture_file('junit/junit.xml'), 'raw')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when file is empty' do
|
||||
let(:stream) { Tempfile.new }
|
||||
|
||||
after do
|
||||
stream.unlink
|
||||
end
|
||||
|
||||
it 'does not iterate content' do
|
||||
expect { |b| adapter.each_blob(&b) }
|
||||
.not_to yield_control
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -194,6 +194,14 @@ describe Ci::JobArtifact do
|
|||
end
|
||||
end
|
||||
|
||||
context 'when file format is raw' do
|
||||
let(:artifact) { build(:ci_job_artifact, :codequality, file_format: :raw) }
|
||||
|
||||
it 'iterates blob once' do
|
||||
expect { |b| artifact.each_blob(&b) }.to yield_control.once
|
||||
end
|
||||
end
|
||||
|
||||
context 'when there are no adapters for the file format' do
|
||||
let(:artifact) { build(:ci_job_artifact, :junit, file_format: :zip) }
|
||||
|
||||
|
|
|
@ -40,21 +40,23 @@ describe Ci::BuildRunnerPresenter do
|
|||
|
||||
context "with reports" do
|
||||
Ci::JobArtifact::DEFAULT_FILE_NAMES.each do |file_type, filename|
|
||||
let(:report) { { "#{file_type}": [filename] } }
|
||||
let(:build) { create(:ci_build, options: { artifacts: { reports: report } } ) }
|
||||
context file_type.to_s do
|
||||
let(:report) { { "#{file_type}": [filename] } }
|
||||
let(:build) { create(:ci_build, options: { artifacts: { reports: report } } ) }
|
||||
|
||||
let(:report_expectation) do
|
||||
{
|
||||
name: filename,
|
||||
artifact_type: :"#{file_type}",
|
||||
artifact_format: :gzip,
|
||||
paths: [filename],
|
||||
when: 'always'
|
||||
}
|
||||
end
|
||||
let(:report_expectation) do
|
||||
{
|
||||
name: filename,
|
||||
artifact_type: :"#{file_type}",
|
||||
artifact_format: Ci::JobArtifact::TYPE_AND_FORMAT_PAIRS.fetch(file_type),
|
||||
paths: [filename],
|
||||
when: 'always'
|
||||
}
|
||||
end
|
||||
|
||||
it 'presents correct hash' do
|
||||
expect(presenter.artifacts.first).to include(report_expectation)
|
||||
it 'presents correct hash' do
|
||||
expect(presenter.artifacts.first).to include(report_expectation)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue