gitlab-org--gitlab-foss/spec/fixtures/security_reports/master/gl-sast-report-bandit.json

43 lines
No EOL
1.1 KiB
JSON

{
"version": "14.0.4",
"vulnerabilities": [
{
"id": "985a5666dcae22adef5ac12f8a8a2dacf9b9b481ae5d87cd0ac1712b0fd64864",
"category": "sast",
"message": "Deserialization of Untrusted Data",
"description": "Avoid using `load()`. `PyYAML.load` can create arbitrary Python\nobjects. A malicious actor could exploit this to run arbitrary\ncode. Use `safe_load()` instead.\n",
"cve": "",
"severity": "Critical",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "app/app.py",
"start_line": 39
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B506",
"value": "B506"
}
]
}
],
"scan": {
"scanner": {
"id": "bandit",
"name": "Bandit",
"url": "https://github.com/PyCQA/bandit",
"vendor": {
"name": "GitLab"
},
"version": "1.7.1"
},
"type": "sast",
"start_time": "2022-03-11T00:21:49",
"end_time": "2022-03-11T00:21:50",
"status": "success"
}
}